devkit statically linked to vulnerable version of OpenSSL

play-co / devkit

HTML 5 game platform for browser and mobile

http://docs.gameclosure.com

624 stars 126 forks source link

devkit statically linked to vulnerable version of OpenSSL #228

Open jestillore opened 9 years ago

jestillore commented 9 years ago

unzip -p game.apk | strings | grep "OpenSSL" show OpenSSL 1.0.0e 6 Sep 2011 which is in an outdated version of OpenSSL and marked by Google as vulnerable. Google Play Support suggested to update OpenSSL version to 1.0.0m or newer within 60 days. How can I update my OpenSSL version?

jishnu7 commented 9 years ago

I think it is fixed in devkit2. Are you using latest version of devkit?

collingreen commented 9 years ago

@jestillore - any feedback about devkit version?