Hi everyone, We are aware of the Akka fixes [1] and are working on Pekko equivalents.
We cannot use the Akka fixes as they are not open sourced. If anyone wants to contribute to the related PRs, please be aware that we cannot accept any code or comments based on the Akka changes. Any PRs submitted to Apache projects need to be based on your own work. The issue with the Async DNS resolver is the most complicated to fix [2] and will delay the Pekko Core RC1 by a week or two. If anyone finds other security related issues in Akka or Pekko should ideally report them to the Apache Security team and not disclose the issue publicly (see policy [3]). We will notify the Akka team, just in case the issue was only reported to us. Thanks, PJ [1] https://akka.io/security/ [2] https://github.com/apache/incubator-pekko/pull/371 [3] https://www.apache.org/security/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org For additional commands, e-mail: dev-h...@pekko.apache.org
