search

lgallard / qBittorrent-Controller

qBittorrent Controller - An Android app for controlling qBittorrent servers
MIT License
286 stars 58 forks source link

insecure gradlew #167

Closed IzzySoft closed 4 years ago

IzzySoft commented 6 years ago

In case this app is still under active development (despite having seen no commit for about a year): F-Droid's lint just complained about an "insecure gradlew":

Found plain HTTP URL for gradle repository:
build/com.lgallardo.qbittorrentclientpro/app/build.gradle
repositories {
    mavenCentral()
    maven {
        url "http://dl.bintray.com/lukaville/maven"
    }
gradle build uses plain HTTP URLs for repositories!  This is insecure!
https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

Bintray can "speak HTTPS", so the fix should be as simple as replacing http:// by https://. Thanks!

IzzySoft commented 5 years ago

@lgallard just wondering: is this project still maintained?

lgallard commented 4 years ago

@IzzySoft it is. I'm working on a release to support qBittorrent 4.2.0+. I would include a fix for this in this release.

IzzySoft commented 4 years ago

@lgallard Great, thanks for your answer! Then we'll look forward to the next tag (which hopefully triggers the next F-Droid release fine).