Closed rex-iotum closed 3 years ago
Sorry about the delayed response, I have not been keeping up with this repo lately so I appreciate you bringing up this issue especially since it present a security risk. I will hopefully have the repo updated very soon, I will be working on it later today when I have time so you hopefully won't have to wait long.
If you need a quick fix, I would update the build.gradle file in the plugin directory and change com.google.android.play:core:1.7.1
to com.google.android.play:core:1.7.2
. This should fix the security risk, and the version update is small enough that it should not impact the functionality of the plugin or your cordova app and will allow you to submit you app to Google Play.
If this does not fix the issue or you run into any other problems please let me know. I will post as soon as I have the plugin updated and ready so you don't have to manually change the build.gradle file in the future! :)
Hi rex, I am closing this issue because version 1.0.2 has been published so please update the plugin and you should no longer receive the security vulnerability warning when uploading to the google play store. Thank you again for your detailed description of the issue making it easier to fix. Please open this issue back up if your problem is not fixed otherwise, happy coding!
Your Environment
cordova -v
): 10.0.0cordova platform ls
): Android 9.0.0Expected Behavior
Google Play Store not finding a security vulnerability in the SDK
Actual Behavior
Google Play Store finding a security vulnerability in the SDK because of
com.google.android.play:core:1.7.1
defined in thebuild.gradle
file.Steps to Reproduce
Context
Create and upload Android app with this plugin to the Google Play Store