fix(security): disable akka dns (#14858)

david-leifker · david-leifker · commit 7a9ef147dd5f · 2025-10-01T18:32:24.000-05:00
diff --git a/datahub-frontend/conf/application.conf b/datahub-frontend/conf/application.conf
@@ -45,6 +45,9 @@ play.server.akka.max-header-size = ${?DATAHUB_AKKA_MAX_HEADER_VALUE_LENGTH}
 play.server.akka.max-header-value-length = 32k
 play.server.akka.max-header-value-length = ${?DATAHUB_AKKA_MAX_HEADER_VALUE_LENGTH}
 
+# CVE-2023-31442
+akka.io.dns.resolver = "java"
+
 # Update AUTH_COOKIE_SAME_SITE and AUTH_COOKIE_SECURE in order to change how authentication cookies
 # are configured. If you wish cookies to be sent in first and third party contexts, set
 # AUTH_COOKIE_SAME_SITE = "NONE" and AUTH_COOKIE_SECURE = true. If AUTH_COOKIE_SAME_SITE is "NONE",
