Erlang/OTP 29.0 adds unsafe checks, secures SSH daemon, and drops 32-bit Windows support

Erlang/OTP 29.0 has been released, bringing several key security and developer-facing updates. The release introduces -unsafe attributes, allowing developers to mark functions as unsafe; the compiler now emits warnings for calls to always-unsafe functions. Cross-referencing can now help identify such dangerous calls and undocumented functions, providing an added safety net when reviewing codebases.

Building on the security improvements, the SSH daemon disables shell and exec services by default, aligning with secure by default principles and preventing authenticated users from executing arbitrary Erlang code unless explicitly permitted. Additionally, the SFTP subsystem is now off by default during SSH initialization.

In cryptographic enhancements, Erlang/OTP 29.0 makes the post quantum hybrid algorithm x25519mlkem768 the default preferred key exchange group in SSL configurations.

Developers benefit from the new io_ansi module, which supports emitting Virtual Terminal (ANSI) Sequences to add color and styling in terminal output or to support richer terminal applications. The ct_doctest module enables direct testing of examples found in documentation, while improvements to xref mean the ignore_xref attribute is read directly by xref, resulting in more consistent cross-reference filtering. The code path now puts the current working directory at the end instead of the beginning, reducing risks of unintended code loading. Finally, this release drops 32-bit build support for Windows.