Patch Package:           OTP 28.4.1 
Git Tag:                 OTP-28.4.1 
Date:                    2026-03-12 
Trouble Report Id:       OTP-20007, OTP-20009, OTP-20011, OTP-20012, 
OTP-20014, OTP-20018, OTP-20022 
Seq nu…

Erlang Forums is a community-driven platform for discussions related to the Erlang programming language, the Erlang virtual machine (BEAM), and related technologies such as OTP (Open Telecom Platform) and distributed systems. With dedicated forums covering topics like Erlang syntax, OTP frameworks, concurrency primitives, and fault-tolerant design patterns, Erlang Forums offers a resources for Erlang developers and enthusiasts to ask questions, share insights, and collaborate on Erlang-based projects. Whether you're a seasoned Erlang developer or a newcomer exploring functional programming, Erlang Forums provides a supportive community to help you learn and grow in your journey with Erlang.

Erlang Forums

Erlang/OTP 28.4.1 patch release fixes several security vulnerabilities across multiple applications. Key fixes include: an HTTP request smuggling vulnerability in inets httpd (CVE-2026-23941) via multiple Content-Length headers; an SFTP path traversal vulnerability in ssh allowing access to sibling directories (CVE-2026-23942); a decompression bomb vulnerability in SSH zlib compression that could cause memory exhaustion (CVE-2026-23943); a DNS TSIG validation bypass in kernel; and a memory leak in crypto's engine_load. The ssl application also receives a TLS-1.3 certificate request fix and documentation improvements for socket options.

Patch Package OTP 28.4.1 Released