HostnameVerifier unsafe implementation #551

kunalseedoc · 2016-12-01T12:13:56Z

HostnameVerifier implementation in parse sdk classes resulting in security exception in play store

"Your app is using an unsafe implementation of HostnameVerifier. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability."

https://support.google.com/faqs/answer/7188426

danielsanfr · 2016-12-04T00:33:12Z

This is worrying! Someone has to fix this.

Jawnnypoo · 2016-12-05T21:45:17Z

My guess is that the blame falls on the ParseApacheHttpClient, which should probably just be removed altogether, since there is an OkHttp 3 implementation already in the SDK and just force the dependency. Apache Http was completely removed in API 23, so you are already going to have issues compiling against it.

Jawnnypoo · 2016-12-12T18:55:46Z

@kunalseedoc Can you confirm that this originates from Parse and is not possibly coming from another 3rd party library, such as an analytics library?

rogerhu · 2017-03-09T07:52:31Z

Closing unless there is any further issues.

Jawnnypoo mentioned this issue Dec 6, 2016

Remove Apache dependency to allow for higher Android target SDK. #554

Merged

rogerhu closed this as completed Mar 9, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HostnameVerifier unsafe implementation #551

HostnameVerifier unsafe implementation #551

kunalseedoc commented Dec 1, 2016

danielsanfr commented Dec 4, 2016

Jawnnypoo commented Dec 5, 2016 •

edited

Loading

Jawnnypoo commented Dec 12, 2016

rogerhu commented Mar 9, 2017

HostnameVerifier unsafe implementation #551

HostnameVerifier unsafe implementation #551

Comments

kunalseedoc commented Dec 1, 2016

danielsanfr commented Dec 4, 2016

Jawnnypoo commented Dec 5, 2016 • edited Loading

Jawnnypoo commented Dec 12, 2016

rogerhu commented Mar 9, 2017

Jawnnypoo commented Dec 5, 2016 •

edited

Loading