TL;DR
Erlang/OTP 29.0 has been released, bringing new features such as native records, multi-valued comprehensions, and enhanced security defaults. It also includes compiler warnings and JIT improvements. The update marks a significant step for Erlang developers.
Erlang/OTP 29.0, the latest major release of the Erlang runtime system, has been officially launched, introducing new features, security improvements, and compiler warnings that may affect existing codebases.
The release includes support for -unsafe attributes to mark functions as unsafe, along with compiler warnings for calls to known unsafe functions. The SSH daemon now defaults to disabled for shell and exec services, aligning with the ‘secure by default’ principle, and the SFTP subsystem is no longer enabled by default.
In the realm of language features, native records—considered experimental—have been added, providing a true data type alternative to traditional tuples. The new is_integer/3 guard simplifies verifying whether a value is an integer within a specific range. Multi-valued comprehensions are now supported, allowing for more concise list operations, and the compr_assign feature enables variable binding within comprehensions.
Compiler and JIT improvements include better code generation for binary matching, more efficient map comprehensions, and new default warnings such as deprecated catch operator usage, obsolete guard tests, and variable export warnings from subexpressions. These warnings can be disabled via specific compiler options.
In the standard library, new functions like rand:shuffle/1 and rand:shuffle_s/2 facilitate list permutation. The SSH module now defaults to a hybrid quantum-resistant key exchange algorithm, mlkem768x25519-sha256, enhancing security against future quantum attacks while maintaining backward compatibility.
Why It Matters
This release is significant because it enhances the language’s capabilities with new data structures and comprehension features, improves security defaults—particularly in SSH—and provides developers with better tools for writing efficient, secure code. The default disabling of certain services reduces attack surfaces, aligning with best security practices, which is crucial for enterprise and cloud applications relying on Erlang.
Erlang/OTP 29.0 developer toolkit
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Erlang/OTP has historically been used for building highly concurrent, fault-tolerant systems, especially in telecommunications and distributed computing. Previous versions introduced various improvements, but OTP 29.0 marks a notable shift with its focus on security defaults and language enhancements. The addition of native records and multi-valued comprehensions reflects ongoing efforts to modernize the language, while the security defaults in SSH align with industry best practices for secure deployments.
“Erlang/OTP 29.0 introduces significant improvements in language features, security, and performance, reinforcing Erlang’s position for building reliable systems.”
— Erlang/OTP Development Team
“The default disabling of SSH shell and exec services enhances security by reducing attack surfaces, aligning with our ‘secure by default’ approach.”
— Erlang/OTP Security Team
secure SSH server hardware
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
While the release details are comprehensive, it is not yet clear how existing Erlang applications will adapt to certain incompatibilities, such as the removal of 32-bit Windows builds and deprecated guard tests. The full impact of new compiler warnings and experimental features like native records remains to be seen in production environments.
quantum-resistant SSH key exchange device
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Next steps include developers updating their codebases to accommodate new warnings and features, testing native record implementations, and monitoring how the security defaults affect deployment practices. Further updates and documentation are expected to clarify migration paths and compatibility issues.
Erlang programming books
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are native records in Erlang/OTP 29.0?
Native records are a new data type introduced as part of the language, offering a true data structure similar to traditional tuples but with more flexibility. They are considered experimental in this release.
How does the security default change in SSH affect existing systems?
The SSH daemon now defaults to disabling shell and exec services, reducing the attack surface. Systems must explicitly enable these services if needed, which enhances security but may require configuration adjustments.
What are multi-valued comprehensions used for?
Multi-valued comprehensions allow combining multiple generators and expressions in list comprehensions, enabling more concise and expressive code for complex list operations.
Are there any breaking changes in this release?
Yes, some incompatibilities include the removal of 32-bit Windows builds and deprecated guard tests. Developers should review the release notes for detailed migration guidance.
Will native records be stable for production use?
Native records are marked as experimental in OTP 29.0, and their stability for production depends on future releases and community feedback.
