TL;DR
Erlang/OTP 29.0, a major release, introduces new features like native records, multi-valued comprehensions, and enhanced security defaults. It also includes performance improvements and new warnings for deprecated practices.
Erlang/OTP 29.0 has been officially released, featuring new language capabilities, security defaults, and compiler improvements, marking a significant update for Erlang developers and users.
The release introduces support for -unsafe attributes, allowing functions to be marked as unsafe, with the compiler issuing warnings for calls to known unsafe functions. The SSH daemon now defaults to disabled for shell and exec services, aligning with the ‘secure by default’ principle, and the SFTP subsystem is no longer enabled by default. In SSL, the post-quantum hybrid algorithm x25519mlkem768 is now the preferred key exchange group, enhancing security against quantum attacks.
New language features include native records, which are true data types similar to traditional records but implemented as separate types, and the is_integer/3 guard, enabling easy verification of integer ranges. Multi-valued comprehensions are now supported, allowing more expressive list operations, and the compr_assign feature permits variable binding within comprehensions. The compiler has been improved to generate more efficient code, especially for binary matching and map comprehensions, alongside new default warnings for deprecated practices like the catch operator, obsolete guard tests, and variable exports from subexpressions.
Standard library updates include new functions for list shuffling, and the SSH subsystem now defaults to a more secure key exchange algorithm, mlkem768x25519-sha256, which offers resistance to quantum computing threats while maintaining backward compatibility.
Why It Matters
This update is important because it enhances Erlang’s security posture, especially with defaults that prevent arbitrary code execution via SSH. The new language features improve expressiveness and performance, aiding developers in writing more efficient and safer code. The default warnings encourage better coding practices, potentially reducing bugs and security vulnerabilities.
Erlang/OTP 29.0 developer toolkit
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Erlang/OTP 29.0 follows previous releases that steadily added features like native support for complex data types and improved JIT compilation. Historically, Erlang has been used in telecoms and distributed systems, where security and reliability are critical. The current release continues this trajectory by emphasizing security defaults, modern language features, and performance optimizations, reflecting ongoing efforts to keep Erlang competitive and secure in modern environments.
“Erlang/OTP 29.0 introduces significant improvements in security, language features, and performance, emphasizing safe defaults and developer productivity.”
— Erlang/OTP Development Team
“The SSH daemon now defaults to disabled for shell and exec services, implementing the ‘secure by default’ principle.”
— Erlang/OTP Release Notes
Modern OpenSSH In-Depth: The Complete Secure Shell Guide for SSH Server Configuration, Key Management, Tunneling, SFTP File Transfer, and DevOps Automation.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how widely adopted the new features will be or how existing codebases will handle the incompatibilities related to deprecated practices. Details about the full scope of backward compatibility and migration paths are still emerging.
quantum-resistant SSL/TLS modules
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Developers and users are expected to test the new release, especially focusing on compatibility issues and leveraging new features. Future updates or patch releases may address initial bugs or further optimize performance, with Erlang community discussions ongoing about best practices for migration.
The BEAM Book: Understanding the Erlang Runtime System
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are the main security improvements in Erlang/OTP 29.0?
The default SSH configuration now disables shell and exec services, reducing the risk of arbitrary code execution. Additionally, the preferred SSL key exchange algorithm now supports post-quantum resistance, enhancing security against future quantum attacks.
What new language features does Erlang/OTP 29.0 introduce?
Native records, multi-valued comprehensions, and the is_integer/3 guard are among the key language enhancements, offering more expressiveness and type safety.
Are there any notable incompatibilities or deprecated features?
Yes, the catch operator is now warned against as deprecated, and old guard tests will be removed in Erlang/OTP 30. Some warnings can be disabled, but developers should review their code for compatibility.
How does the new default security configuration affect existing Erlang applications?
Applications relying on SSH shell or exec services may need to explicitly enable these features. The default configuration prioritizes security, so adjustments might be necessary for legacy setups.
