Closed nfmobile closed 3 years ago
Hallo @nfmobile if it is not urgent for you, I do a new release in next days
Hi @WuglyakBolgoink, if you have a new release in coming days, we will wait for it, thank you for your support.
@nfmobile OK!
@nfmobile please check new release
Dear @WuglyakBolgoink
We have followed up the issue with rootbeer owners where they have identified the root cause of security vulnerability which was related to stale *.so files which are now completely removed from rootbeer plugin. Please to check the below related links : https://github.com/scottyab/rootbeer/issues/170 https://github.com/scottyab/rootbeer/pull/171 https://github.com/scottyab/rootbeer/releases/tag/0.1.0
Now in order to use the latest version 0.1.0 of rootbeer plugin we need to update the file : https://github.com/WuglyakBolgoink/cordova-plugin-iroot/blob/master/src/android/build-extras.gradle to be like the following : dependencies { implementation 'com.github.scottyab:rootbeer:0.1.0'}
and also we need to create a new release 3.0.1 of cordova-plugin-iroot to reflect this change, so that we can verify from our end if the security issue now resolved.
Please could we apply this change ? Thanks again for your support
@nfmobile you was quickly as me ;-)
release@propgress
@nfmobile done! please check a new release v3.1.0
. feel free to create another issues if necessary!
@WuglyakBolgoink yes it's working now , thanks so much, 👍
Dear Support Team,
When scanning the APK that uses the cordova-plugin-iroot which has a dependency to rootbeer plugin a security warning appears related to fstack protector (fstack canary) caused by the libtool-checker.so used by rootbeer and included inside lib folder inside the apk. to resolve this issue please we need to create a new release / version of this plugin in order to update the file : https://github.com/WuglyakBolgoink/cordova-plugin-iroot/blob/master/src/android/build-extras.gradle
to be like the following
dependencies { implementation 'com.github.scottyab:rootbeer:0.0.9'}that will use the new so files ( libtool-checker.so ) genearted lately by rootbeer : https://github.com/scottyab/rootbeer/releases/tag/0.0.9
This way the below security warning reported by MOBSF scanning tool will be resolved : This shared object does not have a stack canary value added to the stack. Stack canaries are used to detect and prevent exploits from overwriting return address. Use the option -fstack-protector-all to enable stack canaries.
Thank you