Hi Florian, Thank you for using Crosswalk based Cordova!
Please watch the issue in https://crosswalk-project.org/jira/browse/XWALK-3217 directly to get the latest status. Other relevant bug: https://crosswalk-project.org/jira/browse/XWALK-3224 BR Belem -----Original Message----- From: Crosswalk-help [mailto:[email protected]] On Behalf Of Florian Sailer Sent: Thursday, December 18, 2014 9:10 PM To: [email protected] Subject: [Crosswalk-help] OpenSSL Vulnerabilities Hi, i have an app in the play store based on Crosswalk Cordova 9 (Android, ARM). Yesterday i received the following warning form the store: ## Your app is statically linking against a version of OpenSSL that has multiple security vulnerabilities. You should update OpenSSL as soon as possible. The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt. To confirm that you've upgraded correctly, upload the updated version to the Developer Console and check back after five hours. Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered "dangerous products" and subject to removal from Google Play. ## Im having difficulties to figure out which piece of the stack is using a statically linked version OpenSSL. Could this warning actually be related to Crosswalk Cordova? Thanks, Florian -- Sailer Interactive | Florian Sailer _______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help _______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
