1.4.46 November 15th 2022
Akka.NET v1.4.46 is a security patch for Akka.NET v1.4.45 but also includes some other fixes.
Security Advisory: Akka.NET v1.4.45 and earlier depend on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability GHSA-ghhp-997w-qr28.
We have separately created a security advisory for Akka.NET Versions < 1.4.46 and < 1.5.0-alpha3 to track this issue.
Fixes and Updates
- Akka: Upgrade to Newtonsoft.Json 13.0.1 as minimum version
- Akka: Upgrade to System.Configuration.ConfigurationManager 6.0.1 - resolves security issue.
- Akka.IO: Report cause for Akka/IO TCP
CommandFailedevents - Akka.Cluster.Tools: Make sure that
DeadLetters published byDistributedPubSubMediatorcontain full context of topic - Akka.Cluster.Metrics: Improve CPU/Memory metrics collection at Akka.Cluster.Metrics - built-in metrics are now much more accurate.
You can see the full set of tracked issues for Akka.NET v1.4.46 here.
Changes:
- 44d3808 added v1.4.46 release notes (#6255)
- 2b85598 Upgrade to Newtonsoft.Json 13.0.1 as minimum version (#6230) (#6252)
- d6ba97a (cherry-picked from 94756d6) (#6253)
- e94913c Make transport adapter messages public (#6250)
- eeb156c [BACKPORT #6221] Report cause for Akka/IO TCP CommandFailed events (#6224) [ #22954 ]
- dca908b Improve Akka.Cluster.Metrics collected values (#6203)
- 61df6fc Separate wire protocol from internal models (#6206)
- 9f84438 Make sure that
DeadLetters published byDistributedPubSubMediatorcontain full context of topic (#6209)
This list of changes was auto generated.