RTM icon indicating copy to clipboard operation
RTM copied to clipboard

Published 20 hours ago verified publisher icon AgoraIO

Defective OpenSSL reported by Google

Open marctan opened this issue 2 years ago • 4 comments

In our Android App (Flutter), We've got a report from Google Play about Openssl vulnerability.

Defective OpenSSL version Your app uses a defective version of the OpenSSL library, which can cause your app to crash. Update to a fixed version of OpenSSL.

Defective versions: OpenSSL 1.1.1h

Versions between 1.1.1b and 1.1.1h are affected. Migrate your app to OpenSSL 1.1.1i or higher.

I've traced where this is coming from and found out it is from libagora-rtm-sdk-jni.so . We are using v1.4.10 agora rtm sdk in our app.

I've tried downloading the latest sdk (1.5.1) from https://download.agora.io/rtmsdk/release/Agora_RTM_SDK_for_Android_v1_5_1.zip but it's still using the same defective openssl version as you can see from screenshot below.

Screen Shot 2022-10-11 at 12 12 10 PM

Could you help us update it to OpenSSL 1.1.1i or higher?

Thanks!

marctan avatar Oct 11 '22 08:10 marctan

@marctan we have an emergency fix for this. The official release will be updated within 1~2 weeks. if you are in urgent state updating your app, please consult agora about this issue so that we may see how we can help.

plutoless avatar Oct 12 '22 01:10 plutoless

i have the same problem. what about new release?

eyuss avatar Nov 11 '22 22:11 eyuss

Is the issue fixed?

rahulvyas avatar Nov 30 '23 03:11 rahulvyas

@marctan we have an emergency fix for this. The official release will be updated within 1~2 weeks. if you are in urgent state updating your app, please consult agora about this issue so that we may see how we can help.

Was a fix ever released for this?

rahul-sysquare avatar Feb 16 '24 12:02 rahul-sysquare