Akka Async DNS resolver vulnerability fix for Akka 2.6.x

Hello everyone,

I would to ask you if the discovered vulnerability on the Async DNS Resolver (Akka Async DNS resolver has insufficient entropy to protect against DNS poisoning | Akka) will be fixed also in the latest version of Akka under Apache 2.0 license (branch 2.6.x)

Thank you very much for your support


The vulnerability you are referring to is not considered critical and will not be backported to earlier versions of Akka.

NVD - CVE-2023-31442 has a CVSS score of 7.5 which is considered High. Is there any chance that the Akka team will reconsider?