glide icon indicating copy to clipboard operation
glide copied to clipboard

Published 20 hours ago verified publisher icon bumptech

printStackTrace() from GlideException class having security issue in application

Open AshikGeidea opened this issue 1 year ago • 2 comments
trafficstars

Glide Version: 4.9.0

Integration libraries: No

Device/Android Version: Galexy S22+

Issue details / Repro steps / Use case background:

printStackTrace() from GlideException class having security issue in application. This needs to be removed from release build. image

Glide load line / GlideModule (if any) / list Adapter code (if any):

implementation 'com.github.bumptech.glide:glide:4.9.0'
annotationProcessor 'com.github.bumptech.glide:compiler:4.9.0'


Glide.with(context)
                .load(model.getImage()")
                .into(view);

Layout XML:

<FrameLayout xmlns:android="...

Stack trace / LogCat:

paste stack trace and/or log here

proguard rules :

-keep public class * implements com.bumptech.glide.module.GlideModule -keep public class * extends com.bumptech.glide.AppGlideModule -keep public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** { **[] $VALUES; public *; }

-assumenosideeffects class android.util.Log { public static int v(...); public static int d(...); public static int i(...); public static int w(...); public static int e(...); }

AshikGeidea avatar Jan 25 '24 13:01 AshikGeidea

@sjudd @falhassen we are facing a security issue of using PrintStackTrace() method in Glide Library. Could you please fix this issue in Glide Library and push another version?

KarthikGeidea avatar Feb 01 '24 07:02 KarthikGeidea

I'm sorry, I'm just a contributor, not an owner, so I can't push a new version. You are free to create your own pull request with your changes for the owners to review.

On Wed, Jan 31, 2024, 11:10 PM KarthikGeidea @.***> wrote:

@falhassen https://github.com/falhassen we are facing a security issue of using PrintStackTrace() method in Glide Library. Could you please fix this issue in Glide Library and push another version?

— Reply to this email directly, view it on GitHub https://github.com/bumptech/glide/issues/5358#issuecomment-1920646226, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSZ4GFPEFMBEK722CSGZHDYRM5WDAVCNFSM6AAAAABCKSBBF6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRQGY2DMMRSGY . You are receiving this because you were mentioned.Message ID: @.***>

falhassen avatar Feb 01 '24 14:02 falhassen