Titanium JIRA Archive
Appcelerator Modules (MOD)

[MOD-2341] Android: Update the Crittercism module to latest

GitHub Issuen/a
TypeBug
PriorityCritical
StatusClosed
ResolutionFixed
Resolution Date2017-07-25T18:26:55.000+0000
Affected Version/sn/a
Fix Version/sappcelerator.apm 2.1.0
ComponentsAPM
LabelsRelease-6.1.2
Reporter Ricardo Ramirez
AssigneeGary Mathews
Created2017-06-06T19:08:02.000+0000
Updated2017-08-01T16:06:47.000+0000

Description

Issue Description

We performed a security scan in one of our Android with Cigital. One of the founding was about Crittercism (included in the APM module) using a vulnerable version on Nginx and they suggested to remove it from the app: >Disable all connectivity to Crittercism / Apteligent. They are using an known vulnerable version of Nginx. http://www.appcelerator.com/press-releases/crittercism-partnership-integrate-mobile-app-development-and-performance-platform/ Before doing that, we would like to use the latest version available from Crittercism in case it already has been solved by them. (https://docs.apteligent.com/downloads/downloads.html) iOS: v5.6.8 Android: v5.8.1 how can I make sure of that? If we are not using that version, can we change this ticket to a feature request with engineering to update it?

Attachments

FileDateSize
apm2.1_tibuild_log (1).txt2017-06-28T17:06:51.000+0000439462
critterlog.rtf2017-07-27T06:25:00.000+000061873

Comments

  1. Ingo Muschenetz 2017-06-20

    What is the vulnerable version of Nginx, what is the security ID of the vulnerability, and what is the version that fixes it?
  2. Ajith Rohini 2017-06-20

    [~rramirez], Can you please check with the client and find the answers for Ingo's questions ?
  3. Ricardo Ramirez 2017-06-20

    I have asked the customer. I will let you know soon
  4. Ricardo Ramirez 2017-06-21

    The versions affected are: Titanium SDK: v5.5.1.GA com.appcelerator.apm: v1.5 crittercism-android: v5.3.3 The version of Ngnix is not specified, but it's the same included within that version of the crittercism module, which hasn't been updated in apm v2.
  5. Hans Knöchel 2017-06-23

    *PR*: https://github.com/appcelerator-modules/appcelerator.apm/pull/27 *New Release (2.1.0)*: https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0
  6. Ricardo Ramirez 2017-06-26

    Hi ! Do you know how much this review is going to take ?
  7. Ricardo Ramirez 2017-06-26

    can you please share the module ?
  8. Ricardo Ramirez 2017-06-28

    [~hknoechel] the plugin is not working well, there is a problem with dexer. Please see the attached log
  9. Ricardo Ramirez 2017-07-07

    Any updates here guys ?
  10. Eric Merriman 2017-07-14

    Hello, this is currently in test and will be released when complete.
  11. Gary Mathews 2017-07-25

    appcelerator.apm: https://github.com/appcelerator-modules/appcelerator.apm/pull/28
  12. Abir Mukherjee 2017-07-27

    Current test results with this environment: Node Version: 6.10.3 NPM Version: 3.10.10 Mac OS: 10.12.4 Appc CLI: 6.2.2 Appc CLI NPM: 4.2.9 Titanium SDK version: 6.1.2.v20170726152015 Appcelerator Studio, build: 4.9.0.201705302345 apm module version 2.1.0 (pre-release) Android Device 7.1.2 [~gmathews] I tested with the above environment, and found compile-time errors. I attached the log to this ticket as "critterlog.txt". I used the example project in the apm modules folder. When I switched to the released version apm 2.0.0, there were no errors, and the app launched without issues. Can you please take a look?
  13. Gary Mathews 2017-07-27

    [~amukherjee] I don't follow; there is only one [2.1.0](https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0). I can't reproduce the compile errors you are seeing either?
  14. Abir Mukherjee 2017-07-27

    [~gmathews] yes you're right, that was a typo. I tried it with 2.0.0 and it worked fine; it did not work with 2.1.0.
  15. Abir Mukherjee 2017-08-01

    I verified that the new apm module (2.1.0) does work as expected with the environment noted in my previous comment. The issue I reported earlier was due to an unrelated setup issue.

JSON Source