Patch Package: OTP 28.4.2
Git Tag: OTP-28.4.2
Date: 2026-04-07
Trouble Report Id: OTP-19506, OTP-19889, OTP-19931, OTP-20027,
OTP-20037, OTP-20042, OTP-20044, OTP-20046,
OTP-20047, OTP-20049, OTP-20050, OTP-20052,
OTP-20053, OTP-20056, OTP-20060, OTP-20064,
OTP-20065, OTP-20068
Seq num: CVE-2026-28810, CVE-2026-32144, ERIERL-1310,
ERIERL-1311, ERIERL-1312, GH-10454, GH-10562,
GH-10606, GH-10785, GH-10876, GH-10901,
GH-7156, GH-9476, PR-10456, PR-10569,
PR-10620, PR-10788, PR-10864, PR-10866,
PR-10867, PR-10873, PR-10874, PR-10889,
PR-10893, PR-10899, PR-10904, PR-10906,
PR-10911, PR-10941, PR-9481
System: OTP
Release: 28
Application: compiler-9.0.6, erts-16.3.1, eunit-2.10.3,
inets-9.6.2, kernel-10.6.2,
public_key-1.20.3, sasl-4.3.2, snmp-5.20.2,
ssl-11.5.4
Predecessor: OTP 28.4.1
Check out the git tag OTP-28.4.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the ‘otp_patch_apply’ tool. For information on install requirements, see descriptions for each application version below.
POTENTIAL INCOMPATIBILITIES
-
When OCSP stapling is enabled via the {stapling, staple} or {stapling, #{…}} options, the handshake now fails if the server does not provide an OCSP stapled response.
Previously, a missing OCSP staple was silently accepted (soft-fail). Since Erlang/OTP only supports OCSP via stapling with no fallback to direct OCSP queries or CRL checking, soft-fail meant no revocation check at all.
…
