I am using the latest version of the Twilio Android SDK in a commercial application (and paying Twilio for the privilege). Based on https://support.google.com/faqs/answer/6376725, Google Play Store is going to stop allowing us update our apps in the store past July 11th 2016 as a result of the 'Logjam' vulnerability. This is due to the fact that the latest version of Twilio has OpenSSL 1.0.1k bundled; whereas the security vulnerability is only removed in 1.01r (or 1.02f).
I have sent a message to Twilio support on this issue but have no idea about their response time. Is anyone else having the issue? Does anyone know how quickly Twilio tend to update their bundled version of OpenSSL? Or if they have plans to update to 1.01r anytime soon? Or indeed, how often they tend to reply to queries on their 'Talk to Support' page?
答案 0 :(得分:3)
Twilio刚刚回应(对快速回复印象深刻)。这是他们所说的:
感谢您与我们联系,这确实是一个有效的问题。
我们刚刚发布了Android Client版本1.2.11,可以 从以下网址下载:
http://media.twiliocdn.com/sdk/android/client/latest/twilio-client-android.tar.bz2
我们在网站上的更改日志将在第二天或第二天更新; 因此,我附上发布说明供您审阅。
发行说明:适用于Android 1.2.11的Twilio Client SDK
1.2。11(2016年4月14日)
CLIENT-2103 - OpenSSL已升级到1.0.1s。这个版本 满足发布商最近向Google Play发出的警告 store.
CLIENT-2321 - 已经支持MIPS架构 已删除。
CLIENT-2338 - 在具有targetSDKVersion 23的应用程序中 或更高版本,SDK现在无法初始化(并记录错误)if 用户尚未授予运行时麦克风权限。错误修复CLIENT-2027 - 运行时解决了UnsatisfiedLinkError 由于文本重定位,x86设备/模拟器上的Android 6 CLIENT-2104 - 修复了何时出现零星的UnsatisfiedLinkError 试图在旧设备上加载Twilio库。
CLIENT-2367 - SDK不再触发Device.OnStopListening事件 当PresenceEvent服务器断开连接时。
CLIENT-2325 - Twilio.getVersion()现在只返回Major.Minor.Patch。
可以帮助其他人解决同样的问题:)