You might want to update prod apps ASAP to this or the latest point version if below 29. Just deployed an app to production, automated security scans found 2 CRITICAL CVEs and half a dozen of HIGH risk ones dated Feb-May 2026.
Copied from the defectdojo report (generated on an Elixir 1.19 app on ubuntu noble base image from February 2026):
Critical CVE-2025-32433 in erlang:27.3
Critical CVE-2026-28808 in erlang:27.3
High CVE-2026-23941 in erlang:27.3
High CVE-2026-32144 in erlang:27.3
High CVE-2025-48041 in erlang:27.3
High CVE-2025-68973 in gpgv:2.4.4-2ubuntu17
High CVE-2025-30211 in erlang:27.3
High CVE-2025-68973 GPGV 2.4.4-2ubuntu17
All these seem to be fixed by upgrading to latest ubuntu image + Erlang/OTP 28.5
Thank you. The problem with new OTP releases is that usually there's a X.0.1 release shortly after because something was broken. At least it was that way with 28. I'll wait a few weeks.