user1
1
Hello everyone,
I would to ask you if the discovered vulnerability on the Async DNS Resolver (Akka Async DNS resolver has insufficient entropy to protect against DNS poisoning | Akka) will be fixed also in the latest version of Akka under Apache 2.0 license (branch 2.6.x)
Thank you very much for your support
2 Likes
jtownley
(James Townley)
2
The vulnerability you are referring to is not considered critical and will not be backported to earlier versions of Akka.
pjfanning
(PJ Fanning)
3
NVD - CVE-2023-31442 has a CVSS score of 7.5 which is considered High. Is there any chance that the Akka team will reconsider?