TL;DR
Erlang/OTP 29.0 has been officially released, bringing new features like native records, multi-valued comprehensions, and security improvements including default-disabled SSH services. The update also includes compiler warnings and JIT enhancements. Some incompatibilities are noted.
Erlang/OTP 29.0, the latest major release of the Erlang runtime system, has been officially launched, introducing new language features, security defaults, and compiler improvements. This update is significant for developers relying on Erlang for scalable, fault-tolerant applications, as it enhances both safety and performance.
The release introduces support for the -unsafe attribute, allowing functions to be marked as unsafe, with compiler warnings for calls to known unsafe functions. The SSH daemon now defaults to disabled for shell and exec services, aligning with the ‘secure by default’ principle, and the SFTP subsystem is no longer enabled by default. In SSL, the post-quantum hybrid algorithm x25519mlkem768 is now the preferred key exchange group. The new io_ansi module enables emitting ANSI sequences for terminal styling, while the ct_doctest module allows testing documentation examples directly.
Language-wise, native records—considered experimental—are now supported, and the new is_integer/3 guard simplifies value verification. Multi-valued comprehensions are supported, enabling more concise code, and variable binding within comprehensions is now possible. The compiler has been enhanced with better code generation for binary matching and map comprehensions, along with new default warnings for deprecated features and common pitfalls, such as the catch operator and variable exports from subexpressions. The standard library now includes functions for list permutation, and the SSH key exchange algorithm defaults to mlkem768x25519-sha256, a hybrid quantum-resistant protocol, providing improved security against future threats.
Why It Matters
This update is important because it enhances Erlang’s security posture, especially with the default disabling of SSH services and the adoption of quantum-resistant algorithms. The new language features improve developer productivity and code safety, while compiler warnings help prevent common mistakes. These changes support Erlang’s continued viability for building secure, high-performance distributed systems.
Erlang/OTP 29 development tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Erlang/OTP 29 is a major release following years of incremental updates, with previous versions focusing on performance and stability. This release emphasizes security, language expressiveness, and tooling improvements. Notably, the support for native records and multi-valued comprehensions aligns Erlang more closely with modern programming paradigms, while default security enhancements reflect ongoing industry concerns about system safety and future-proofing against quantum computing threats.
“Erlang/OTP 29.0 introduces significant language and security improvements, reinforcing Erlang’s role in building reliable, secure systems.”
— Erlang/OTP Team
“The default disabling of SSH shell and exec services demonstrates our commitment to secure by default principles, protecting users from potential vulnerabilities.”
— Erlang/OTP Security Team
Navy SEAL to the Rescue (Aegis Security Book 1)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how widespread adoption of native records will be, given their experimental status, or how quickly existing systems will migrate to the new defaults, especially regarding SSH services and compiler warnings. Details about compatibility issues for specific Erlang applications remain to be fully assessed.
Erlang Programming: A Complete Guide to Build Fault-Tolerant, Distributed, and Concurrent Applications
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Next steps include monitoring community feedback on native records and multi-valued comprehensions, as well as observing the adoption of default security settings. Erlang developers are expected to update their codebases accordingly, and the Erlang team may release further patches or guidance based on early usage reports.
terminal styling ANSI sequences
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are native records in Erlang/OTP 29.0?
Native records are a new data type that behaves similarly to traditional tuples but is treated as a true data type, potentially offering more efficient handling. They are currently considered experimental.
How does the default SSH security change impact users?
The SSH daemon now defaults to disabled for shell and exec services, reducing attack surfaces by requiring explicit configuration to enable these features.
What are multi-valued comprehensions?
Multi-valued comprehensions allow generating multiple output values from a single comprehension, simplifying code that produces paired or multiple results from a generator.
Will existing Erlang applications need to be modified for compatibility?
Some incompatibilities are noted, particularly regarding deprecated features and new warnings. Developers should review their code for usage of catch, variable exports from subexpressions, and obsolete guard tests.
What is the significance of the new SSL key exchange algorithm?
The default key exchange now uses mlkem768x25519-sha256, a hybrid quantum-resistant algorithm, enhancing security against future quantum attacks while maintaining backward compatibility.
