Patch Package:           OTP 27.3.4.9 
Git Tag:                 OTP-27.3.4.9 
Date:                    2026-03-12 
Trouble Report Id:       OTP-19990, OTP-20007, OTP-20009, OTP-20011, 
OTP-20022 
Seq num:                …

Erlang Forums is a community-driven platform for discussions related to the Erlang programming language, the Erlang virtual machine (BEAM), and related technologies such as OTP (Open Telecom Platform) and distributed systems. With dedicated forums covering topics like Erlang syntax, OTP frameworks, concurrency primitives, and fault-tolerant design patterns, Erlang Forums offers a resources for Erlang developers and enthusiasts to ask questions, share insights, and collaborate on Erlang-based projects. Whether you're a seasoned Erlang developer or a newcomer exploring functional programming, Erlang Forums provides a supportive community to help you learn and grow in your journey with Erlang.

Erlang Forums

Erlang/OTP 27.3.4.9 patch release addresses three CVEs and two bug fixes across inets, ssh, and ssl applications. Security fixes include: rejection of HTTP requests with multiple conflicting Content-Length headers to prevent request smuggling (CVE-2026-23941); a path traversal vulnerability in the SFTP server's root option that used string prefix matching instead of proper path component validation (CVE-2026-23942); and a decompression bomb vulnerability in SSH zlib compression allowing 256 KB packets to expand to 255 MB (CVE-2026-23943), fixed by removing zlib from default algorithms and adding size limits. SSL fixes address NSS keylogging state confusion and TLS-1.3 certificate request signature algorithm ordering.

Patch Package OTP 27.3.4.9 Released