- CVE-2022-42003
- CVE-2020-36518
- CVE-2022-42004
- CVE-2022-42003
- CVE-2022-22970
- CVE-2022-22950
- CVE-2022-22971
- CVE-2022-22968
- CVE-2020-13957
- CVE-2021-37404
- CVE-2022-25168
Akka is built according to internationally-recognized standards in a certified environment, with a safe and verified supply chain. This means:
Lightbend takes cybersecurity very seriously. We develop, maintain, and support our products in a secure environment according to detailed processes.
Lightbend is fully compatible with many other standards. We can help provide guidance and assistance to:
Using Akka enables your organization to save time and money on your own compliance work. Lightbend will manage some of the work and risk that would otherwise be entirely yours. This includes:
As part of our commitment to these standards, we actively search for and address every vulnerability in Akka, both in our code and the code we depend on from other projects. We follow a detailed and urgent process as part of our support policy that reduces your risk, and we make sure every CVE is properly fixed.
For more on specific Akka security features visit our Security page.
Vulnerabilities and bugs are only fixed and patched in BSL-licensed versions of Akka. The current licensed version of Akka has the following vulnerabilities patched:
Lightbend is a SOC 2 compliant organization beginning with Akka v23.05 released April 25, 2023.
NOTE: Licensing Akka ensures organizations that the version of Akka they are running in production will have all of the latest known vulnerabilities patched and maintain compliance with the standards as listed below.
All earlier or open source versions prior to Akka v23.05 are NOT compliant. Visit Pricing for information on Akka development and production license packages.
Relevant sections from the standards for running Akka in production:
Vendor Management Process, Vendor Compliance Review
Patch Management
Vulnerability Scanning and Remediation
Software Development Lifecycle
Lightbend has committed to patch Severity 1 / Critical vulnerabilities only in the final open source version of Akka (v2.6) until September 2023.
All other vulnerabilities and bugs are only fixed and patched in licensed versions of Akka. The current licensed version of Akka has the following vulnerabilities patched:
NOTE: Maintaining compliance with SOC 2 standards requires licensing and updating production systems to the latest version of Akka.
Visit Pricing for information on Akka development and production license packages.