chore(deps): update dependency erlang to v28.4.3 #235

Merged

renovate merged 1 commit from renovate/all into main 2026-04-22 00:06:21 +00:00

Conversation 0 Commits 1 Files changed 1 +1 -1

renovate commented 2026-04-22 00:04:19 +00:00

Member

Copy link

This PR contains the following updates:

Package	Update	Change
erlang	patch	28.4.2 → 28.4.3

---

Release Notes

erlang/otp (erlang)

v28.4.3: OTP 28.4.3

Compare Source

Patch Package:           OTP 28.4.3
Git Tag:                 OTP-28.4.3
Date:                    2026-04-21
Trouble Report Id:       OTP-20081, OTP-20086, OTP-20104
Seq num:                 #​10968, CVE-2026-32147, PR-10985, PR-11027
System:                  OTP
Release:                 28
Application:             kernel-10.6.3, ssh-5.5.2
Predecessor:             OTP 28.4.2

Check out the git tag OTP-28.4.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

OTP-28.4.3

Fixed Bugs and Malfunctions

• Fix the otp_patch_apply script to properly handle installation of documentation for OTP versions with more than one digit in version parts less significant than the major version.

  Own Id: OTP-20086
  Related Id(s): PR-10985

kernel-10.6.3

The kernel-10.6.3 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

• On Windows, sockets has to be bound when using 'socket'. Therefor when using gen_tcp with inet_backend = socket, gen_tcp_socket bind even if the caller has not provided an explicit bind address. In that case it attempts to locate a "proper" address on its own. But if the connect address is the loopback address, this could lead to an attempt to bind to an external interface. So, this has now been changed so that if the connect address is the loopback address, the loopback address will also be used when binding.

  Own Id: OTP-20104
  Related Id(s): #​10968

Full runtime dependencies of kernel-10.6.3

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0

ssh-5.5.2

Note! The ssh-5.5.2 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependency has to be satisfied:
   -- crypto-5.7 (first satisfied in OTP 28.1)

Fixed Bugs and Malfunctions

• Fixed a vulnerability in the SFTP server where file attributes could be modified outside the configured root directory. When using FSETSTAT on an open file handle, the operation used the path stored in the handle without verifying it was within the root directory, allowing attribute changes to files outside the chroot boundary.

  Thanks to John Downey.

  Own Id: OTP-20081
  Related Id(s): PR-11027, CVE-2026-32147

Full runtime dependencies of ssh-5.5.2

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [erlang](https://github.com/erlang/otp) | patch | `28.4.2` → `28.4.3` | --- ### Release Notes <details> <summary>erlang/otp (erlang)</summary> ### [`v28.4.3`](https://github.com/erlang/otp/releases/tag/OTP-28.4.3): OTP 28.4.3 [Compare Source](https://github.com/erlang/otp/compare/OTP-28.4.2...OTP-28.4.3) ``` Patch Package: OTP 28.4.3 Git Tag: OTP-28.4.3 Date: 2026-04-21 Trouble Report Id: OTP-20081, OTP-20086, OTP-20104 Seq num: #&#8203;10968, CVE-2026-32147, PR-10985, PR-11027 System: OTP Release: 28 Application: kernel-10.6.3, ssh-5.5.2 Predecessor: OTP 28.4.2 ``` Check out the git tag OTP-28.4.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### OTP-28.4.3 #### Fixed Bugs and Malfunctions - Fix the `otp_patch_apply` script to properly handle installation of documentation for OTP versions with more than one digit in version parts less significant than the major version. Own Id: OTP-20086\ Related Id(s): [PR-10985] ### kernel-10.6.3 The kernel-10.6.3 application can be applied independently of other applications on a full OTP 28 installation. #### Fixed Bugs and Malfunctions - On Windows, sockets has to be bound when using 'socket'. Therefor when using gen\_tcp with inet\_backend = socket, gen\_tcp\_socket bind even if the caller has not provided an explicit bind address. In that case it attempts to locate a "proper" address on its own. But if the connect address is the loopback address, this could lead to an attempt to bind to an external interface. So, this has now been changed so that if the connect address is the loopback address, the loopback address will also be used when binding. Own Id: OTP-20104\ Related Id(s): [#&#8203;10968] > #### Full runtime dependencies of kernel-10.6.3 > > crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0 ### ssh-5.5.2 Note! The ssh-5.5.2 application *cannot* be applied independently of other applications on an arbitrary OTP 28 installation. ``` On a full OTP 28 installation, also the following runtime dependency has to be satisfied: -- crypto-5.7 (first satisfied in OTP 28.1) ``` #### Fixed Bugs and Malfunctions - Fixed a vulnerability in the SFTP server where file attributes could be modified outside the configured root directory. When using FSETSTAT on an open file handle, the operation used the path stored in the handle without verifying it was within the root directory, allowing attribute changes to files outside the chroot boundary. Thanks to John Downey. Own Id: OTP-20081\ Related Id(s): [PR-11027], [CVE-2026-32147] > #### Full runtime dependencies of ssh-5.5.2 > > crypto-5.7, erts-14.0, kernel-10.3, public\_key-1.6.1, runtime\_tools-1.15.1, stdlib-5.0, stdlib-6.0 [#&#8203;10968]: https://github.com/erlang/otp/issues/10968 [cve-2026-32147]: https://nvd.nist.gov/vuln/detail/CVE-2026-32147 [pr-10985]: https://github.com/erlang/otp/pull/10985 [pr-11027]: https://github.com/erlang/otp/pull/11027 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate added 1 commit 2026-04-22 00:04:19 +00:00

chore(deps): update dependency erlang to v28.4.3 5f032e234d

renovate scheduled this pull request to auto merge when all checks succeed 2026-04-22 00:04:20 +00:00

renovate merged commit be0737a85b into main 2026-04-22 00:06:21 +00:00

renovate deleted branch renovate/all 2026-04-22 00:06:22 +00:00

renovate referenced this pull request from a commit 2026-04-22 00:06:22 +00:00

Merge pull request 'chore(deps): update dependency erlang to v28.4.3' (#235) from renovate/all into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

siesta-cat/twochi-bot!235

No description provided.