List dependency versions #261
Comments
|
Update: If I understand build.gradle correctly, jcifs-1.3.17 is used, which according to https://www.jcifs.org/ was released sometime between 2011 and 2014. 1.3.19 was released in 2017. jcifs-ng seems to be used in 4 versions in parallel, the latest being jcifs-ng-2.1.4-20200413-02. When SMBSyncv2 Version 2.54 was released, the current version was 2.1.6 which was released about one month earlier. Release notes of jcifs-1.3.19 lists a moderate security issue (As there are no release notes for jcifs-ng I have no idea whether anything related to security was changed). Maybe there are good reasons for those selections (breaking changes?), I just want to raise awareness for dependency management, as this does cause security issues quite often. |
Neither within the app nor in the release notes of this fine app is any reference to which version of the dependencies is actually in use for a specific apk. It would be nice to have this information especially considering possible future security updates of those dependencies.
The text was updated successfully, but these errors were encountered: