today i got message from Google, because of OpenSSL vulnerability.
With a quick search i found it in libcocos2dcpp.so:OpenSSL 1.0.1l 15 Jan 2015
I use Cocos Studio, precompiled cocos2d-x.
Devs doing something against this with some update?
Or how can i solve it self?
Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL. If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.02f/1.01r or higher.
The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. The latest versions of OpenSSL can be downloaded here. To confirm your OpenSSL version, you can do a grep search for ($ unzip -p YourApp.apk | strings | grep “OpenSSL”).
I received the same warning from Google for games that are running Cocos2d-x 2.2.6. Cocos2d-x 2.2.6 uses a vulnerable version of OpenSSL 1.0.1h inside of curl LIBCURL_VERSION “7.26.0” (maybe elsewhere in Cocos2d-x, but not certain).
EDIT: I might have responded too quickly… currently looking into what exactly I have in my game that uses openSSL. Will update later after some testing.
People using OpenSSL version 1.0.2 should upgrade to 1.0.2f, while those still using version 1.0.1 should install 1.0.1r. Thursday’s OpenSSL advisory also reminded users that support for version 1.0.1 will end at the end of this year, after which no security fixes will be available. Support for versions 0.9.8 and 1.0.0 ended in December.