SumUp SDK uses unsafe dependency/library

sumup / sumup-android-sdk

Sample App for the SumUp Android SDK

Other

101 stars 29 forks source link

SumUp SDK uses unsafe dependency/library #80

Closed Brianvdb closed 4 years ago

Brianvdb commented 5 years ago

We have published an app in the Play Store and now the Play Developer console is showing the following warning: warning As you can see, this vulnerability happens in the org.puredata.core.utils.IoUtils.extractZipResource method.

I checked the app dependencies with the command: ./gradlew app:dependencies

This shows that the SumUp SDK uses the puredata library which causes this warning. dependencies

Can this be fixed?

JullianSU commented 5 years ago

Hi Brianvdb,

Thank you for raising this alert. We are aware of the situation and already working on a fix for the next release of the SDK. This should happen in the next 4 weeks.

Many thanks,

JullianSU commented 4 years ago

Hi Brianvdb,

Sorry for the late reply, we have solved the issue in SDK 3.2.0 to align with the new 64 bits requirement for the PlayStore.

Many thanks,