Security Vulnerabilities

Receiving security advisories

The best way to receive any and all security announcements is to subscribe to the Play security list.

The mailing list is very low traffic, and receives notifications only after Security reports have been managed by the core team and fixes are publicly available.

Reporting vulnerabilities

We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.

All security bugs in Play should be reported by email to security@playframework.org. This list is delivered to a subset of the core team who handle security issues.

Play 2.4.x

Fixed in Play 2.5.0

Fixed in Play 2.4.8

Play 2.3.x

Fixed in Play 2.3.9

Fixed in Play 2.3.5

Play 2.2.x

Fixed in Play 2.2.6

Play 2.1.x

Fixed in Play 2.1.5

Fixed in Play 2.1.4

Fixed in Play 2.1.3

Play 2.0.x

Fixed in Play 2.0.8

Fixed in Play 2.0.7

Fixed in Play 2.0.6

Play 1.4.x

Fixed in Play 1.4.2

Fixed in Play 1.4.1

Play 1.3.x

Fixed in Play 1.3.4

Fixed in Play 1.3.3

Fixed in Play 1.3.1

Play 1.2.x

Fixed in Play 1.2.7.2