Introducing Akka Cloud to Edge Continuum. Build once for the Cloud. Seamlessly deploy to the Edge - Read Blog
Support
Akka Overview Pricing Services Compliance License FAQ Developers Resources
Overview Deep Dive Developer Pricing Resources
Case Studies
Partners
Blog All Other Resources The Lightbend Monthly Newsletter Why Reactive Microservices
About Us Blog Media & Press Careers Customers Why Reactive Microservices
Contact Us

Compliance

Lightbend is a SOC 2 compliant organization beginning with the newest version of Akka v23.05 released April 25, 2023.

NOTE: Licensing Akka ensures organizations that the version of Akka they are running in production will have all of the latest known vulnerabilities patched and maintain compliance with the standards as listed below.

All earlier or open source versions prior to Akka v23.05 are NOT compliant. Visit Pricing for information on Akka development and production license packages.

SOC 2 standards

Relevant sections from the standards for running Akka in production:

SOC 2

Vendor Management Process, Vendor Compliance Review

  • CC1.4, CC3.2, CC3.4, CC9.2
  • Vendor's compliance must be verified annually

Patch Management

  • CC7.5

Vulnerability Scanning and Remediation

  • CC4.1, CC7.1, CC7.4

Software Development Lifecycle

  • CC8.1
  • Refers to OWASP standards and dependency check

Users of Akka Open Source

Lightbend has committed to patch Severity 1 / Critical vulnerabilities only in the final open source version of Akka (v2.6) until September 2023.

All other vulnerabilities and bugs are only fixed and patched in licensed versions of Akka. The current licensed version of Akka (23.10) has the following vulnerabilities patched:

  • CVE-2017-15713
  • CVE-2019-16869
  • CVE-2019-20444
  • CVE-2019-20445
  • CVE-2020-13957
  • CVE-2020-36518
  • CVE-2020-9492
  • CVE-2021-22569
  • CVE-2021-37136
  • CVE-2021-37137
  • CVE-2021-37404
  • CVE-2022-22950
  • CVE-2022-22968
  • CVE-2022-22970
  • CVE-2022-22971
  • CVE-2022-25168
  • CVE-2022-26612
  • CVE-2022-3171
  • CVE-2022-3509
  • CVE-2022-3510
  • CVE-2022-36944
  • CVE-2022-41915
  • CVE 2022-42003
  • CVE-2022-42004
  • CVE-2022-42003
  • CVE-2023-20883
  • CVE-2023-2976
  • CVE-2023-29471
  • CVE-2023-31442
  • CVE-2023-33251
  • CVE-2023-34455
  • CVE-2023-44487
  • CVE-2023-4586
  • CVE-2023-45865

NOTE: Maintaining compliance with SOC 2 standards requires licensing and updating production systems to the latest version of Akka.

Visit Pricing for information on Akka development and production license packages.

Talk to an Expert

Tell us what you’re building, and we’ll
tell you how we can help.

Contact Us