Security Announcements

Receiving Security Advisories

The best way to receive any and all security announcements is to subscribe to the Akka security list.

The mailing list is very low traffic, and receives notifications only after security reports have been managed by the core team and fixes are publicly available.

Reporting Vulnerabilities

We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.

Following best-practice, we strongly encourage anyone to report potential security vulnerabilities to security@akka.io before disclosing them in a public forum like the mailing list or as a Github issue.

Reports to this email address will be handled by our security team, who will work together with you to ensure that a fix can be provided without delay.

Fixed Security Vulnerabilities

Fixed in Akka HTTP 10.0.6 & 2.4.11.2

Fixed in Akka HTTP 10.0.2 & 2.4.11.1

Fixed in Akka HTTP 2.4.11

The source code for this page can be found here.