Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update akka 2.5.16 #8590
Akka 2.5.12 introduced a fix that causes source compatibility issues (see akka/akka#24575). This should not affect most of the users though. Also, Akka 2.5.13 brings some API changes for Akka Typed and if you are using it in your Play application, there are some changes you need to make. These changes are okay according to Akka binary policy rules since Akka Typed is still marked as a "may change" module. Internally, Play does not uses Akka Typed, so these changes don't affect us.
We need to update Akka version now because there is a security fix in Akka 2.5.16.
referenced this pull request
Aug 31, 2018
Technically the security issue was in akka-remote, which Play does not depend on, so it shouldn't make any difference unless you are using that library.
For affected versions see https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html#affected-versions. Specifically, the issue affects systems with Akka 2.5.0 - 2.5.15 that use Akka Remoting/Cluster with TLS and have configured the TLS random-number-generator to AES128CounterSecureRNG or AES256CounterSecureRNG.
@FranklinYinanDing to answer your question, this could not affect an application using Play 2.4, since Play 2.4 does not work with Akka 2.5.