Prepare release

Author: Erlang/OTP

erts/doc/notes.md

@@ -21,6 +21,17 @@ limitations under the License.
 
 This document describes the changes made to the ERTS application.
 
+## Erts 15.2.7.2
+
+### Fixed Bugs and Malfunctions
+
+- As an optimization, when the `unicode:characters_to_binary/3` was used to convert from `latin1` to `utf8` or vice versa, it would return the original binary unchanged if it only contained 7-bit ASCII characters. That otpimization was broken in Erlang/OTP 27, and has now been mended.
+
+  Own Id: OTP-19728 Aux Id: [GH-10072], [PR-10093]
+
+[GH-10072]: https://github.com/erlang/otp/issues/10072
+[PR-10093]: https://github.com/erlang/otp/pull/10093
+
 ## Erts 15.2.7.1
 
 ### Fixed Bugs and Malfunctions

erts/vsn.mk

@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 # 
 
-VSN = 15.2.7.1
+VSN = 15.2.7.2
 
 # Port number 4365 in 4.2
 # Port number 4366 in 4.3

lib/compiler/doc/notes.md

@@ -21,6 +21,17 @@ limitations under the License.
 
 This document describes the changes made to the Compiler application.
 
+## Compiler 8.6.1.2
+
+### Fixed Bugs and Malfunctions
+
+- In rare circumstances, the compiler could crash when compiling code using bit syntax construction.
+
+  Own Id: OTP-19722 Aux Id: [GH-10077], [PR-10090]
+
+[GH-10077]: https://github.com/erlang/otp/issues/10077
+[PR-10090]: https://github.com/erlang/otp/pull/10090
+
 ## Compiler 8.6.1.1
 
 ### Fixed Bugs and Malfunctions

lib/compiler/vsn.mk

@@ -1 +1 @@
-COMPILER_VSN = 8.6.1.1
+COMPILER_VSN = 8.6.1.2

lib/debugger/doc/notes.md

@@ -21,6 +21,17 @@ limitations under the License.
 
 This document describes the changes made to the Debugger application.
 
+## Debugger 5.5.0.1
+
+### Fixed Bugs and Malfunctions
+
+- Fix unbound error in interpreted modules
+
+  Own Id: OTP-19719 Aux Id: [GH-10057], [PR-10066]
+
+[GH-10057]: https://github.com/erlang/otp/issues/10057
+[PR-10066]: https://github.com/erlang/otp/pull/10066
+
 ## Debugger 5.5
 
 ### Fixed Bugs and Malfunctions

lib/debugger/vsn.mk

@@ -1 +1 @@
-DEBUGGER_VSN = 5.5
+DEBUGGER_VSN = 5.5.0.1

lib/inets/doc/notes.md

@@ -19,6 +19,23 @@ limitations under the License.
 -->
 # Inets Release Notes
 
+## Inets 9.3.2.1
+
+### Fixed Bugs and Malfunctions
+
+- Fixed a bug where a request sent to httpd server which is using CGI script to generate a response, would pollute server's environment variable - `HTTP_PROXY` for that request. This bug is also known as httpoxy. More information: CVE-2016-1000107
+
+  Own Id: OTP-19729 Aux Id: [PR-6223], [GH-3392]
+
+- Fixed a RFC 2616 violation, where a http request, made by httpc, without providing any options, would be sent with an empty TE header, without also having a TE value in the connection header. Now the default request doesn't send a TE header at all.
+
+  Own Id: OTP-19760 Aux Id: [PR-10120], [GH-10065]
+
+[PR-6223]: https://github.com/erlang/otp/pull/6223
+[GH-3392]: https://github.com/erlang/otp/issues/3392
+[PR-10120]: https://github.com/erlang/otp/pull/10120
+[GH-10065]: https://github.com/erlang/otp/issues/10065
+
 ## Inets 9.3.2
 
 ### Fixed Bugs and Malfunctions

lib/inets/vsn.mk

@@ -19,6 +19,6 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 9.3.2
+INETS_VSN   = 9.3.2.1
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"

lib/ssh/doc/notes.md

@@ -19,6 +19,43 @@ limitations under the License.
 -->
 # SSH Release Notes
 
+## Ssh 5.2.11.3
+
+### Fixed Bugs and Malfunctions
+
+- Option max_handles can be configured for sshd running SFTP. The positive integer value limits amount of file handles opened for a connection (by default 4096 is used).
+
+  *** POTENTIAL INCOMPATIBILITY ***
+
+  Own Id: OTP-19701 Aux Id: [CVE-2025-48041], [PR-10157]
+
+- Avoid decoding KEX messages providing too many algorithms. This change does not introduce new limitation but assures it is enforced earlier in processing chain. Adjustments in error logging during handshake.
+
+  *** POTENTIAL INCOMPATIBILITY ***
+
+  Own Id: OTP-19741 Aux Id: [CVE-2025-48040], [PR-10162]
+
+- A new 'max_path' option is now available in the sshd configuration, allowing administrators to set the maximum allowable path length. By default, this value is set to 4096 characters.
+
+  *** POTENTIAL INCOMPATIBILITY ***
+
+  Own Id: OTP-19742 Aux Id: [CVE-2025-48039], [PR-10155]
+
+- Reject file handles exceeding size specified in RFCs (256 bytes).
+
+  *** POTENTIAL INCOMPATIBILITY ***
+
+  Own Id: OTP-19748 Aux Id: [CVE-2025-48038], [PR-10156]
+
+[CVE-2025-48041]: https://nvd.nist.gov/vuln/detail/2025-48041
+[PR-10157]: https://github.com/erlang/otp/pull/10157
+[CVE-2025-48040]: https://nvd.nist.gov/vuln/detail/2025-48040
+[PR-10162]: https://github.com/erlang/otp/pull/10162
+[CVE-2025-48039]: https://nvd.nist.gov/vuln/detail/2025-48039
+[PR-10155]: https://github.com/erlang/otp/pull/10155
+[CVE-2025-48038]: https://nvd.nist.gov/vuln/detail/2025-48038
+[PR-10156]: https://github.com/erlang/otp/pull/10156
+
 ## Ssh 5.2.11.2
 
 ### Fixed Bugs and Malfunctions

lib/ssh/vsn.mk

@@ -1,4 +1,4 @@
 #-*-makefile-*-   ; force emacs to enter makefile-mode
 
-SSH_VSN = 5.2.11.2
+SSH_VSN = 5.2.11.3
 APP_VSN    = "ssh-$(SSH_VSN)"