You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We will not upgrade akka-http beyond version 10.2.x in Play 2.9. If you are using Play 2.9 you can upgrade to latest akka and akka-http versions like describedin our documentation: https://www.playframework.com/documentation/2.9.x/ScalaAkka#Updating-Akka-version (be aware however latest versions of akka/akka-http make use of the BSL).
Also I want to mention CVE-2023-44487 only affects you if you have HTTP2 enabled in you Play application (which by default is disabled).
Snyk shows problem with akka-http-core in 2.8.20 - high security vulnerability
https://security.snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-6483264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Fix is available in akka-http-core 10.5.3 or higher.
Is it possible to release 2.8.22 and fix this vulnerability?
The text was updated successfully, but these errors were encountered: