Erlang/OTP 29.0 arrives with significant security enhancements, making SSH services disabled by default to enforce a "secure by default" principle. The release introduces support for -unsafe attributes to mark functions as problematic, with warnings for calls to known unsafe functions. The SFTP subsystem is no longer enabled by default, addressing potential vulnerabilities, while the io_ansi module enables Virtual Terminal Sequences for terminal styling.

This version implements native records as described in EEP-79 and adds multi-valued comprehensions along with variable binding support. The new is_integer/3 guard BIF simplifies range checking, while the ct_doctest module enables testing documentation examples directly. The JIT now generates more efficient code for binary matching and map comprehensions with constant values, improving performance.

Several new compiler warnings are now enabled by default, including deprecated catch operators and obsolete boolean operations. The SSH module defaults to the quantum-resistant mlkem768x25519-sha256 algorithm, combining ML-KEM-768 with X25519 for protection against both classical and quantum attacks. The release also adds rand:shuffle/1 and rand:shuffle_s/2 functions for random list permutation.