[QUESTION] Security Vulnerabilities detected by Binary Analysis Scan (Black Duck Binary Analysis) #2009
Assignees
Labels
Comments
|
Freetype should no longer have the vulnerability because it was bumped a long time ago in this commit: mono/skia@5416016 The SkiaSharp package was first published a while back in v2.88.0-preview.61 |
|
libjpeg-turbo is also past this fix and is on 2.0.5. Also, the fix is first in v2.88.0-preview.61 |
|
libwebp is also far beyond the version that has the issues. It was on 1.1.0 but I am just updating to 1.2.3 just in case. |
|
I have updated all the listed externals that needed updated and so I am closing this. As soon as the build is complete, it will be on the preview feed as version: 2.88.1-preview.96 After some testing by folks, I will push this out to nuget and start work on finalizing a stable release. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
We have a Xamarin Forms v5.0.0.2337 project. We ran a binary analysis scan on the project by using the Black Duck Binary Analysis tool and it reports back security vulnerabilities from the libraries that SkiaSharp uses. We wanted to report these to you and also ask for a roadmap to update these libraries.
Below you can find the specific versions detected by the binary analysis scan and also the vulnerabilities that are detected for each library with their NATIONAL VULNERABILITY DATABASE URL.
Vulnerability URLs
Kind regards.
The text was updated successfully, but these errors were encountered: