release-notes/OTP-26.2.5.13.README.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

Patch Package:           OTP 26.2.5.13
Git Tag:                 OTP-26.2.5.13
Date:                    2025-06-16
Trouble Report Id:       OTP-19634, OTP-19637, OTP-19638, OTP-19649,
                         OTP-19653, OTP-19667
Seq num:                 CVE-2025-4748, GH-6463, GH-9102, GH-9771,
                         GH-9841, PR-9103, PR-9838, PR-9846, PR-9898,
                         PR-9912, PR-9941
System:                  OTP
Release:                 26
Application:             asn1-5.2.2.1, kernel-9.2.4.9, ssh-5.1.4.10,
                         stdlib-5.2.3.4
Predecessor:             OTP 26.2.5.12

 Check out the git tag OTP-26.2.5.13, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- asn1-5.2.2.1 ----------------------------------------------------
 ---------------------------------------------------------------------

 The asn1-5.2.2.1 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19638    Application(s): asn1
               Related Id(s): GH-9841, PR-9846

               The ASN.1 compiler could generate code that would cause
               Dialyzer with the unmatched_returns option to emit
               warnings.


 Full runtime dependencies of asn1-5.2.2.1: erts-11.0, kernel-7.0,
 stdlib-3.13


 ---------------------------------------------------------------------
 --- kernel-9.2.4.9 --------------------------------------------------
 ---------------------------------------------------------------------

 The kernel-9.2.4.9 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19667    Application(s): kernel, stdlib
               Related Id(s): PR-9912

               A remote shell can now exit by closing the input
               stream, without terminating the remote node.


 Full runtime dependencies of kernel-9.2.4.9: crypto-5.0, erts-14.0,
 sasl-3.0, stdlib-5.0


 ---------------------------------------------------------------------
 --- ssh-5.1.4.10 ----------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-5.1.4.10 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19634    Application(s): ssh
               Related Id(s): GH-9102, PR-9103

               Various channel closing robustness improvements. Avoid
               crashes when channel handling process closes channel
               and immediately exits. Avoid breaking the protocol by
               sending duplicated channel-close messages. Cleanup
               channels which timeout during closing procedure.


  OTP-19637    Application(s): ssh
               Related Id(s): GH-6463, PR-9838

               Improved interoperability with clients acting as
               Paramiko.


 Full runtime dependencies of ssh-5.1.4.10: crypto-5.0, erts-14.0,
 kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
 stdlib-5.0


 ---------------------------------------------------------------------
 --- stdlib-5.2.3.4 --------------------------------------------------
 ---------------------------------------------------------------------

 The stdlib-5.2.3.4 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19649    Application(s): stdlib
               Related Id(s): GH-9771, PR-9898

               It's now possible to write lists:map(fun is_atom/1, [])
               or lists:map(fun my_func/1, []), in the shell, instead
               of lists:map(fun erlang:is_atom/1, []) or lists:map(fun
               shell_default:my_func/1, []).


  OTP-19653    Application(s): stdlib
               Related Id(s): PR-9941, CVE-2025-4748

               Properly strip the leading / and drive letter from
               filepaths when zipping and unzipping archives.

               Thanks to Wander Nauta for finding and responsibly
               disclosing this vulnerability to the Erlang/OTP
               project.


  OTP-19667    Application(s): kernel, stdlib
               Related Id(s): PR-9912

               A remote shell can now exit by closing the input
               stream, without terminating the remote node.


 Full runtime dependencies of stdlib-5.2.3.4: compiler-5.0,
 crypto-4.5, erts-13.1, kernel-9.0, sasl-3.0


 ---------------------------------------------------------------------
 --- Thanks to -------------------------------------------------------
 ---------------------------------------------------------------------

 Yaroslav Maslennikov


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------