We are pleased to announce a new patch release of Akka 2.4.
Users of akka-camel are recommended to update to Camel version 2.17.7 and
akka-camel 2.4.20 due to a security vulnerability in Camel, see below.
3 issues were closed since 2.4.19. The complete list can be found on the
2.4.20 <https://github.com/akka/akka/milestone/116?closed=1> milestone on
Security vulnerability in Camel dependency
akka-camel had a dependency to camel-core 2.13.4 and that version of
Camel’s Validation Component is vulnerable against SSRF via remote DTDs and
XXE, as described in CVE-2017-5643
<https://nvd.nist.gov/vuln/detail/CVE-2017-5643>. Therefore we have updated
the Camel dependency to version 2.17.7 in Akka 2.5.4 and 2.4.20. If you are
using akka-camel you should also update your dependencies of other Camel
modules to 2.17.7.
This update of Camel version might cause that akka-camel is not fully
backwards compatible with prior versions. We didn’t have to change the
source code when updating but there might be changes in Camel that we are
not aware of. It’s recommended that you recompile and test your
applications and libraries when doing this update.
We would like to thank Thomas Szymanski for bringing this issue to our
For this release we had the help of 5 committers – thank you all very much!
commits added removed
2 167 128 Patrik Nordwall
2 10 10 Thomas Szymanski
1 174 21 Kirill Yankov
1 95 34 Johannes Rudolph
1 26 0 Arnout Engelen
– The Akka Team
Lightbend <http://www.lightbend.com/> - Reactive apps on the JVM
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.