Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question]: Dependant on an insecure version of Google Play services basement 17.6.0 #962

Closed
1 task done
AndyStewart opened this issue Jan 19, 2024 · 2 comments
Closed
1 task done

[question]: Dependant on an insecure version of Google Play services basement 17.6.0 #962

AndyStewart opened this issue Jan 19, 2024 · 2 comments
Labels
Android

Comments

@AndyStewart
Copy link

AndyStewart commented Jan 19, 2024
edited by github-actions bot
Loading

How can we help?

Hi

We've been happily using your services for many years now in the last couple of weeks our security scanners have detected that this plugin is dependent on an insecure version of play-services-basement(17.6.0).

https://nvd.nist.gov/vuln/detail/CVE-2022-2390

This issue is resolved as of play-services-basement 18.0.2 with the latest version being 18.3.0, are there any plans to update this library to be dependent on a more recent version?

Many thanks

Andy

Code of Conduct

  • I agree to follow this project's Code of Conduct
@jkasten2
Copy link
Member

jkasten2 commented Feb 2, 2024

@AndyStewart Thanks for pointing this out! We will update the play-services-basement as you noted to address this issue.

@jkasten2
Copy link
Member

@AndyStewart This has been addressed in the following update:
https://github.com/OneSignal/OneSignal-Cordova-SDK/releases/tag/5.0.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Android
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndyStewart @jkasten2