diff options
Diffstat (limited to 'release-notes/OTP-27.3.3.README.txt')
| -rw-r--r-- | release-notes/OTP-27.3.3.README.txt | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/release-notes/OTP-27.3.3.README.txt b/release-notes/OTP-27.3.3.README.txt new file mode 100644 index 0000000..be0a3ef --- /dev/null +++ b/release-notes/OTP-27.3.3.README.txt @@ -0,0 +1,130 @@ +Patch Package: OTP 27.3.3 +Git Tag: OTP-27.3.3 +Date: 2025-04-16 +Trouble Report Id: OTP-19581, OTP-19582, OTP-19585, OTP-19592, + OTP-19595 +Seq num: CVE-2025-32433, ERIERL-1219, ERIERL-1222, + PR-9566, PR-9679, PR-9706 +System: OTP +Release: 27 +Application: erts-15.2.6, kernel-10.2.6, megaco-4.7.2, + ssh-5.2.10, ssl-11.2.12 +Predecessor: OTP 27.3.2 + +Check out the git tag OTP-27.3.3, and build a full OTP system including +documentation. Apply one or more applications from this build as patches to your +installation using the 'otp_patch_apply' tool. For information on install +requirements, see descriptions for each application version below. + +# erts-15.2.6 + +The erts-15.2.6 application can be applied independently of other applications +on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- Fixed bug in `call_memory` tracing that could cause wildly incorrect reported + memory values. Bug exists since OTP 27.1. + + Also fixed return type spec of trace:info/3. + + Own Id: OTP-19581 + Related Id(s): ERIERL-1219, PR-9706 + +> #### Full runtime dependencies of erts-15.2.6 +> +> kernel-9.0, sasl-3.3, stdlib-4.1 + +# kernel-10.2.6 + +Note! The kernel-10.2.6 application _cannot_ be applied independently of other +applications on an arbitrary OTP 27 installation. + + On a full OTP 27 installation, also the following runtime + dependency has to be satisfied: + -- erts-15.2.5 (first satisfied in OTP 27.3.2) + +## Fixed Bugs and Malfunctions + +- Fixed bug in `call_memory` tracing that could cause wildly incorrect reported + memory values. Bug exists since OTP 27.1. + + Also fixed return type spec of trace:info/3. + + Own Id: OTP-19581 + Related Id(s): ERIERL-1219, PR-9706 + +> #### Full runtime dependencies of kernel-10.2.6 +> +> crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0 + +# megaco-4.7.2 + +The megaco-4.7.2 application can be applied independently of other applications +on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- Corrected type spec for type mid(). + + Own Id: OTP-19585 + Related Id(s): ERIERL-1222 + +> #### Full runtime dependencies of megaco-4.7.2 +> +> asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, +> stdlib-2.5 + +# ssh-5.2.10 + +The ssh-5.2.10 application can be applied independently of other applications on +a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- Reception of wrong Unicode does not cause unnecessary processing. US-ASCII + fields are not decoded as Unicode. + + Own Id: OTP-19582 + Related Id(s): PR-9679 + +- SSH daemon disconnects upon receiving connection protocol message for + unauthenticated used. + + Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola, + Jörg Schwenk (Ruhr University Bochum). + + Own Id: OTP-19595 + Related Id(s): CVE-2025-32433 + +> #### Full runtime dependencies of ssh-5.2.10 +> +> crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, +> stdlib-5.0, stdlib-6.0 + +# ssl-11.2.12 + +Note! The ssl-11.2.12 application _cannot_ be applied independently of other +applications on an arbitrary OTP 27 installation. + + On a full OTP 27 installation, also the following runtime + dependency has to be satisfied: + -- public_key-1.16.4 (first satisfied in OTP 27.1.3) + +## Improvements and New Features + +- Lower log level for user cancelation as this is not an error case. Also handle + possible undecrypted close alert during TLS-1.3 handshake. + + Own Id: OTP-19592 + Related Id(s): PR-9566 + +> #### Full runtime dependencies of ssl-11.2.12 +> +> crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, +> runtime_tools-1.15.1, stdlib-6.0 + +# Thanks to + +Simon Cornish + |