Erlang/OTP 23.3.4.19

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl or asdf).

docker run -it erlang:23.3.4.19
Erlang/OTP 23.3.4.19
View on github.com
Patch Package OTP 23.3.4.19
Git Tag OTP-23.3.4.19
Date 2023-06-08
Issue Id
ERIERL-944
System OTP
Release 23
Application

compiler-7.6.9.3 #

The compiler-7.6.9.3 application can be applied independently of other applications on a full OTP 23 installation.

OTP-18325
Application(s):
compiler, stdlib
Related Id(s):
GH-6465 , GH-6466

It is not allowed to call functions from guards. The compiler failed to reject a call in a guard when done by constructing a record with a default initialization expression that called a function.

OTP-18365
Application(s):
compiler

Fixed a bug that could cause legal code to fail validation.

OTP-18470
Application(s):
compiler
Related Id(s):
GH-6873 , PR-6877

The compiler would generate incorrect code for the following type of expression:

Pattern = BoundVar1 = . . . = BoundVarN = Expression

An exception should be raised if any of the bound variables have different values than Expression. The compiler would generate code that would cause the bound variables to be bound to the value of Expressionwhether the value matched or not.

Full runtime dependencies of compiler-7.6.9.3: crypto-3.6, erts-11.0, hipe-3.12, kernel-7.0, stdlib-3.13

erts-11.2.2.18 #

Note! The erts-11.2.2.18 application *cannot* be applied independently of other applications on an arbitrary OTP 23 installation. On a full OTP 23 installation, also the following runtime dependency has to be satisfied: -- kernel-7.3.1.5 (first satisfied in OTP 23.3.4.12)

OTP-18321
Application(s):
erts

Fix list_to_atom/1 for negative code points. Could either return with a positive code point or fail with an incorrect exception.

OTP-18388
Application(s):
erts
Related Id(s):
OTP-17462 , PR-6662

A race condition which was very rarely triggered could cause the signal queue of a process to become inconsistent causing the runtime system to crash.

OTP-18421
Application(s):
erts
Related Id(s):
PR-6806

process_info(Pid, status) when Pid /= self() could return an erroneous result.

OTP-18463
Application(s):
erts
Related Id(s):
PR-6858

In rare circumstances, when a process exceeded its allowed heap size set by option max_heap_size, it would not be killed as it should be, but instead enter a kind of zombie state it would never get out of.

OTP-18525
Application(s):
erts
Related Id(s):
PR-7049

Implementations of the call() driver callback that returned a faulty encoded result could cause a memory leak and could cause invalid data on the heap of the processes calling erlang:port_call/3.

OTP-18570
Application(s):
erts
Related Id(s):
PR-7190

If a runtime system which was starting the distribution already had existing pids, ports, or references referring to a node with the same nodename/creation pair that the runtime system was about to use, these already existing pids, ports, or references would not work as expected in various situations after the node had gone alive. This could only occur if the runtime system was communicated such pids, ports, or references prior to the distribution was started. That is, it was extremely unlikely to happen unless the distribution was started dynamically and was even then very unlikely to happen. The runtime system now checks for already existing pids, ports, and references with the same nodename/creation pair that it is about to use. If such are found another creation will be chosen in order to avoid these issues.

Full runtime dependencies of erts-11.2.2.18: kernel-7.3.1.5, sasl-3.3, stdlib-3.13

stdlib-3.14.2.3 #

The stdlib-3.14.2.3 application can be applied independently of other applications on a full OTP 23 installation.

OTP-18325
Application(s):
compiler, stdlib
Related Id(s):
GH-6465 , GH-6466

It is not allowed to call functions from guards. The compiler failed to reject a call in a guard when done by constructing a record with a default initialization expression that called a function.

Full runtime dependencies of stdlib-3.14.2.3: compiler-5.0, crypto-3.3, erts-11.0, kernel-7.0, sasl-3.0

xmerl-1.3.27.1 #

The xmerl-1.3.27.1 application can be applied independently of other applications on a full OTP 23 installation.

OTP-18595
Application(s):
xmerl
Related Id(s):
ERIERL-944

New options to xmerl_scan and xmerl_sax_parser so one can limit the behaviour of the parsers to avoid some XML security issues.

xmerl_scan gets one new option:

-- {allow_entities, Boolean} -- Gives the possibility to disallow entities by setting this option to false (true is default)

xmerl_sax_parser gets the following options:

-- disallow_entities -- Don't allow entities in document

-- {entity_recurse_limit, N} -- Set a limit on entity recursion depth (default is 3)

-- {external_entities, AllowedType} -- Specify which types of external entities that are allowed, this also affect external DTD's. The types are all(default), file and none

-- {fail_undeclared_ref, Boolean} -- Sets the behavior for undeclared references due to an external file is not parsed (true is default)

The old option skip_external_dtd is still valid and the same as {external_entities, none} and {fail_undeclared_ref, false} but just affects DTD's and not other external references.

Full runtime dependencies of xmerl-1.3.27.1: erts-6.0, kernel-3.0, stdlib-2.5