You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like the APK version was updated to 3.19 about six months ago in master, but the App Store build still hasn't been updated with this version.
This means that the App Store version is still using the 3.14 repository, which appears to contain out of date packages that could present a security risk.
For example, the version of OpenSSH in this repository is 8.6p1, which is more than three years out of date and has some nasty CVEs. Although they are unlikely to escape the sandbox, sensitive data inside the sandbox such as private keys could still be exfiltrated if it were compromised.
Assuming that there are more than a few users that intend to use iSH for remote management or other tasks that require the use of SSH, this is a security hole that should be closed.
The text was updated successfully, but these errors were encountered:
It looks like the APK version was updated to 3.19 about six months ago in master, but the App Store build still hasn't been updated with this version.
This means that the App Store version is still using the 3.14 repository, which appears to contain out of date packages that could present a security risk.
For example, the version of OpenSSH in this repository is 8.6p1, which is more than three years out of date and has some nasty CVEs. Although they are unlikely to escape the sandbox, sensitive data inside the sandbox such as private keys could still be exfiltrated if it were compromised.
Assuming that there are more than a few users that intend to use iSH for remote management or other tasks that require the use of SSH, this is a security hole that should be closed.
The text was updated successfully, but these errors were encountered: