Erlang/OTP 25.1 Maintenance Release: New Crypto Support, SSL Fixes, and Other Improvements

Erlang/OTP 25.1 is the first maintenance patch for OTP 25, primarily containing bug fixes and numerous small improvements.

Erlang is a general‑purpose concurrent functional programming language; the term also refers to the Erlang/OTP open‑source telecom platform, which provides the standard execution environment and a suite of components.

Main changes

Crypto

Crypto is now considered production‑ready with OpenSSL 3.0; ENGINE and FIPS are not yet fully functional.

The behavior of engine load/unload functions has been changed.

SSL

A vulnerability (CVE‑2022‑37026) that allowed bypass of client authentication has been discovered and fixed. The fix is included in patches 23.3.4.15, 24.3.4.2 and 25.0.2 for the supported tracks, and users are advised to upgrade to one of these versions or later; OTP 25.1 is the preferred choice.

The issue affects servers that use ssl/tls/dtls and request client authentication (i.e., have the option {verify, verify_peer} set). Affected applications include those that directly or indirectly run such servers via inets (e.g., httpd ) or cowboy .