You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by ch...@apache.org on 2022/09/09 22:13:23 UTC

[flink-web] 01/02: Update Akka licensing blogpost

This is an automated email from the ASF dual-hosted git repository.

chesnay pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/flink-web.git

commit 1201d698cb72276f5a4c56ff8152818e0595ec65
Author: Chesnay Schepler <ch...@apache.org>
AuthorDate: Sat Sep 10 00:13:07 2022 +0200

    Update Akka licensing blogpost
---
 _posts/2022-09-08-akka-license-change.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/_posts/2022-09-08-akka-license-change.md b/_posts/2022-09-08-akka-license-change.md
index 1ea6ba76b..7d54cd27c 100644
--- a/_posts/2022-09-08-akka-license-change.md
+++ b/_posts/2022-09-08-akka-license-change.md
@@ -40,12 +40,17 @@ Should a community fork be created (which at this time seems possible) we will s
 
 ## What if a new security vulnerabilities is found in Akka 2.6?
 
-That is the big unknown.
+~~That is the big unknown.~~
 
-Even though we will be able to upgrade to 2.6.20 (the (apparently) last planned release for Akka 2.6) in Flink 1.17, the unfortunate reality is that [2.6 will no longer be supported](https://github.com/akka/akka/pull/31561#issuecomment-1239217602) from that point onwards.  
-Should a CVE be discovered after that it is unlikely to be fixed in Akka 2.6.
+~~Even though we will be able to upgrade to 2.6.20 (the (apparently) last planned release for Akka 2.6) in Flink 1.17, the unfortunate reality is that [2.6 will no longer be supported](https://github.com/akka/akka/pull/31561#issuecomment-1239217602) from that point onwards.  
+Should a CVE be discovered after that it is unlikely to be fixed in Akka 2.6.~~
 
-We cannot provide a definitive answer as to how that case would be handled, as it depends on what the CVE is and/or whether a community fork already exists at the time.  
+~~We cannot provide a definitive answer as to how that case would be handled, as it depends on what the CVE is and/or whether a community fork already exists at the time.~~  
+
+**Update - September 9th**: Akka 2.6 will continue to receive critical security updates and critical bug fixes under the current Apache 2 license until [September of 2023](https://www.lightbend.com/akka/license-faq).
+
+> **Will critical vulnerabilities and bugs be patched in 2.6.x?**  
+> Yes, critical security updates and critical bugs will be patched in Akka v2.6.x under the current Apache 2 license until September of 2023.
 
 # How does Flink use Akka?