Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Will Solar2D consider eliminate vulnerabilities by upgrade some third-party libraries? #534

Closed
clang-clang-clang opened this issue Mar 15, 2023 · 3 comments
Closed

Will Solar2D consider eliminate vulnerabilities by upgrade some third-party libraries? #534

clang-clang-clang opened this issue Mar 15, 2023 · 3 comments

Comments

@clang-clang-clang
Copy link
Contributor

A list of vulnerabilities can be obtained by scanning the lib/*/*.so file in the Android apk compiled from project cve-demo.tar.gz by Solar2D version 3686 with intel/cve-bin-tool. The contained vulnerabilities are summarized as follows:

Severity Count
CRITICAL 6
HIGH 22
MEDIUM 29
LOW 3
UNKNOWN 0

Because security can only be done with effort, not foolproof, eliminating vulnerabilities may not be effective. So if related PR is welcome, we can do some upgrade on Android or all supported platforms.
@Shchvova
Copy link
Contributor

Relative PRs are absolutely welcome.

@clang-clang-clang
Copy link
Contributor Author

Ok, I'm going to keep this issue for the associated PR.

This was referenced Mar 24, 2023
Open
Merged
@clang-clang-clang clang-clang-clang mentioned this issue Apr 3, 2023
Closed
@clang-clang-clang clang-clang-clang mentioned this issue May 23, 2023
Open
@clang-clang-clang
Copy link
Contributor Author

After the above changes rescan CVE vulnerability:

Severity Count
CRITICAL 0
HIGH 4
MEDIUM 9 (3 are unrelated)
LOW 0
UNKNOWN 0

Issue closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Shchvova @clang-clang-clang