Dear hakkers,
We are pleased to announce a new patch release of Akka 2.5. It contains an important security fix for a vulnerability that affects Akka systems that use Akka Remoting/Cluster with TLS and have configured the TLS random-number-generator to AES128CounterSecureRNG or AES256CounterSecureRNG. An attacker would be able to compromise the communication if these random number generators are enabled. See the security announcement for more details.
We would like to thank Rafał Sumisławski at NetworkedAssets for bringing this issue to our attention
Please subscribe to the akka-security mailing list to be notified promptly about future security issues.
A total of 5 issues were closed since 2.5.15. The complete list can be found on the 2.5.16 milestone on github.
Credits
For this release we had the help of 4 committers – thank you all very much!
commits added removed
4 309 71 Patrik Nordwall
1 10 10 promanski
1 8 7 Rafał Sumisławski
1 1 1 Paolo Rascunà
Happy hakking!
– The Akka Team