Just gor a security alert from google on all the apps build with Corona - both Native and Corona SDK
Security alert
Your app is using a content provider with an unsafe implementation of openFile. Please see this Google Help Center article for details.
Vulnerable classes:
com.ansca.corona.storage.FileContentProvider
Please fix the issue before: 03/25/50010
Affects APK versions 111 and 109.
Go to Manage releases
Please advise
I got this too on every Corona app… anyone with any idea as to why / what we need to do?
Thanks.
Hi everyone, I got the same error too! +1
Im pretty sure it’s there on almost all apps since com.ansca.corona.storage.FileContentProvider (ansca) sounds like a very old class. What are the dates you’re getting since I got something like “Please fix the issue before: 03/25/50010”.
I get the same date, but received an e-mail saying the below:
“Starting January 16th, 2018, Google Play will block publishing of any new apps or updates that contain this path traversal vulnerability. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.”
So if we want to submit any updates, they’ll be blocked after January 16th unless the issue is sorted.
This thread looks like it already covered the issue…
https://forums.coronalabs.com/topic/70306-path-traversal-security-vulnerability-on-google-play/
Apologies for doubling up. Arrived at this thread via Google.
This is impacting everyone’s apps in Google Play. Please continue at the thread listed above.
I got this too on every Corona app… anyone with any idea as to why / what we need to do?
Thanks.
Hi everyone, I got the same error too! +1
Im pretty sure it’s there on almost all apps since com.ansca.corona.storage.FileContentProvider (ansca) sounds like a very old class. What are the dates you’re getting since I got something like “Please fix the issue before: 03/25/50010”.
I get the same date, but received an e-mail saying the below:
“Starting January 16th, 2018, Google Play will block publishing of any new apps or updates that contain this path traversal vulnerability. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.”
So if we want to submit any updates, they’ll be blocked after January 16th unless the issue is sorted.
This thread looks like it already covered the issue…
https://forums.coronalabs.com/topic/70306-path-traversal-security-vulnerability-on-google-play/
Apologies for doubling up. Arrived at this thread via Google.
This is impacting everyone’s apps in Google Play. Please continue at the thread listed above.