Dear hakkers, We announce the immediate availability of the second security patch for the experimental Akka HTTP that was part of the 2.4.x development series. It contains an important security fix for a vulnerability that affects all Akka HTTP applications that use the routing DSL. The vulnerability allows a remote attacker to crash an Akka HTTP server with a simple request so it is highly recommended to update to Akka HTTP 10.0.6 as soon as possible.
Please note that for the latest developments of Akka HTTP you should switch to track its 10.0.x series - we strongly suggest upgrading to that version since it is the stable and maintained version of Akka HTTP, while the 2.4.11 version will only be receiving critical security updates for a while. Compatibility notes *We strongly suggest upgrading to Akka 10.0.6 or later. * Akka 10.0.x is backwards binary compatible with previous 10.0.x releases and Akka 2.4.x. This means that the new JARs are a drop-in replacement for the old one (but not the other way around) as long as your build does not enable the inliner (Scala-only restriction). It should be noted that Scala 2.12.x is is not binary compatible with Scala 2.11.x. Changes: This release only contains 2 additional commits <https://github.com/akka/akka/pull/22835> over its predecessor, which aim to resolve the Accept header vulnerability. Credits One critical issue was closed since 2.4.11.1. The complete list of closed issues can be found on the 2.4.11.2 <https://github.com/akka/akka/milestone/113?closed=1> milestones on github. Happy hakking! – The Akka Team -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
