Erlang/OTP 24.3.4.1

The crypto-5.0.6.1 application can be applied independently of other applications on a full OTP 24 installation.

OTP-17858

Application(s):

crypto

Related Id(s):

ERIERL-728

Fix timing bug in ensure_engine_loaded

When two ensure_engine_loaded() calls were done in parallel there was a possibility that a crypto lib function was called by both instead of just one of them which resulted in an error. This is solved by moving the implementation from erlang down into a NIF function that uses a mutex to protect the sensitive part.

Full runtime dependencies of crypto-5.0.6.1: erts-9.0, kernel-5.3, stdlib-3.4

Note! The erts-12.3.2.1 application *cannot* be applied independently of other applications on an arbitrary OTP 24 installation. On a full OTP 24 installation, also the following runtime dependency has to be satisfied: -- kernel-8.3 (first satisfied in OTP 24.3)

OTP-18093

Application(s):

erts

Related Id(s):

OTP-18104 , PR-5987

Accept funs (NEW_FUN_EXT) with incorrectly encoded size field. This is a workaround for a bug (OTP-18104) existing in OTP 23 and 24 that could cause incorrect size fields in certain cases. The emulator does not use the decoded size field, but erl_interface still does and is not helped by this workaround.

OTP-18123

Application(s):

erts

Related Id(s):

GH-5994

The zlib built in to the runtime system has been updated to version 1.2.12. (Note that on most platforms, the platform's own zlib is used.)

Full runtime dependencies of erts-12.3.2.1: kernel-8.3, sasl-3.3, stdlib-3.13

The mnesia-4.20.4.1 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18128

Application(s):

mnesia

Related Id(s):

PR-6013

Fixed add_table_copy which could leave a table lock if the receiving node went down during the operation.

Full runtime dependencies of mnesia-4.20.4.1: erts-9.0, kernel-5.3, stdlib-3.4

The ssh-4.13.2.1 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18094

Application(s):

ssh

Binaries can be limited in logs with the parameter max_log_item_len. The default value is 500 bytes.

Full runtime dependencies of ssh-4.13.2.1: crypto-5.0, erts-9.0, kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15

Note! The ssl-10.7.3.1 application *cannot* be applied independently of other applications on an arbitrary OTP 24 installation. On a full OTP 24 installation, also the following runtime dependency has to be satisfied: -- public_key-1.11.3 (first satisfied in OTP 24.1.2)

OTP-18087

Application(s):

ssl

Related Id(s):

GH-5961

When a TLS-1.3 enabled client tried to talk to a TLS-1.2 server that coalesces TLS-1.2 handshake message over one TLS record, the connection could fail due to some message being handled in the wrong state, this has been fixed.

OTP-18092

Application(s):

ssl

Related Id(s):

PR-5959

Fixed tls-1.3 session ticket lifetime which was discarded to quickly before.

OTP-18100

Application(s):

ssl

Related Id(s):

GH-5985

Correctly handles supported protocol version change from default to something else by sni_fun supplied to ssl:handshake/[2,3] together with a TCP-socket (so called upgrade).

OTP-18129

Application(s):

ssl

Related Id(s):

GH-5950

Also, TLS-1.3 should respond with a protocol version alert if previous versions, that are supported but not configured, are attempted.

OTP-18085

Application(s):

ssl

Enhance handling of handshake decoding errors, especially for certificate authorities extension to ensure graceful termination.

Full runtime dependencies of ssl-10.7.3.1: crypto-5.0, erts-10.0, inets-5.10.7, kernel-8.0, public_key-1.11.3, runtime_tools-1.15.1, stdlib-3.12