Erlang/OTP 22.3.4.27

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl or asdf).

docker run -it erlang:22.3.4.27
Erlang/OTP 22.3.4.27
View on github.com
Patch Package OTP 22.3.4.27
Git Tag OTP-22.3.4.27
Date 2024-03-18
Issue Id
ERIERL-1041
System OTP
Release 22
Application
Potential Incompatibilities

Potential Incompatibilities #

OTP-18897
Application(s):
ssh

With this change (being response to CVE-2023-48795), ssh can negotiate "strict KEX" OpenSSH extension with peers supporting it; also 'chacha20-poly1305@openssh.com' algorithm becomes a less preferred cipher.

If strict KEX availability cannot be ensured on both connection sides, affected encryption modes(CHACHA and CBC) can be disabled with standard ssh configuration. This will provide protection against vulnerability, but at a cost of affecting interoperability. See Configuring algorithms in SSH User's Guide.

erts-10.7.2.19 #

Note! The erts-10.7.2.19 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- kernel-6.5.2.5 (first satisfied in OTP 22.3.4.25)

OTP-18169
Application(s):
erts
Related Id(s):
PR-6134

A race could cause process_info(Pid, message_queue_len) on other processes to return invalid results.

OTP-18170
Application(s):
erts
Related Id(s):
PR-6135

Fixed reduction counting for handling process system tasks.

OTP-18175
Application(s):
erts
Related Id(s):
PR-6142

Priority elevation of terminating processes did not work which could cause execution of such processes to be delayed.

OTP-18197
Application(s):
erts
Related Id(s):
GH-6165 , PR-6213

The erlang:monotonic_time/1, erlang:system_time/1, erlang:time_offset/1, and os:system_time/1 BIFs erroneously failed when passed the argument native.

OTP-18258
Application(s):
erts
Related Id(s):
GH-6309 , PR-6324

Notifications about available distribution data sent to distribution controller processes could be lost. Distribution controller processes can be used when implementing an alternative distribution carrier. The default distribution over tcp was not effected and the bug was also not present on x86/x86_64 platforms.

Full runtime dependencies of erts-10.7.2.19: kernel-6.5.2.5, sasl-3.3, stdlib-3.5

ssh-4.9.1.5 #

Note! The ssh-4.9.1.5 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- crypto-4.6.4 (first satisfied in OTP 22.2.2)

OTP-18897
Application(s):
ssh

*** POTENTIAL INCOMPATIBILITY ***

With this change (being response to CVE-2023-48795), ssh can negotiate "strict KEX" OpenSSH extension with peers supporting it; also 'chacha20-poly1305@openssh.com' algorithm becomes a less preferred cipher.

If strict KEX availability cannot be ensured on both connection sides, affected encryption modes(CHACHA and CBC) can be disabled with standard ssh configuration. This will provide protection against vulnerability, but at a cost of affecting interoperability. See Configuring algorithms in SSH User's Guide.

OTP-19002
Application(s):
ssh
Related Id(s):
ERIERL-1041

With this change, KEX strict terminal message is emitted with debug verbosity.

Full runtime dependencies of ssh-4.9.1.5: crypto-4.6.4, erts-9.0, kernel-5.3, public_key-1.6.1, stdlib-3.4.1