Erlang - OTP-25.3.2.1
Security
Patch Package: OTP 25.3.2.1
Git Tag: OTP-25.3.2.1
Date: 2023-05-30
Trouble Report Id: OTP-18556, OTP-18561, OTP-18569, OTP-18576,
OTP-18593, OTP-18595, OTP-18597
Seq num: ERIERL-944, GH-7252
System: OTP
Release: 25
Application: compiler-8.2.6.1, erts-13.2.2.1,
stdlib-4.3.1.1, xmerl-1.3.31.1
Predecessor: OTP 25.3.2
Check out the git tag OTP-25.3.2.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- compiler-8.2.6.1 ------------------------------------------------
---------------------------------------------------------------------
The compiler-8.2.6.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18576 Application(s): compiler
Fixed a bug where a failing bsl expression in a guard
threw an exception instead of causing the guard to
fail.
OTP-18593 Application(s): compiler
Related Id(s): GH-7252
Complex guard expression using the or operator and
guard BIFs that can fail could sometimes be miscompiled
so that the guard would succeed even if a call to a
guard BIF failed.
Full runtime dependencies of compiler-8.2.6.1: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-4.0
---------------------------------------------------------------------
--- erts-13.2.2.1 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18561 Application(s): erts
Fixed a crash during tracing on certain platforms that
cannot use the machine stack for Erlang code (mainly
OpenBSD and Linux with musl).
OTP-18597 Application(s): erts
Constructing a binary segment not aligned with a byte
boundary, with a size not fitting in 31 bits, and with
a value not fitting in a 64-bit word could crash the
runtime system.
--- Improvements and New Features ---
OTP-18569 Application(s): erts
Further robustify implementation of large maps (> 32
keys). Keys that happen to have same internal 32-bit
hash values are now put in collision nodes which are
traversed with linear search. This removes the demand
for the internal hash function when salted to
eventually produce different hashes for all possible
pairs of unequal terms.
Full runtime dependencies of erts-13.2.2.1: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- stdlib-4.3.1.1 --------------------------------------------------
---------------------------------------------------------------------
Note! The stdlib-4.3.1.1 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- erts-13.1 (first satisfied in OTP 25.1)
-- kernel-8.5.1 (first satisfied in OTP 25.1.1)
--- Improvements and New Features ---
OTP-18556 Application(s): stdlib
Static supervisors are very idle processes after they
have started so they will now be hibernated after start
to improve resource management.
Full runtime dependencies of stdlib-4.3.1.1: compiler-5.0,
crypto-4.5, erts-13.1, kernel-8.5.1, sasl-3.0
---------------------------------------------------------------------
--- xmerl-1.3.31.1 --------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.31.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18595 Application(s): xmerl
Related Id(s): ERIERL-944
New options to xmerl_scan and xmerl_sax_parser so one
can limit the behaviour of the parsers to avoid some
XML security issues.
xmerl_scan gets one new option:
-- {allow_entities, Boolean} -- Gives the possibility
to disallow entities by setting this option to false
(true is default)
xmerl_sax_parser gets the following options:
-- disallow_entities -- Don't allow entities in
document
-- {entity_recurse_limit, N} -- Set a limit on entity
recursion depth (default is 3)
-- {external_entities, AllowedType} -- Specify which
types of external entities that are allowed, this also
affect external DTD's. The types are all(default), file
and none
-- {fail_undeclared_ref, Boolean} -- Sets the behavior
for undeclared references due to an external file is
not parsed (true is default)
The old option skip_external_dtd is still valid and the
same as {external_entities, none} and
{fail_undeclared_ref, false} but just affects DTD's and
not other external references.
Full runtime dependencies of xmerl-1.3.31.1: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Security
Security wording was detected, but no CVEs were found.
Details
date
May 30, 2023, 2:11 p.m.
name
OTP 25.3.2.1
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Erlang releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!