Patch Package:           OTP 28.4.2
Git Tag:                 OTP-28.4.2
Date:                    2026-04-07
Trouble Report Id:       OTP-19506, OTP-19889, OTP-19931, OTP-20027,
                         OTP-20037, OTP-200…

Erlang Forums is a community-driven platform for discussions related to the Erlang programming language, the Erlang virtual machine (BEAM), and related technologies such as OTP (Open Telecom Platform) and distributed systems. With dedicated forums covering topics like Erlang syntax, OTP frameworks, concurrency primitives, and fault-tolerant design patterns, Erlang Forums offers a resources for Erlang developers and enthusiasts to ask questions, share insights, and collaborate on Erlang-based projects. Whether you're a seasoned Erlang developer or a newcomer exploring functional programming, Erlang Forums provides a supportive community to help you learn and grow in your journey with Erlang.

Erlang Forums

Erlang/OTP 28.4.2 patch release fixes multiple bugs and addresses two CVEs. Key security fixes include: DNS cache poisoning vulnerability in inet_res (CVE-2026-28810) now mitigated with strong random transaction IDs and source port randomization; OCSP stapling soft-fail behavior changed to hard-fail (CVE-2026-32144), meaning handshakes now fail if no OCSP staple is provided when stapling is enabled. Additional fixes cover a JIT miscompilation bug in erts, an authentication bypass in httpd's mod_auth with script_alias (CVE-2026-28808), OCSP designated responder certificate verification in public_key, TLS-1.2/1.3 algorithm filtering for SLH-DSA, EUnit node instantiation, and Windows-specific issues with spaces in installation paths. The OCSP stapling behavior change is a potential incompatibility for applications relying on the previous soft-fail behavior.

Patch Package OTP 28.4.2 Released