Licensing Akka libraries ensures organizations that the versions of Akka libraries they are running in production will have all the latest known vulnerabilities patched and maintain compliance with SOC 2 standards. SeeAkka Compliance for more information.

The best way to receive any and all security announcements is to subscribe to theAkka security list.

We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.

Following best-practice, we strongly encourage anyone to report potential security vulnerabilities to[email protected] before disclosing them in a public forum like the mailing list or as a GitHub issue.

Reports to this email address will be handled by our security team, who will work together with you to ensure that a fix can be provided without delay.

• 2025-06-03, Improper authentication in Akka management

• 2023-10-31, Akka logs environment variables

• 2023-10-16, HTTP/2 rapid reset denial of service

• 2023-05-15, Akka HTTP uploaded file permissions

• 2023-05-02, CVE-2023-31442, Akka Async DNS (used by Akka Discovery)

• 2023-04-17, CVE-2023-29476, Alpakka Kafka

• 2021-11-02, CVE-2021-42697, Akka HTTP

• 2021-02-24, CVE-2021-23339, Akka HTTP

• 2018-09-05, CVE-2018-16131, Akka HTTP

• 2017-01-23, CVE-2018-16115, Akka

• 2017-08-09, CVE-2017-5643, Akka Camel

• 2017-02-10, Java Serialization, Akka

• 2017-01-23, Denial of Service, Akka HTTP

• 2016-09-30, Directory Traversal, Akka HTTP

This list doesn’t include vulnerabilities in external dependencies of Akka. SeeAkka Compliance for more information and full list of CVEs from dependencies addressed through upgrades in Akka libraries.

Akka libraries supports building secure systems that assume Zero Trust to their environment. Learn more about building secure systems with Akka:Implementing Zero Trust with Akka.