Hi,
i have an app in the play store based on Crosswalk Cordova 9 (Android,
ARM).
Yesterday i received the following warning form the store:
##
Your app is statically linking against a version of OpenSSL that has
multiple security vulnerabilities. You should update OpenSSL as soon as
possible.
The vulnerabilities were addressed in OpenSSL versions beginning with
1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do
a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For
more information about the vulnerability, please consult
http://www.openssl.org/news/secadv_20140605.txt.
To confirm that you've upgraded correctly, upload the updated version to
the Developer Console and check back after five hours.
Please note, while it's unclear whether these specific issues affect
your application, applications with vulnerabilities that expose users to
risk of compromise may be considered "dangerous products" and subject to
removal from Google Play.
##
Im having difficulties to figure out which piece of the stack is using a
statically linked version OpenSSL.
Could this warning actually be related to Crosswalk Cordova?
Thanks,
Florian
--
Sailer Interactive | Florian Sailer
_______________________________________________
Crosswalk-help mailing list
[email protected]
https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
