IMPORTANT NOTICE: Upgrade collectors to fix CVE-2021-42697 in akka-http

As an outcome Snowplows recent penetration test, a CVE was identified in a popular Scala library (akka-http).

CVE-2021-42697: Stack overflow while parsing User-Agent header with deeply nested comments is a potential Denial of Service attack vector for collectors.

It is recommended all deployments upgrade to at least v2.4.3 of the Snowplow Collector.

We have upgraded akka-http to a fixed version (10.2.7) to resolve this CVE.


2.4.3 images can be pulled from Docker Hub.

For the full list of changes and jar files, see the release notes on Github.