LATEST RELEASE: 24.05 — Zero Trust, DB Sharding, Java 21, Rust Support, and More. Read Release Notes

News & Articles

Full archive

August 29


Akka 2.5.16 Security Patch Released!

Dear hakkers,

We are pleased to announce a new patch release of Akka 2.5. It contains an important security fix for a vulnerability that affects Akka systems that use Akka Remoting/Cluster with TLS and have configured the TLS random-number-generator to AES128CounterSecureRNG or AES256CounterSecureRNG. An attacker would be able to compromise the communication if these random number generators are enabled. See the security announcement for more details.

We would like to thank Rafał Sumisławski at NetworkedAssets for bringing this issue to our attention

Please subscribe to the akka-security mailing list to be notified promptly about future security issues.

A total of 5 issues were closed since 2.5.15. The complete list can be found on the 2.5.16 milestone on github.


For this release we had the help of 4 committers – thank you all very much!

commits  added  removed
      4    309       71 Patrik Nordwall
      1     10       10 promanski
      1      8        7 Rafał Sumisławski
      1      1        1 Paolo Rascunà

Happy hakking!

– The Akka Team