search

WindSekirun / RxSocialLogin

An Android Library that provides social login for 15 platforms within by RxJava2, Kotlin and Firebase Authentication.
Apache License 2.0
125 stars 19 forks source link

Notification from Google Play #59

Closed feivur closed 4 years ago

feivur commented 4 years ago

I received notification from Google Play:

Your application uses a WebView component that is vulnerable to cross-scripting. Detailed information can be found in this article. Vulnerable classes: com.kakao.auth.authorization.authcode.KakaoWebViewActivity-> initUi Fix the problem before: 03/18/2020

gradlew client-v3:dependencies shows that this class from RxSocialLogin library:

+--- com.github.WindSekirun:RxSocialLogin:1.2.5.3-androidx
|    ...
|    +--- com.kakao.sdk:usermgmt:1.14.0
|    |    \--- com.kakao.sdk:auth:1.14.0
|    |         +--- com.kakao.sdk:network:1.14.0
|    |         |    \--- com.kakao.sdk:util:1.14.0
|    |         \--- androidx.fragment:fragment:1.0.0 -> 1.1.0 (*)
|    ...
WindSekirun commented 4 years ago

It seems to be they (kakao corp) fix that problem in 1.15.1 (refer https://github.com/JeffGuKang/react-native-kakao-login/issues/6). I'll launch 1.2.5.4-androidx.

WindSekirun commented 4 years ago

Released.

com.github.WindSekirun:RxSocialLogin:1.2.5.4
com.github.WindSekirun:RxSocialLogin:1.2.5.4-androidx