Closed iRaam closed 12 months ago
ALexanderLonsky
commented
1 year ago Hey @iRaam,
Hi, thanks for flagging this.
While we can update to version 3.0.0, it appears that it introduces some bugs.
I'm not entirely sure about the specific vulnerability you mentioned, but it seems that we need to stick with com.facebook.fresco:nativeimagetranscoder:2.6.0 to avoid potential crashes in 3.0.0.
Here you can find more context:
https://github.com/facebook/fresco/issues/2714
huyptmaxmobile
commented
1 year ago Dear Developer, Your app(s) uses an old version of SoLoader that needs to be updated to the latest stable release, v0.10.4. • com.xxxx.xxxx Based on reports from internal testing and OEM partners, we identified your app(s) as affected by the following SoLoader bug (which incorrectly assumes that system libraries are present in /vendor/lib:/system/lib, directories which are not available on 64bit-only systems). You can reproduce the issue by using the Android 12 Emulator in Android Studio and installing the 64-bit part of the APK by ADB Command “adb install --abi arm64-v8a YOUR_APK_FILE.apk”. You may visit developer.android.com/google/play/requirements/64-bit#test-64-bit-hardware for more info on testing 64-bit compatibility. The latest version of SoLoader, v0.10.4, fixes the following issues which cause app crashes
ALexanderLonsky
commented
1 year ago Hey I have uploaded a staging version. You can give it a try.
implementation "com.giphy.sdk:ui:2.3.7-fresco3"
As it's a staging version, it requires to add:
allprojects {
repositories {
maven("https://oss.sonatype.org/content/repositories/staging")
mavenCentral()
}
}Please let me know if that works for you.
iRaam
commented
1 year ago @ALexanderLonsky Thank you for your quick response. I tried the above staging version, works fine.
ALexanderLonsky
commented
12 months ago @iRaam thank you for the update, but I need to reopen the issue.
Upon further testing, I discovered a crash when previewing certain GIFs:
java.lang.UnsatisfiedLinkError: dlopen failed: library “libnative-imagetranscoder.so” not found
This is the same issue I mentioned earlier: https://github.com/facebook/fresco/issues/2714#issuecomment-1518925371
The only solution I have found so far is to stick with nativeimagetranscoder:2.6.0
Here is the dependency tree in this case:
+--- com.facebook.fresco:fresco:3.0.0@aar
+--- com.facebook.fresco:animated-gif:3.0.0@aar
+--- com.facebook.fresco:animated-webp:3.0.0@aar
+--- com.facebook.fresco:animated-base:3.0.0@aar
+--- com.facebook.fresco:animated-drawable:3.0.0@aar
+--- com.facebook.fresco:imagepipeline-okhttp3:3.0.0@aar
+--- com.facebook.fresco:vito-options:3.0.0@aar
+--- com.facebook.fresco:drawee:3.0.0@aar
+--- com.facebook.fresco:nativeimagefilters:3.0.0@aar
+--- com.facebook.fresco:memory-type-native:3.0.0@aar
+--- com.facebook.fresco:memory-type-java:3.0.0@aar
+--- com.facebook.fresco:imagepipeline-native:3.0.0@aar
+--- com.facebook.fresco:memory-type-ashmem:3.0.0@aar
+--- com.facebook.fresco:imagepipeline:3.0.0@aar
+--- com.facebook.fresco:webpsupport:3.0.0@aar
+--- com.facebook.fresco:nativeimagetranscoder:2.6.0@aar
+--- com.facebook.fresco:imagepipeline-base:3.0.0@aar
+--- com.facebook.fresco:middleware:3.0.0@aarI hope this still resolves the initial security vulnerability issue, and the nativeimagetranscoder should not have any impact on it.
Just in case, I have prepared another staging version for you to test:
implementation "com.giphy.sdk:ui:2.3.7-fresco3-transcoder"
Please let me know if this version works for you. Once confirmed, I can proceed with an official release.
iRaam
commented
12 months ago @ALexanderLonsky I used the new staging version and did some basic testing, seems fine so far. Thanks.
ALexanderLonsky
commented
12 months ago The official version has been released.
The current used fresco dependency have some security vulnerability. We have to update the fresco library to v3.0.0.
Can it be done ? Does it require more changes ?