github erlang/otp OTP-28.5.0.3
OTP 28.5.0.3

latest release: OTP-27.3.4.14
4 hours ago
Patch Package:           OTP 28.5.0.3
Git Tag:                 OTP-28.5.0.3
Date:                    2026-07-02
Trouble Report Id:       OTP-20173, OTP-20183, OTP-20185, OTP-20186,
                         OTP-20190, OTP-20191, OTP-20194, OTP-20196,
                         OTP-20197, OTP-20199, OTP-20200, OTP-20206,
                         OTP-20207, OTP-20208, OTP-20211, OTP-20215,
                         OTP-20216, OTP-20217, OTP-20220, OTP-20226,
                         OTP-20230, OTP-20231, OTP-20232
Seq num:                 CVE-2026-53422, CVE-2026-54886,
                         CVE-2026-54887, CVE-2026-54891,
                         CVE-2026-55950, CVE-2026-55952, ERIERL-1333,
                         GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976,
                         PR-11209, PR-11215, PR-11230, PR-11239,
                         PR-11247, PR-11250, PR-11259, PR-11268,
                         PR-11269, PR-11270, PR-11271, PR-11274,
                         PR-11282, PR-11283, PR-11294, PR-11295,
                         PR-11299, PR-11302, PR-11306, PR-11307,
                         PR-11309, PR-11311
System:                  OTP
Release:                 28
Application:             common_test-1.30.0.1, crypto-5.8.3.1,
                         erts-16.4.0.3, kernel-10.6.3.3,
                         public_key-1.20.3.3, ssh-5.5.2.2,
                         ssl-11.6.0.3
Predecessor:             OTP 28.5.0.2

Check out the git tag OTP-28.5.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

common_test-1.30.0.1

The common_test-1.30.0.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation.

    Own Id: OTP-20191
    Related Id(s): ERIERL-1333, PR-11230

Full runtime dependencies of common_test-1.30.0.1

compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8

crypto-5.8.3.1

The crypto-5.8.3.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • crypto:compute_key/4 for eddh and crypto:generate_key/2,3 for eddh/eddsa now raise an error:{notsup, Info, Description} exception instead of returning the atom notsup when the underlying cryptolib lacks support.

    Own Id: OTP-20215
    Related Id(s): PR-11302

Full runtime dependencies of crypto-5.8.3.1

erts-9.0, kernel-6.0, stdlib-3.9

erts-16.4.0.3

The erts-16.4.0.3 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Fixed an undefined behavior in the internal erts_qsort() function, which could have been the cause of a beam crash seen when updating large maps.

    Own Id: OTP-20185
    Related Id(s): PR-11215

  • Calculating bxor of the largest supported positive integer (erlang:system_info(max_integer)) and -1 would return [] instead of a raising a system_limit exception.

    Own Id: OTP-20208
    Related Id(s): PR-11269

  • Fix possible race between ets:delete/1 and terminating process with a fixation on the same table.

    Own Id: OTP-20217
    Related Id(s): PR-11283

  • A few code generation issues for the JIT on AArch64 (ARM64) have been fixed.

    For all platforms, the loader will reject some invalid BEAM files earlier.

    Own Id: OTP-20226
    Related Id(s): PR-11299

Improvements and New Features

  • Arithmetic operations on large integers will now increase the reduction count for the process, causing context switches to occur more frequently when doing arithmetic on large integers.

    Own Id: OTP-20211
    Related Id(s): PR-11274

Full runtime dependencies of erts-16.4.0.3

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.6.3.3

The kernel-10.6.3.3 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • inet:info/1 could crash when calling for a closing (port) socket.

    Own Id: OTP-20173

  • Handling of the truncation bit in inet_res has been fixed so it properly falls back to querying over TCP after a truncated UDP reply.

    This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails.

    Own Id: OTP-20199
    Related Id(s): PR-11247

Full runtime dependencies of kernel-10.6.3.3

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0

public_key-1.20.3.3

Note! The public_key-1.20.3.3 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependency has to be satisfied:
   -- crypto-5.8 (first satisfied in OTP 28.3)

Fixed Bugs and Malfunctions

  • Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding.

    Own Id: OTP-20197
    Related Id(s): PR-11239

Full runtime dependencies of public_key-1.20.3.3

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

ssh-5.5.2.2

Note! The ssh-5.5.2.2 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependency has to be satisfied:
   -- crypto-5.7 (first satisfied in OTP 28.1)

Fixed Bugs and Malfunctions

  • Fixed a path-existence oracle in the SFTP server where SSH_FXP_REALPATH requests with .. components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem.

    Own Id: OTP-20183
    Related Id(s): GH-SA-h9pw-h5w4-h976, PR-11294, CVE-2026-53422

  • Fixed an infinite loop in the SFTP server triggered when receiving SSH_MSG_CHANNEL_EXTENDED_DATA on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue.

    Own Id: OTP-20186
    Related Id(s): GH-SA-7wp4-pc27-2vj9, PR-11295, CVE-2026-54886

  • Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification.

    Own Id: OTP-20196
    Related Id(s): PR-11209

  • The SFTP server now caps the read length in SSH_FXP_READ requests to 255 KiB (matching OpenSSH's SFTP_MAX_READ_LENGTH), preventing excessive memory allocation when clients request large reads.

    Own Id: OTP-20200
    Related Id(s): PR-11259

  • Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade.

    Own Id: OTP-20206
    Related Id(s): PR-11268

Full runtime dependencies of ssh-5.5.2.2

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.6.0.3

Note! The ssl-11.6.0.3 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependencies have to be satisfied:
   -- crypto-5.8 (first satisfied in OTP 28.3)
   -- public_key-1.20.3.1 (first satisfied in OTP 28.5.0.1)

Fixed Bugs and Malfunctions

  • Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown.

    Own Id: OTP-20190
    Related Id(s): PR-11250

  • Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window.

    Own Id: OTP-20194
    Related Id(s): PR-11271, CVE-2026-54887

  • Guard TLS client for MITM injection of application data during "plain-text-window" during handshake.

    Own Id: OTP-20207
    Related Id(s): PR-11270, CVE-2026-54891

  • Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs.

    Own Id: OTP-20216
    Related Id(s): PR-11282, CVE-2026-55952

  • Fix race condition that could be used to DoS attack DTLS servers.

    Own Id: OTP-20220
    Related Id(s): PR-11306, CVE-2026-55950

  • A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value.

    Own Id: OTP-20230
    Related Id(s): PR-11307

  • TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4

    Own Id: OTP-20231
    Related Id(s): PR-11309

  • A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used.

    Own Id: OTP-20232
    Related Id(s): PR-11311

Full runtime dependencies of ssl-11.6.0.3

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.20.3.1, runtime_tools-1.15.1, stdlib-7.0

Thanks to

Cole Christensen, Nick Krichevsky

Don't miss a new otp release

NewReleases is sending notifications on new releases.