Erlang/OTP 29.0 released with security hardening and native records
The latest release of the Erlang programming language introduces native records, multi-valued comprehensions, and stricter security protocols for SSH and SSL.
Erlang/OTP 29.0 has been published as a new major release of the Erlang programming language, bringing significant structural changes to the Open Telecom Platform. The update focuses on modernising language syntax, enhancing security defaults, and refining developer tooling, while introducing a few incompatibilities for existing codebases.
Key technical additions include the implementation of native records as described in EEP-79. These structures function as a true data type similar to traditional tuple-based records, though the release notes classify them as experimental for OTP 29 and potentially OTP 30. The release also supports multi-valued comprehensions under EEP 78, allowing for more complex list operations, and introduces a new guard BIF, is_integer/3, to verify integer values within specific ranges.
Security has been a primary driver for this release, with the SSH daemon now defaulting to disabled for shell and exec services. This change enforces a secure-by-default principle, preventing authenticated users from executing arbitrary Erlang code unless explicitly configured. Additionally, the SFTP subsystem is no longer enabled by default when starting the SSH daemon. In SSL, the post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.
Operational changes include the removal of 32-bit Erlang/OTP builds for Windows and a reordering of the default code path. The current working directory is now positioned last in the path rather than first, a move intended to reduce security risks associated with relative path resolution. The compiler also now generates warnings by default for the use of the deprecated catch operator, the and and or operators, and unsafe function calls.
Further improvements include the io_ansi module for emitting Virtual Terminal Sequences, the ct_doctest module for testing documentation examples, and enhanced xref tooling for filtering ignore_xref attributes. The release also features better JIT code generation for binaries with multiple little-endian segments and more efficient compilation for map comprehensions with constant values.
