{ "id": "168128", "key": "MOD-2341", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10034", "key": "MOD", "name": "Appcelerator Modules", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "19795", "name": "appcelerator.apm 2.1.0", "archived": false, "released": true } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2017-07-25T18:26:55.000+0000", "created": "2017-06-06T19:08:02.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "Release-6.1.2" ], "versions": [], "issuelinks": [], "assignee": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2017-08-01T16:06:47.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "14561", "name": "APM" } ], "description": "h5. Issue Description \r\n\r\nWe performed a security scan in one of our Android with Cigital.\r\n\r\nOne of the founding was about Crittercism (included in the APM module) using a vulnerable version on Nginx and they suggested to remove it from the app:\r\n\r\n>Disable all connectivity to Crittercism / Apteligent. They are using an known vulnerable version of Nginx. http://www.appcelerator.com/press-releases/crittercism-partnership-integrate-mobile-app-development-and-performance-platform/ \r\n\r\nBefore doing that, we would like to use the latest version available from Crittercism in case it already has been solved by them. \r\n(https://docs.apteligent.com/downloads/downloads.html)\r\n\r\niOS: v5.6.8\r\nAndroid: v5.8.1\r\n\r\nhow can I make sure of that?\r\n\r\nIf we are not using that version, can we change this ticket to a feature request with engineering to update it?\r\n", "attachment": [ { "id": "62748", "filename": "apm2.1_tibuild_log (1).txt", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-28T17:06:51.000+0000", "size": 439462, "mimeType": "text/plain" }, { "id": "62933", "filename": "critterlog.rtf", "author": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-27T06:25:00.000+0000", "size": 61873, "mimeType": "text/rtf" } ], "flagged": false, "summary": "Android: Update the Crittercism module to latest", "creator": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "environment": null, "closedSprints": [ { "id": 925, "state": "closed", "name": "2017 Sprint 15 SDK", "startDate": "2017-07-16T14:40:47.191Z", "endDate": "2017-07-30T14:40:00.000Z", "completeDate": "2017-07-31T16:15:09.335Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "422381", "author": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "body": "What is the vulnerable version of Nginx, what is the security ID of the vulnerability, and what is the version that fixes it?", "updateAuthor": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-20T18:09:15.000+0000", "updated": "2017-06-20T18:09:15.000+0000" }, { "id": "422406", "author": { "name": "arohini", "key": "arohini", "displayName": "Ajith Rohini", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~rramirez], Can you please check with the client and find the answers for Ingo's questions ?", "updateAuthor": { "name": "arohini", "key": "arohini", "displayName": "Ajith Rohini", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-20T21:50:12.000+0000", "updated": "2017-06-20T21:50:12.000+0000" }, { "id": "422407", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I have asked the customer. I will let you know soon ", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-20T21:52:08.000+0000", "updated": "2017-06-20T21:52:08.000+0000" }, { "id": "422433", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "The versions affected are:\r\n \r\nTitanium SDK: v5.5.1.GA\r\ncom.appcelerator.apm: v1.5\r\ncrittercism-android: v5.3.3\r\n \r\nThe version of Ngnix is not specified, but it's the same included within that version of the crittercism module, which hasn't been updated in apm v2.", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-21T01:31:53.000+0000", "updated": "2017-06-21T01:31:53.000+0000" }, { "id": "422659", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "*PR*: https://github.com/appcelerator-modules/appcelerator.apm/pull/27\r\n*New Release (2.1.0)*: https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-06-23T18:50:32.000+0000", "updated": "2017-06-23T18:50:43.000+0000" }, { "id": "422808", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi ! \r\n\r\nDo you know how much this review is going to take ? ", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-26T19:44:48.000+0000", "updated": "2017-06-26T19:44:48.000+0000" }, { "id": "422830", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "can you please share the module ? ", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-26T20:50:27.000+0000", "updated": "2017-06-26T20:50:27.000+0000" }, { "id": "423055", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~hknoechel] the plugin is not working well, there is a problem with dexer. Please see the attached log ", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-28T17:06:43.000+0000", "updated": "2017-07-04T21:23:21.000+0000" }, { "id": "423655", "author": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Any updates here guys ? ", "updateAuthor": { "name": "rramirez", "key": "rramirez", "displayName": " Ricardo Ramirez", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-07T15:53:13.000+0000", "updated": "2017-07-07T15:53:13.000+0000" }, { "id": "424178", "author": { "name": "emerriman", "key": "emerriman", "displayName": "Eric Merriman ", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello, this is currently in test and will be released when complete.", "updateAuthor": { "name": "emerriman", "key": "emerriman", "displayName": "Eric Merriman ", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-14T20:58:23.000+0000", "updated": "2017-07-14T20:58:23.000+0000" }, { "id": "424633", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "appcelerator.apm: https://github.com/appcelerator-modules/appcelerator.apm/pull/28", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-25T08:16:36.000+0000", "updated": "2017-07-25T08:16:36.000+0000" }, { "id": "424867", "author": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Current test results with this environment:\r\nNode Version: 6.10.3\r\nNPM Version: 3.10.10\r\nMac OS: 10.12.4\r\nAppc CLI: 6.2.2\r\nAppc CLI NPM: 4.2.9\r\nTitanium SDK version: 6.1.2.v20170726152015\r\nAppcelerator Studio, build: 4.9.0.201705302345\r\napm module version 2.1.0 (pre-release)\r\nAndroid Device 7.1.2\r\n\r\n[~gmathews] I tested with the above environment, and found compile-time errors. I attached the log to this ticket as \"critterlog.txt\". I used the example project in the apm modules folder. When I switched to the released version apm 2.0.0, there were no errors, and the app launched without issues. Can you please take a look?", "updateAuthor": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-27T06:24:02.000+0000", "updated": "2017-07-27T15:39:59.000+0000" }, { "id": "424876", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~amukherjee] I don't follow; there is only one [2.1.0|https://github.com/appcelerator-modules/appcelerator.apm/releases/tag/v2.1.0]. I can't reproduce the compile errors you are seeing either?", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-27T10:35:44.000+0000", "updated": "2017-07-27T10:35:44.000+0000" }, { "id": "424965", "author": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~gmathews] yes you're right, that was a typo. I tried it with 2.0.0 and it worked fine; it did not work with 2.1.0.", "updateAuthor": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-27T15:44:39.000+0000", "updated": "2017-07-27T15:44:39.000+0000" }, { "id": "425182", "author": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I verified that the new apm module (2.1.0) does work as expected with the environment noted in my previous comment. The issue I reported earlier was due to an unrelated setup issue.", "updateAuthor": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-01T16:06:33.000+0000", "updated": "2017-08-01T16:06:33.000+0000" } ], "maxResults": 18, "total": 18, "startAt": 0 } } }