Erlang/OTP 28.5

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:28.5
Erlang/OTP 28.5
View on github.com
Patch Package OTP 28.5
Git Tag OTP-28.5
Date 2026-04-23
Issue Id
System OTP
Release 28
Application

Highlights #

OTP-20043
Application(s):
otp
Related Id(s):

PR-10431

There is a new “Secure Coding Guidelines” document in Design Principles describing how to write secure Erlang code.

OTP-28.5 #

OTP-20043
HIGHLIGHT
 

There is a new “Secure Coding Guidelines” document in Design Principles describing how to write secure Erlang code.

erl_interface-5.7 #

The erl_interface-5.7 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20106
Related Id(s):

PR-11045

A new configure option --{enable,disable}-use-embedded-3pp-alternatives has been added. When enabled, configure is forced to find alternatives, to a subset, of the embedded third-party products (3pps) in the runtime system, and when disabled, configure will use all internal embedded 3pps. Currently this option affects zstd, zlib, ryu (with STL), openssl and tcl. The default is to use all built-in embedded 3pps except for zlib which by default will use zlib on the OS if available.

Requirements for alternatives:

  • zstd - Static library and include files of at least version 1.5.6 needs to be available.
  • zlib - Library and include files of at least version 1.2.5 needs to be available.
  • ryu (with STL) - A usable C++ compiler with C++17 support.
  • openssl - No requirements. Our own MD5 implementation will be used.
  • tcl - The strerrorname_np() function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available.

The argument embedded_3pps has been added to erlang:system_info/1. It returns a map with information about the use of embedded 3pps in the runtime system.

OTP-16607
Related Id(s):

OTP-16608

The ei API for decoding/encoding terms is not fully 64-bit compatible since terms that have a representation on the external term format larger than 2 GB cannot be handled.

erts-16.4 #

The erts-16.4 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20098
Related Id(s):

PR-10976

Fixed bug in enif_make_map_from_arrays for arrays with at least 33 keys. If duplicate keys existed, instead of failing, it would skip the duplicates. If less than 33 unique keys existed, an internally inconsistent and broken map was returned.

OTP-20101
Related Id(s):

GH-10667

Fixed an issue when supplying the args_file option to erl.exe on windows that did not handle unicode characters correctly.

OTP-20106
Related Id(s):

PR-11045

A new configure option --{enable,disable}-use-embedded-3pp-alternatives has been added. When enabled, configure is forced to find alternatives, to a subset, of the embedded third-party products (3pps) in the runtime system, and when disabled, configure will use all internal embedded 3pps. Currently this option affects zstd, zlib, ryu (with STL), openssl and tcl. The default is to use all built-in embedded 3pps except for zlib which by default will use zlib on the OS if available.

Requirements for alternatives:

  • zstd - Static library and include files of at least version 1.5.6 needs to be available.
  • zlib - Library and include files of at least version 1.2.5 needs to be available.
  • ryu (with STL) - A usable C++ compiler with C++17 support.
  • openssl - No requirements. Our own MD5 implementation will be used.
  • tcl - The strerrorname_np() function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available.

The argument embedded_3pps has been added to erlang:system_info/1. It returns a map with information about the use of embedded 3pps in the runtime system.

Full runtime dependencies of erts-16.4

kernel-9.0, sasl-3.3, stdlib-4.1

mnesia-4.25.3 #

The mnesia-4.25.3 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20038
Related Id(s):

GH-10812, PR-10881

Added documentation for user_properties and functions read_table_property/2, write_table_property/2, delete_table_property. Enhanced documentation for frag_properties.

OTP-20094
Related Id(s):

GH-10967, PR-11002

Fixed a bug where stacktrace was not returned from mnesia:transaction/1 when transaction aborts with an error exception.

Full runtime dependencies of mnesia-4.25.3

erts-9.0, kernel-5.3, stdlib-5.0

ssl-11.6 #

Note! The ssl-11.6 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependencies have to be satisfied:
   -- crypto-5.8 (first satisfied in OTP 28.3)
   -- public_key-1.20.3 (first satisfied in OTP 28.4.2)
OTP-19162
Related Id(s):

PR-10908

Preserve inet option order, as inet_backend option must be first option. Will make inet_backend option work for ssl independently of number of inet supplied options.

OTP-20082
Related Id(s):

GH-10915, PR-10924

Missing conformance check for signature algorithms in TLS-1.3 could cause selection of incompatible certificate when a server is configured with more than one possible certificate.

OTP-19967
Related Id(s):

PR-10957

Avoid unnecessary memory consumption for temporary processes in a supervision tree.

Full runtime dependencies of ssl-11.6

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.20.3, runtime_tools-1.15.1, stdlib-7.0

Thanks To #

felipe stival, Hewwho, Hugo Baraúna, Nick Vatamaniuc, Viktor Söderqvist, William Yang