One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see
So far, I've worked out OpenSSL 1.0.0a is included in Cocos2dx 2.2.3 extensions.
To see which of you apps have it download BlueBox's Heartbleed scanner on you phone and run it. The bug Google are talking about isn't HeartBleed, it's a newer problem, so ignore it telling you that your apps are OK, but it will show which use OpenSSL.
If you are using Cocos2dx 2.2x this seems to fix the problem:
In Android.mk remove this line:
$(call import-module,extensions)
If you don't use Cocos2dx but want to find what is adding OpenSSL my advice is to build up an app using what ever components/libraries you use, testing with BlueBox's scanner after adding each component. That is how I found out what was adding it for me.
Thanks for the tip, I'll be sure to try this! I just received the warning email and was a bit worried since my apps are pretty self-contained.
ReplyDeleteI can't remove "$(call import-module,extensions)"
ReplyDeletebecause if I do I get:
"fatal error: cocos-ext.h: no such file..."
But I need that for things like:
cocos2d::extension::CCEditBox
If I run the BlueBox's Heartbleed scanner my app shows up, but
but its says:
vulnerable: no
Is that OK?
Thanks. It saves me a lot.
ReplyDeleteHi!
ReplyDeleteI have projects with Cocos2d-x-JSB 2.2.3 and I can't see this line in Android.mk. I use Google Play Services and MoPub library. Could you give me any hint?
Thank you for your very nice article, do not forget to read my articles also
ReplyDeletegambar lucu
kata kata cinta
kata kata galau
kata kata lucu
kata kata mutiara
dp bbm cinta
cara menghilangkan jerawat
kata kata mutiara cinta
are deliberately presented to the loyal readers.