Your app is using a version of libjpeg-turbo containing a security vulnerability
Google play store gives me this error when I am trying to send my application for review.
Your app is using a version of libjpeg-turbo containing a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.
Consulting Google Help Center here: https://support.google.com/faqs/answer/7008337 says I should be using a libjpeg-turbo v1.4.2 or higher.
My problem is that I am already using version 2.1.4. This is a copy paste from my CMakeList.txt
include(FetchContent)
FetchContent_Declare(turbojpeggit
GIT_REPOSITORY https://github.com/libjpeg-turbo/libjpeg-turbo
GIT_TAG 2.1.4
)
FetchContent_GetProperties(turbojpeggit)
if(NOT turbojpeggit_POPULATED)
message("libjpeg-turbo not populated... downloading")
FetchContent_Populate(turbojpeggit)
add_subdirectory(${turbojpeggit_SOURCE_DIR} ${turbojpeggit_BINARY_DIR})
include_directories(${turbojpeggit_SOURCE_DIR})
include_directories(${turbojpeggit_BINARY_DIR})
message("libjpeg-turbo downloaded")
else()
message("libjpeg-turbo already populated")
endif()
So I guess this is a false positive but I am unable to publish my application because of this.
Please help me.
I tried contacting Google but got no answer yet.
However, I managed to get the application published by linking against the static version of the libjpeg-turbo library.
Note there is a ENABLE_SHARED option in libjpeg-turbo that should be set to OFF.
To verify you aren't using the shared version, you can unarchive the apk and check you don't have any of these files:
lib/arm64-v8a/libturbojpeg.so
lib/armeabi-v7a/libturbojpeg.so
lib/x86/libturbojpeg.so
lib/x86_64/libturbojpeg.so
- Getting android.intent.action.MAIN when approaching a NFC tag
- Android : Is there anyway to get battery capacity of a device in mah?
- react native build error: package android.support.annotation does not exist
- Android - Store inputstream in file
- Difference between CoroutineScope(Dispatchers.IO + Job()) and CoroutineScope(Dispatchers.IO) + Job()
- Could not recognize my android device on mac
- How do I create ColorStateList programmatically?
- Blur in Jetpack Compose
- FCM version update for SDK
- error java.lang.RuntimeException: Unable to destroy activity IllegalStateException: Can not perform this action after onSaveInstanceState
- How can we extract values from URL when redirect to a Android app?
- Android 13 - READ_EXTERNAL_STORAGE_PERMISSION still usable
- Register to be default app for custom file type
- How to securely store access token and secret in Android?
- flutter: geolocator isnt working, Make sure at least ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION are defined in the manifest
- ClassCastException in Production Build after Login in Android App
- Regular expression matching Android package name
- MIssing old package with jcenter closure
- Koin 2.2.1 : I cannot use "by viewModel" in Activity
- Please use override option or check for definition, koin android?
- LazyColumn is slower than Column with vertical scroll
- How to Sign an Already Compiled Apk
- Android: making a fullscreen application
- Android link in dialog
- Xamarin EditText InputType Password
- Android Jetpack Compose: How to show styled Text from string resources
- PagedList is deprecated
- TransactionTooLargeException even when file size is super small
- Android Stuido: How to change Kotlin version that is used for building with Gradle
- Best practice for storing and protecting private API keys in applications