react-native-pdf
react-native-pdf copied to clipboard
wonday
Throwing security error: Outdated "libpng" Library Contains Known Security Flaw
What react-native version are you using?
0.59.9
What react-native-pdf version are you using?
6.1.2
What platform does your issue occur on? (android/ios/both)
Security report says one issue with current react-native-pdf:
Outdated "libpng" Library Contains Known Security Flaw
The recommended fix is to upgrade libpng to 1.6.32 or greater, I would like to know when will you upgrade the libpng?
We're being hit by this from security audits too. Did anyone find the best way to update this? It's ultimately from a chain of dependencies.
'react-native-pdf' depends on 'AndroidPdfViewer' which depends on 'PdfiumAndroid'.
PdfiumAndroid is the library that uses the old version of libpng but both 'AndroidPdfViewer' and 'PdfiumAndroid' isn't maintained anymore.
I've been tempted to fork those libraries and update the library but I'd prefer a cleaner/future proofed solution.
We're being hit by this from security audits too. Did anyone find the best way to update this? It's ultimately from a chain of dependencies.
'react-native-pdf' depends on 'AndroidPdfViewer' which depends on 'PdfiumAndroid'.
PdfiumAndroid is the library that uses the old version of libpng but both 'AndroidPdfViewer' and 'PdfiumAndroid' isn't maintained anymore.
I've been tempted to fork those libraries and update the library but I'd prefer a cleaner/future proofed solution.
If you ever fork those libraries and add the fix, please post it here, thanks.
Any update on this.I am facing same security concern.Our Security scan have raised this a high priority issue.
I ended up replacing react-native-pdf with a fork of rn-pdf-reader-js in the end. We weren't allowed to keep this vulnerability in.
https://www.npmjs.com/package/@bildau/rn-pdf-reader