Dear hakkers,

We are pleased to announce a new patch release of Akka 2.4.

Users of akka-camel are recommended to update to Camel version 2.17.7 and
akka-camel 2.4.20 due to a security vulnerability in Camel, see below.

3 issues were closed since 2.4.19. The complete list can be found on the
2.4.20 <> milestone on
Security vulnerability in Camel dependency

akka-camel had a dependency to camel-core 2.13.4 and that version of
Camel’s Validation Component is vulnerable against SSRF via remote DTDs and
XXE, as described in CVE-2017-5643
<>. Therefore we have updated
the Camel dependency to version 2.17.7 in Akka 2.5.4 and 2.4.20. If you are
using akka-camel you should also update your dependencies of other Camel
modules to 2.17.7.

This update of Camel version might cause that akka-camel is not fully
backwards compatible with prior versions. We didn’t have to change the
source code when updating but there might be changes in Camel that we are
not aware of. It’s recommended that you recompile and test your
applications and libraries when doing this update.

We would like to thank Thomas Szymanski for bringing this issue to our

For this release we had the help of 5 committers – thank you all very much!

commits  added  removed

     2    167      128 Patrik Nordwall

     2     10       10 Thomas Szymanski

     1    174       21 Kirill Yankov

     1     95       34 Johannes Rudolph

     1     26        0 Arnout Engelen

Happy hakking!

– The Akka Team

Lightbend <> -  Reactive apps on the JVM

>>>>>>>>>>      Read the docs:
>>>>>>>>>>      Check the FAQ: 
>>>>>>>>>>      Search the archives:
You received this message because you are subscribed to the Google Groups "Akka 
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to