Google Play商店拒绝了Libpng库漏洞[CVE-2015-8540]-Java 学习之路

您好Google Play开发者，我们拒绝XXXX，包名为com.XXX.XXX，因为我们违反了恶意行为或用户数据政策 . 如果您提交了更新，那么您之前的应用版本仍可在Google Play上使用 . 此应用程序使用包含用户安全漏洞的软件，或允许在没有正确披露的情况下收集用户数据 . 以下是您最近提交的内容中检测到的问题列表和相应的APK版本 . 请尽快升级您的应用并增加升级版APK的版本号 . 漏洞APK版本Libpng library漏洞已在libpng v1.0.66，v.1.2.56，v.1.4.19，v1.5.26或更高版本中修复 . 您可以在此Google帮助中心文章中找到有关如何解决问题的详细信息 . 39要确认您已正确升级，请将应用程序的更新版本提交至开发者控制台，并在五小时后再回来查看警告消失 . 虽然这些漏洞可能不会影响使用此软件的每个应用程序，但最好是及时了解所有安全补丁程序 . 确保更新应用中存在已知安全问题的所有库，即使您不确定问题是否与您的应用相关 . 应用还必须遵守开发者分发协议和开发者计划政策 . 如果您认为我们错误地做出了这一决定，请与我们的政策支持团队联系 . 最好的，Google Play团队

问题是我没有包含这个Libpng，我不知道我使用的是哪个lib . 我检查了依赖树，没有看到任何接近！我怎样才能找到这个文件？我已将整个项目从SDK 23更改为24，将Java 1.7更改为1.8，并将所有与照片相关的库更新为最新....仍然被拒绝了 . **

Google Libpng Vulnerability

Dependencies Tree of release
+--- LOCAL: locSDK_6.22.jar
+--- LOCAL: baidumapapi_v3_2_0.jar
+--- LOCAL: easemobchat_2.3.2.jar
+--- LOCAL: libammsdk.jar
+--- LOCAL: fastjson-1.2.7.jar
+--- LOCAL: afinal_0.5.1_bin.jar
+--- LOCAL: jsoup-1.9.2.jar
+--- LOCAL: pinyin4j-2.5.0.jar
+--- LOCAL: umeng-analytics-v5.6.4.jar
+--- com.android.support:support-v4:24.1.1
|    \--- LOCAL: internal_impl-24.1.1.jar
+--- com.android.support:recyclerview-v7:23.2.0
|    \--- com.android.support:support-v4:24.1.1
|         \--- LOCAL: internal_impl-24.1.1.jar
+--- com.facebook.android:facebook-android-sdk:4.16.0
|    +--- com.android.support:support-v4:24.1.1
|    |    \--- LOCAL: internal_impl-24.1.1.jar
|    +--- com.android.support:appcompat-v7:23.4.0
|    |    +--- com.android.support:animated-vector-drawable:23.4.0
|    |    |    \--- com.android.support:support-vector-drawable:23.4.0
|    |    |         \--- com.android.support:support-v4:24.1.1
|    |    |              \--- LOCAL: internal_impl-24.1.1.jar
|    |    +--- com.android.support:support-v4:24.1.1
|    |    |    \--- LOCAL: internal_impl-24.1.1.jar
|    |    \--- com.android.support:support-vector-drawable:23.4.0
|    |         \--- com.android.support:support-v4:24.1.1
|    |              \--- LOCAL: internal_impl-24.1.1.jar
|    +--- com.android.support:cardview-v7:23.4.0
|    \--- com.android.support:customtabs:23.4.0
|         \--- com.android.support:support-v4:24.1.1
|              \--- LOCAL: internal_impl-24.1.1.jar
+--- cn.pedant.sweetalert:library:1.3
|    \--- com.pnikosis:materialish-progress:1.0
|         \--- com.android.support:appcompat-v7:23.4.0
|              +--- com.android.support:animated-vector-drawable:23.4.0
|              |    \--- com.android.support:support-vector-drawable:23.4.0
|              |         \--- com.android.support:support-v4:24.1.1
|              |              \--- LOCAL: internal_impl-24.1.1.jar
|              +--- com.android.support:support-v4:24.1.1
|              |    \--- LOCAL: internal_impl-24.1.1.jar
|              \--- com.android.support:support-vector-drawable:23.4.0
|                   \--- com.android.support:support-v4:24.1.1
|                        \--- LOCAL: internal_impl-24.1.1.jar
+--- com.github.chrisbanes:PhotoView:1.3.0
|    \--- com.android.support:support-v4:24.1.1
|         \--- LOCAL: internal_impl-24.1.1.jar
+--- me.leolin:ShortcutBadger:1.1.4
+--- com.daimajia.swipelayout:library:1.2.0
+--- com.github.castorflex.smoothprogressbar:library:1.1.0
+--- com.github.castorflex.smoothprogressbar:library-circular:1.1.0
+--- com.bigkoo:pickerview:2.0.8
+--- com.github.afollestad.material-dialogs:commons:0.8.5.2
|    +--- com.github.afollestad.material-dialogs:core:0.8.5.2
|    |    +--- com.android.support:support-v4:24.1.1
|    |    |    \--- LOCAL: internal_impl-24.1.1.jar
|    |    +--- me.zhanghai.android.materialprogressbar:library:1.1.4
|    |    |    \--- com.android.support:appcompat-v7:23.4.0
|    |    |         +--- com.android.support:animated-vector-drawable:23.4.0
|    |    |         |    \--- com.android.support:support-vector-drawable:23.4.0
|    |    |         |         \--- com.android.support:support-v4:24.1.1
|    |    |         |              \--- LOCAL: internal_impl-24.1.1.jar
|    |    |         +--- com.android.support:support-v4:24.1.1
|    |    |         |    \--- LOCAL: internal_impl-24.1.1.jar
|    |    |         \--- com.android.support:support-vector-drawable:23.4.0
|    |    |              \--- com.android.support:support-v4:24.1.1
|    |    |                   \--- LOCAL: internal_impl-24.1.1.jar
|    |    +--- com.android.support:appcompat-v7:23.4.0
|    |    |    +--- com.android.support:animated-vector-drawable:23.4.0
|    |    |    |    \--- com.android.support:support-vector-drawable:23.4.0
|    |    |    |         \--- com.android.support:support-v4:24.1.1
|    |    |    |              \--- LOCAL: internal_impl-24.1.1.jar
|    |    |    +--- com.android.support:support-v4:24.1.1
|    |    |    |    \--- LOCAL: internal_impl-24.1.1.jar
|    |    |    \--- com.android.support:support-vector-drawable:23.4.0
|    |    |         \--- com.android.support:support-v4:24.1.1
|    |    |              \--- LOCAL: internal_impl-24.1.1.jar
|    |    \--- com.android.support:recyclerview-v7:23.2.0
|    |         \--- com.android.support:support-v4:24.1.1
|    |              \--- LOCAL: internal_impl-24.1.1.jar
|    \--- com.android.support:appcompat-v7:23.4.0
|         +--- com.android.support:animated-vector-drawable:23.4.0
|         |    \--- com.android.support:support-vector-drawable:23.4.0
|         |         \--- com.android.support:support-v4:24.1.1
|         |              \--- LOCAL: internal_impl-24.1.1.jar
|         +--- com.android.support:support-v4:24.1.1
|         |    \--- LOCAL: internal_impl-24.1.1.jar
|         \--- com.android.support:support-vector-drawable:23.4.0
|              \--- com.android.support:support-v4:24.1.1
|                   \--- LOCAL: internal_impl-24.1.1.jar
\--- :photogallery-release:

releaseUnitTest
No dependencies

BUILD SUCCESSFUL

Total time: 0.556 secs

1 回答

0
您可以使用gradle并在调试日志激活的情况下在命令行上构建项目：
```
gradlew -d assembleRelease > logfile.txt
```
然后过滤库名称的日志文件，您应该能够识别源文件名和将其添加到项目中的库 .
回复于 2024-05-03T09:40:36+08:00

Google Play商店拒绝了Libpng库漏洞[CVE-2015-8540]

1 回答

相关问题