Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Bump Firebase Web SDK version to 8.10.1 (CVE-2022-0235) for security patch purposes. #8162

Merged
merged 1 commit into from Feb 24, 2022
Merged

feat: Bump Firebase Web SDK version to 8.10.1 (CVE-2022-0235) for security patch purposes. #8162

merged 1 commit into from Feb 24, 2022

Conversation

creativecreatorormaybenot
Copy link
Contributor

Description

There is a security vulnerability in version 8.10.0: https://nvd.nist.gov/vuln/detail/CVE-2022-0235

There is a security patch from Firebase in web SDK version 8.10.1 that fixes this vulnerability.

Checklist

Before you create this PR confirm that it meets all requirements listed below by checking the relevant checkboxes ([x]).
This will ensure a smooth and quick review process. Updating the pubspec.yaml and changelogs is not required.

  • I read the Contributor Guide and followed the process outlined there for submitting PRs.
  • My PR includes unit or integration tests for all changed/updated/fixed behaviors (See Contributor Guide).
  • All existing and new tests are passing.
  • I updated/added relevant documentation (doc comments with ///).
  • The analyzer (melos run analyze) does not report any problems on my PR.
  • I read and followed the Flutter Style Guide.
  • I signed the CLA.
  • I am willing to follow-up on review comments in a timely manner.

Breaking Change

Does your PR require plugin users to manually update their apps to accommodate your change?

  • Yes, this is a breaking change.
  • No, this is not a breaking change.

@creativecreatorormaybenot creativecreatorormaybenot changed the title Bump web SDK version to 8.10.1 (CVE-2022-0235) chore(firebase_core): bump web SDK version to 8.10.1 (CVE-2022-0235) Feb 23, 2022
@russellwheatley russellwheatley changed the title chore(firebase_core): bump web SDK version to 8.10.1 (CVE-2022-0235) fix(firebase_core): bump web SDK version to 8.10.1 (CVE-2022-0235) Feb 23, 2022
@russellwheatley russellwheatley changed the title fix(firebase_core): bump web SDK version to 8.10.1 (CVE-2022-0235) feat: Bump web SDK version to 8.10.1 (CVE-2022-0235) for security patch purpose. Feb 23, 2022
russellwheatley
russellwheatley approved these changes Feb 23, 2022
View reviewed changes
Copy link
Member

@russellwheatley russellwheatley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Salakar Salakar changed the title feat: Bump web SDK version to 8.10.1 (CVE-2022-0235) for security patch purpose. feat: Bump Firebase Web SDK version to 8.10.1 (CVE-2022-0235) for security patch purposes. Feb 24, 2022
@russellwheatley russellwheatley merged commit 7624f77 into firebase:master Feb 24, 2022
@creativecreatorormaybenot
Copy link
Contributor Author

@Salakar @russellwheatley when are plugins updated to include fixes like this one?

@Salakar
Copy link
Member

Salakar commented Feb 24, 2022

Release going out in a few hours

@firebase firebase locked and limited conversation to collaborators Mar 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@russellwheatley russellwheatley russellwheatley approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@creativecreatorormaybenot @Salakar @russellwheatley