Update dependency erlang to v28

[renovate]

This PR contains the following updates:

Package	Update	Change
erlang	major	27.3.4 -> 28.0.2

---

Release Notes

erlang/otp (erlang)

v28.0.2

Compare Source

v28.0.1: OTP 28.0.1

Compare Source

Patch Package:           OTP 28.0.1
Git Tag:                 OTP-28.0.1
Date:                    2025-06-16
Trouble Report Id:       OTP-19634, OTP-19635, OTP-19637, OTP-19638,
                         OTP-19641, OTP-19644, OTP-19645, OTP-19650,
                         OTP-19653, OTP-19658, OTP-19662, OTP-19665,
                         OTP-19675, OTP-19676
Seq num:                 CVE-2025-4748, ERIERL-1225, ERIERL-1235,
                         GH-6463, GH-9102, GH-9841, GH-9858, GH-9863,
                         GH-9872, PR-9103, PR-9691, PR-9838, PR-9846,
                         PR-9849, PR-9859, PR-9861, PR-9870, PR-9878,
                         PR-9880, PR-9892, PR-9905, PR-9926, PR-9941
System:                  OTP
Release:                 28
Application:             asn1-5.4.1, debugger-6.0.1, eldap-1.2.16,
                         erts-16.0.1, kernel-10.3.1,
                         public_key-1.18.1, ssh-5.3.1, ssl-11.3.1,
                         stdlib-7.0.1, xmerl-2.1.5
Predecessor:             OTP 28.0

Check out the git tag OTP-28.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

asn1-5.4.1

The asn1-5.4.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• The ASN.1 compiler could generate code that would cause Dialyzer with the unmatched_returns option to emit warnings.

  Own Id: OTP-19638 Related Id(s): GH-9841, PR-9846

Full runtime dependencies of asn1-5.4.1

erts-14.0, kernel-9.0, stdlib-5.0

debugger-6.0.1

The debugger-6.0.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Restore deleted icon so that debugger does not crash on startup.

  Own Id: OTP-19641 Related Id(s): GH-9858, PR-9861

Full runtime dependencies of debugger-6.0.1

compiler-8.0, erts-15.0, kernel-10.0, stdlib-7.0, wx-2.0

eldap-1.2.16

The eldap-1.2.16 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• With this change eldap's 'not' function will have specs fixed.

  Own Id: OTP-19658 Related Id(s): PR-9859

Full runtime dependencies of eldap-1.2.16

asn1-3.0, erts-6.0, kernel-3.0, ssl-5.3.4, stdlib-3.4

erts-16.0.1

The erts-16.0.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Fix Erlang to not crash when io:standard_error/0 is a terminal but io:standard_io/0 is not. This bug has existed since Erlang/OTP 28.0 and only effects Windows.

  Own Id: OTP-19650 Related Id(s): GH-9872, PR-9878

• In a debug build, the BIFs for the native debugger could cause a lock order violation diagnostic from the lock checker.

  Own Id: OTP-19665 Related Id(s): PR-9926

• When building ERTS make sure correct pcre2.h file is included even if CFLAGS contains extra include paths.

  Own Id: OTP-19675 Related Id(s): PR-9892

Full runtime dependencies of erts-16.0.1

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.3.1

The kernel-10.3.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Fix bug where calling io:setopts/1 in a shell without the line_history option would always disable line_history. This bug was introduced in Erlang/OTP 28.0.

  Own Id: OTP-19645 Related Id(s): GH-9863, PR-9870

Full runtime dependencies of kernel-10.3.1

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

public_key-1.18.1

The public_key-1.18.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Add back some ASN-1 macros and definitions that should be included in API.

  Own Id: OTP-19644 Related Id(s): PR-9880

Full runtime dependencies of public_key-1.18.1

asn1-5.0, crypto-5.0, erts-13.0, kernel-8.0, stdlib-4.0

ssh-5.3.1

The ssh-5.3.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Various channel closing robustness improvements. Avoid crashes when channel handling process closes channel and immediately exits. Avoid breaking the protocol by sending duplicated channel-close messages. Cleanup channels which timeout during closing procedure.

  Own Id: OTP-19634 Related Id(s): GH-9102, PR-9103

• Improved interoperability with clients acting as Paramiko.

  Own Id: OTP-19637 Related Id(s): GH-6463, PR-9838

Full runtime dependencies of ssh-5.3.1

crypto-5.0, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.3.1

The ssl-11.3.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• hs_keylog callback properly handle alert in initial states, where encryption is not yet used. Also add keylog callback invocation for corner-case where server alert is encrypted with application secrets as client is already in connection state.

  Own Id: OTP-19635 Related Id(s): ERIERL-1235, PR-9849

Improvements and New Features

• The documentation for SSL option verify_fun has been improved.

  Own Id: OTP-19676 Related Id(s): PR-9691

Full runtime dependencies of ssl-11.3.1

crypto-5.6, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.16.4, runtime_tools-1.15.1, stdlib-7.0

stdlib-7.0.1

The stdlib-7.0.1 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• Properly strip the leading / and drive letter from filepaths when zipping and unzipping archives.

  Thanks to Wander Nauta for finding and responsibly disclosing this vulnerability to the Erlang/OTP project.

  Own Id: OTP-19653 Related Id(s): PR-9941, CVE-2025-4748

Full runtime dependencies of stdlib-7.0.1

compiler-5.0, crypto-4.5, erts-16.0, kernel-10.0, sasl-3.0, syntax_tools-3.2.1

xmerl-2.1.5

The xmerl-2.1.5 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• The type specs of xmerl_scan:file/2 and xmerl_scan:string/2 has been updated to return dynamic/0. Due to hook functions they can return any user defined term.

  Own Id: OTP-19662 Related Id(s): ERIERL-1225, PR-9905

Full runtime dependencies of xmerl-2.1.5

erts-6.0, kernel-8.4, stdlib-2.5

Thanks to

Dan Janowski, Ilya Averyanov, Mikael Pettersson, Yaroslav Maslennikov

v28.0: OTP 28.0

Compare Source

OTP 28.0

Erlang/OTP 28 is a new major release with new features, improvements as well as a few incompatibilities. Some of the new features are highlighted below.

Many thanks to all contributors!

Starting with this release, a source Software Bill of Materials (SBOM) will describe the release on the Github Releases page. We welcome feedback on the SBOM.

New language features

• Functionality making it possible for processes to enable reception of priority messages has been introduced in accordance with EEP 76.

• Comprehensions have been extended with "zip generators" allowing multiple generators to be run in parallel. For example, [A+B || A <- [1,2,3] && B <- [4,5,6]] will produce [5,7,9].

• Generators in comprehensions can now be strict, meaning that if the generator pattern does not match, an exception will be raised instead of silently ignore the value that didn't match.

• It is now possible to use any base for floating point numbers as per EEP 75: Based Floating Point Literals.

Compiler and JIT improvements

• For certain types of errors, the compiler can now suggest corrections. For example, when attempting to use variable A that is not defined but A0 is, the compiler could emit the following message: variable 'A' is unbound, did you mean 'A0'?

• The size of an atom in the Erlang source code was limited to 255 bytes in previous releases, meaning that an atom containing only emojis could contain only 63 emojis. While atoms are still only allowed to contain 255 characters, the number of bytes is no longer limited.

• The warn_deprecated_catch option enables warnings for use of old-style catch expressions on the form catch Expr instead of the modern try ... catch ... end.

• Provided that the map argument for a maps:put/3 call is known to the compiler to be a map, the compiler will replace such calls with the corresponding update using the map syntax.

• Some BIFs with side-effects (such as binary_to_atom/1) are optimized in try ... catch in the same way as guard BIFs in order to gain performance.

• The compiler’s alias analysis pass is now both faster and less conservative, allowing optimizations of records and binary construction to be applied in more cases.

ERTS

• The trace:system/3 function has been added. It has a similar interface as erlang:system_monitor/2 but it also supports trace sessions.

• os:set_signal/2 now supports setting handlers for the SIGWINCH, SIGCONT, and SIGINFO signals.

• The two new BIFs erlang:processes_iterator/0 and erlang:process_next/1 make it possible to iterate over the process table in a way that scales better than erlang:processes/0.

Shell and terminal

• The erl -noshell mode has been updated to have two sub modes called raw and cooked, where cooked is the old default behaviour and raw can be used to bypass the line-editing support of the native terminal. Using raw mode it is possible to read keystrokes as they occur without the user having to press Enter. Also, the raw mode does not echo the typed characters to stdout.

• The shell now prints a help message explaining how to interrupt a running command when stuck executing a command for longer than 5 seconds.

STDLIB

• The join(Binaries, Separator) function that joins a list of binaries has been added to the binary module.

• By default, sets created by module sets will now be represented as maps.

• Module re has been updated to use the newer PCRE2 library instead of the PCRE library.

• There is a new zstd module that does Zstandard compression.

Public_key

• The ancient ASN.1 modules used in public_key has been replaced with more modern versions, but we have strived to keep the documented Erlang API for the public_key application compatible.

Dialyzer

• EEP 69: Nominal Types has been implemented.

SSL

• The data handling for tls-v1.3 has been optimized.

Emacs mode (in the Tools application)

• The indent-region in Emacs command will now handle multiline strings better.

For more details about new features and potential incompatibilities see the README.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[maennchen]

Not compatible with the latest stable elixir release at this time, postponing until it is.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 28.x releases. But if you manually upgrade to 28.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

[coveralls]

Pull Request Test Coverage Report for Build 13d663f9a1b322c89ee9571136dd43ae3432f307-PR-641

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 88.189%

---

Totals
Change from base Build 5935b2a55df7ab4a247c86b14356d98797a1c01d:	0.0%
Covered Lines:	336
Relevant Lines:	381

---

💛 - Coveralls