[MOD-2341] Android: Update the Crittercism module to latest
GitHub Issue | n/a |
---|---|
Type | Bug |
Priority | Critical |
Status | Closed |
Resolution | Fixed |
Resolution Date | 2017-07-25T18:26:55.000+0000 |
Affected Version/s | n/a |
Fix Version/s | appcelerator.apm 2.1.0 |
Components | APM |
Labels | Release-6.1.2 |
Reporter | Ricardo Ramirez |
Assignee | Gary Mathews |
Created | 2017-06-06T19:08:02.000+0000 |
Updated | 2017-08-01T16:06:47.000+0000 |
Description
Issue Description
We performed a security scan in one of our Android with Cigital. One of the founding was about Crittercism (included in the APM module) using a vulnerable version on Nginx and they suggested to remove it from the app: >Disable all connectivity to Crittercism / Apteligent. They are using an known vulnerable version of Nginx. http://www.appcelerator.com/press-releases/crittercism-partnership-integrate-mobile-app-development-and-performance-platform/ Before doing that, we would like to use the latest version available from Crittercism in case it already has been solved by them. (https://docs.apteligent.com/downloads/downloads.html) iOS: v5.6.8 Android: v5.8.1 how can I make sure of that? If we are not using that version, can we change this ticket to a feature request with engineering to update it?Attachments
File | Date | Size |
---|---|---|
apm2.1_tibuild_log (1).txt | 2017-06-28T17:06:51.000+0000 | 439462 |
critterlog.rtf | 2017-07-27T06:25:00.000+0000 | 61873 |
What is the vulnerable version of Nginx, what is the security ID of the vulnerability, and what is the version that fixes it?
[~rramirez], Can you please check with the client and find the answers for Ingo's questions ?
I have asked the customer. I will let you know soon
The versions affected are: Titanium SDK: v5.5.1.GA com.appcelerator.apm: v1.5 crittercism-android: v5.3.3 The version of Ngnix is not specified, but it's the same included within that version of the crittercism module, which hasn't been updated in apm v2.
*PR*: https://github.com/appcelerator-modules/appcelerator.apm/pull/27 *New Release (2.1.0)*: https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0
Hi ! Do you know how much this review is going to take ?
can you please share the module ?
[~hknoechel] the plugin is not working well, there is a problem with dexer. Please see the attached log
Any updates here guys ?
Hello, this is currently in test and will be released when complete.
appcelerator.apm: https://github.com/appcelerator-modules/appcelerator.apm/pull/28
Current test results with this environment: Node Version: 6.10.3 NPM Version: 3.10.10 Mac OS: 10.12.4 Appc CLI: 6.2.2 Appc CLI NPM: 4.2.9 Titanium SDK version: 6.1.2.v20170726152015 Appcelerator Studio, build: 4.9.0.201705302345 apm module version 2.1.0 (pre-release) Android Device 7.1.2 [~gmathews] I tested with the above environment, and found compile-time errors. I attached the log to this ticket as "critterlog.txt". I used the example project in the apm modules folder. When I switched to the released version apm 2.0.0, there were no errors, and the app launched without issues. Can you please take a look?
[~amukherjee] I don't follow; there is only one [2.1.0](https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0). I can't reproduce the compile errors you are seeing either?
[~gmathews] yes you're right, that was a typo. I tried it with 2.0.0 and it worked fine; it did not work with 2.1.0.
I verified that the new apm module (2.1.0) does work as expected with the environment noted in my previous comment. The issue I reported earlier was due to an unrelated setup issue.