Erlang/OTP 28.4.1

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:28.4.1
Erlang/OTP 28.4.1
View on github.com
Patch Package OTP 28.4.1
Git Tag OTP-28.4.1
Date 2026-03-12
Issue Id
CVE-2026-23941
CVE-2026-23942
CVE-2026-23943
ERIERL-1303
ERIERL-1305
System OTP
Release 28
Application

crypto-5.8.3 #

The crypto-5.8.3 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20014
Related Id(s):

PR-10798

Fix memory leak in crypo:engine_load if called with incorrect commands.

Full runtime dependencies of crypto-5.8.3

erts-9.0, kernel-6.0, stdlib-3.9

inets-9.6.1 #

The inets-9.6.1 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20007
Related Id(s):

PR-10833, CVE-2026-23941

The httpd server now rejects HTTP requests containing multiple Content-Length headers with different values, returning a 400 Bad Request response. This prevents potential HTTP request smuggling attacks. Thanks Luigino Camastra at Aisle Research for responsibly disclosing this vulnerability

Full runtime dependencies of inets-9.6.1

erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0

kernel-10.6.1 #

The kernel-10.6.1 application can be applied independently of other applications on a full OTP 28 installation.

OTP-20012
Related Id(s):

PR-10825

A vulnerability has been resolved in the (undocumented, unsupported and unused in OTP) inet_dns_tsig module that leads to a validation bypass.

If a request contained an error code (forbidden by spec), it was treated as a response and skipped the verification of the MAC. The user of the module would then receive an “all ok” response, depending on the use case, this could lead to such things as AXFR or UPDATE being allowed.

The code has also been tightening up of the client side to make sure too large (bad) MAC sizes cannot be selected and the limit is the output size of the algorithm chosen.

Full runtime dependencies of kernel-10.6.1

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0

ssh-5.5.1 #

Note! The ssh-5.5.1 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependency has to be satisfied:
   -- crypto-5.7 (first satisfied in OTP 28.1)
OTP-20009
Related Id(s):

PR-10811, CVE-2026-23942

Fixed path traversal vulnerability in SFTP server’s root option allowing authenticated users to access sibling directories with matching name prefixes. The root option used string prefix matching instead of path component validation. With {root, “/home/user1”}, attackers could access /home/user10/ or /home/user123/. Thanks to Luigino Camastra, Aisle Research.

OTP-20011
Related Id(s):

PR-10813, CVE-2026-23943

Fixed excessive memory usage vulnerability in SSH compression allowing attackers to consume system resources through decompression bombs. The ‘zlib’ and ‘zlib@openssh.com’ algorithms lacked decompression size limits, allowing 256 KB packets to expand to 255 MB (1029:1 ratio). This could lead to crashes on systems with limited memory.

The fix removes zlib from default compression algorithms and implements decompression size limits for both algorithms. Thanks to Igor Morgenstern at Aisle Research

Full runtime dependencies of ssh-5.5.1

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.5.3 #

Note! The ssl-11.5.3 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependencies have to be satisfied:
   -- crypto-5.8 (first satisfied in OTP 28.3)
   -- public_key-1.18.3 (first satisfied in OTP 28.1)
OTP-20022
Related Id(s):

ERIERL-1305, GH-10694, PR-10707

TLS-1.3 certificate request now preserves the order of signature algorithms in certificate request extension to be in the servers preferred order, which might affect the choice made by some TLS clients.

OTP-20018
Related Id(s):

ERIERL-1303, PR-10809

Document that setting transport protocol specific socket options is not generally expected to work for TLS and if it happens to work it comes with consequences that should be understood an accepted by the user. Also retain some backwards compatibility with such an option that happened to work to buy time for people to come up with better solutions.

Full runtime dependencies of ssl-11.5.3

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.18.3, runtime_tools-1.15.1, stdlib-7.0

Thanks To #

Alexander Clouter, Hewwho