Play WebSockets security vulnerability

561 views

Skip to first unread message

James Roper

unread,

Apr 30, 2014, 9:49:21 PM4/30/14

to play-framew...@googlegroups.com

Hi All,

A security vulnerability has been found in a library that Play Framework depends on. The vulnerability opens up a denial of service attack to any Play server that serves WebSockets. We recommend any users using WebSockets in their Play applications upgrade to version 3.7.1 of Netty, by adding the following dependency to your build.sbt or Build.scala file:

"io.netty" % "netty" % "3.7.1.Final"

If you are still on Play 2.1.x, you can upgrade to Netty 3.6.9 to get this fix, by adding the following dependency to your Build.scala file:

"io.netty" % "netty" % "3.6.9.Final"

We have also released Play 2.2.3, which has the upgraded Netty 3.7.1. It can be downloaded from:

https://downloads.typesafe.com/play/2.2.3/play-2.2.3.zip

For more details about this vulnerability, please see here:

http://netty.io/news/2014/04/30/release-day.html

If you require professional support in upgrading or protecting your application from this or other vulnerabilities, please contact sa...@typesafe.com.

Regards,

James

James Roper
Software Engineer

Typesafe – Build reactive apps!
Twitter: @jroper

JOIN US. REGISTER TODAY!

Scala

Days

June 16th-18th,

Berlin

Reply all

Reply to author

Forward

0 new messages