search

getsentry / sentry-android-gradle-plugin

Gradle plugin for Sentry Android. Upload proguard, debug files, and more.
https://docs.sentry.io/platforms/android/gradle/
MIT License
143 stars 33 forks source link

Update TestNG Version to avoid Security Vulnerabilities #663

Closed inktomi closed 8 months ago

inktomi commented 8 months ago

Gradle Version

8.6

AGP Version

8.2.2

Code Minifier/Optimizer

R8

Version

4.3.0

Sentry SDK Version

7.4.0

Steps to Reproduce

Include the gradle plugin, then run your build in an environment that blocks libaries with known CVE issues.

Expected Result

Build succeeds because no versions of libraries contain known CVEs.

Actual Result

CVE-2022-4065 is found because of TestNG 7.5

romtsn commented 8 months ago

hi @inktomi this was a regression that added unwanted dependencies to the build classpath, which got fixed in https://github.com/getsentry/sentry-android-gradle-plugin/pull/660. We're going to release a new version of the gradle plugin tomorrow CET time with this fixed included. I'll keep you posted, but gonna close this issue as it's been already addressed. Thank you for the report!

romtsn commented 8 months ago

@inktomi version 4.3.1 is out, please give it a try and let us know if that works, thanks! https://github.com/getsentry/sentry-android-gradle-plugin/releases/tag/4.3.1

inktomi commented 8 months ago

I was out, but I'll try it today and report back!

romtsn commented 8 months ago

apparently this didn't fix it, I'll take another look soon, see https://github.com/getsentry/sentry-android-gradle-plugin/issues/656#issuecomment-1977519631