Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[2.6.x]: Update Akka HTTP to 10.0.14 #8598
Sep 6, 2018
Hi, would you be able to confirm if this fixes the gzip request vulnerability reported against akka-http? Part of the fix involved adding this line to
Could Play be independently vulnerable to this problem?
Thanks for your help.
Play is not affected by this because it uses body parsers to enforce the max content length, not the underlying server backend (Akka HTTP or Netty). The relevant code for Play is here:
We conduct the same test that was breaking Akka HTTP against a Play application without being able to reproduce the problem. So this is more like a regular update than one fixing a vulnerability.
Thanks - and my understanding is that