"[email protected]" <[email protected]> writes:
> Hi Crosswalk owners: > > Our android app built using Crosswalk v15.44.384.12 has received a > security vulnerability from Google play store regarding the > implemented version of OpenSSL. > > > Please migrate your app(s) to OpenSSL 1.02f/1.01r or higher as soon as > possible and increment the version number of the upgraded APK. > Beginning July 11, 2016, Google Play will block publishing of any new > apps or updates that use older versions of OpenSSL. > > May I know do you have a exact schedule for solving this > vulnerability? Hi, Just like Chromium itself, Crosswalk has not used OpenSSL, but rather Google's BoringSSL, for a while now (specifically, since Chromium M38 and Crosswalk 9.38.*). Google's message looks quite laconic, so it is not clear what kind of scanning they performed to determine that your app had an outdated OpenSSL version. It might be interesting for you to inquire them about it. With that said, Crosswalk 15 is 2 major releases behind our current stable version (Crosswalk 17, based on Chromium 46), so it is possible that the BoringSSL version it uses contains some vulnerability present in older OpenSSL releases that triggered Google's filter. _______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
