Expert talks delivered virtually on Nov 10 Register Here
From the creators of Akka, get technology enhancements, monitoring, and expert support with Akka Platform from Lightbend. Learn More

News & Articles

Full archive

August 29

2018

Akka 2.5.16 Security Patch Released!

Dear hakkers,

We are pleased to announce a new patch release of Akka 2.5. It contains an important security fix for a vulnerability that affects Akka systems that use Akka Remoting/Cluster with TLS and have configured the TLS random-number-generator to AES128CounterSecureRNG or AES256CounterSecureRNG. An attacker would be able to compromise the communication if these random number generators are enabled. See the security announcement for more details.

We would like to thank Rafał Sumisławski at NetworkedAssets for bringing this issue to our attention

Please subscribe to the akka-security mailing list to be notified promptly about future security issues.

A total of 5 issues were closed since 2.5.15. The complete list can be found on the 2.5.16 milestone on github.

Credits

For this release we had the help of 4 committers – thank you all very much!

commits  added  removed
      4    309       71 Patrik Nordwall
      1     10       10 promanski
      1      8        7 Rafał Sumisławski
      1      1        1 Paolo Rascunà

Happy hakking!

– The Akka Team