search

OneSignal / OneSignal-Cordova-SDK

OneSignal is a free push notification service for mobile apps. This plugin makes it easy to integrate your Ionic, PhoneGap CLI, PhoneGap Build, Cordova, or Sencha Touch app with OneSignal. Supports Android, iOS, and Amazon's Fire OS platforms. https://onesignal.com
Other
251 stars 199 forks source link

[question]: Dependant on an insecure version of Google Play services basement 17.6.0 #962

Closed AndyStewart closed 9 months ago

AndyStewart commented 10 months ago

How can we help?

Hi

We've been happily using your services for many years now in the last couple of weeks our security scanners have detected that this plugin is dependent on an insecure version of play-services-basement(17.6.0).

https://nvd.nist.gov/vuln/detail/CVE-2022-2390

This issue is resolved as of play-services-basement 18.0.2 with the latest version being 18.3.0, are there any plans to update this library to be dependent on a more recent version?

Many thanks

Andy

Code of Conduct

jkasten2 commented 9 months ago

@AndyStewart Thanks for pointing this out! We will update the play-services-basement as you noted to address this issue.

jkasten2 commented 9 months ago

@AndyStewart This has been addressed in the following update: https://github.com/OneSignal/OneSignal-Cordova-SDK/releases/tag/5.0.6