Comments (18)
Hello all -
We will reach out to the 3rd party dependency and pass over your concern. I will reach back out when we have an update from that team.
from braintree_ios.
@samfriedmanfuji thank you for logging this issue. This is impacting several of our tier 1 carriers that use braintree/paypal services. This is a security issue that Staging URLs are present within the client. Without the removal of these URLs we cannot submit our application to the App Store as it is directly against the Security Office requirements. Please treat this with priority please.
from braintree_ios.
Thank you. However, we are using version 5.23 of the Braintree SDK. Can we get a build of the 5.x branch?
Hey @samfriedmanfuji, thanks for letting us know. We will work on getting a new internal build with stage removed for 5.x. I will reopen this issue for the time being to track that this work still needs to be completed on the 5.x branch.
from braintree_ios.
Hey @gjegadesh -
I have a PR up here for the 5.x changes: #1127. Our Carthage asset cache is intermittently not populating the expected files which we have escalated internally. Once that is resolved we should be able to get the release over to you all.
In the meantime if you'd like to confirm that branch works as expected for you all please feel free. As soon as we resolve the asset cache issue we will get the released version over to you all. Thanks for your patience.
from braintree_ios.
thanks @samfriedmanfuji for logging this.
Our security tool flagged this and it is a blocker for us to deliver to our customers and publish to the App Store.
Good to get this fixed quickly.
thanks
from braintree_ios.
This was raised as a security vulnerability by one of our clients. We would appreciate BrainTree addressing this issue as quickly as possible. Thanks.
from braintree_ios.
This issue is blocking me with store submission, It will be helpful if team address this issue asap.
from braintree_ios.
The PR looks to be approved but it is now marked as BLOCKED. We are still waiting on a build; is there an expected date for a release?
from braintree_ios.
Hi @samfriedmanfuji - we plan on having this released by the end of the week. There were some issues with the backend service that hosts our xcframework assets that we are hoping will be ironed out soon.
from braintree_ios.
Hey all -
Version 6.8.0 of the SDK has been released with staging URLs removed. Please let us know if you continue to run into any issues after updating.
from braintree_ios.
Hey all -
Version 6.8.0 of the SDK has been released with staging URLs removed. Please let us know if you continue to run into any issues after updating.
Thank you. However, we are using version 5.23 of the Braintree SDK. Can we get a build of the 5.x branch?
from braintree_ios.
Hello @samfriedmanfuji -
Version 5.24.0 of the SDK has been released with the staging URLs removed. Please let us know if you run into any issues!
from braintree_ios.
@jaxdesmarais Thanks, unfortunately I am encountering several issues with this version. I can still build and run just fine with 5.23, but when I update to 5.24 I am getting 100 "Undefined symbol" build errors - the first 10 are as follows:
- Undefined symbol: _$s12CoreGraphics7CGFloatVMn
- Undefined symbol: _$s12CoreGraphics7CGFloatVN
- Undefined symbol: _$s12CoreGraphics7CGFloatVs7CVarArgAAMc
- Undefined symbol: _$s15_ObjectiveCTypes01_A11CBridgeablePTl
- Undefined symbol: _$s8AllCasess12CaseIterablePTl
- Undefined symbol: _$s8Dispatch0A12TimeIntervalO7secondsyACSicACmFWC
- Undefined symbol: _$s8Dispatch0A12TimeIntervalOMa
- Undefined symbol: _$s8Dispatch0A13WorkItemFlagsVMa
- Undefined symbol: _$s8Dispatch0A13WorkItemFlagsVMn
- Undefined symbol: _$s8Dispatch0A13WorkItemFlagsVs10SetAlgebraAAMc
What's even more concerning, however, is that regardless of whether I am able to build, the original bug is not resolved. I am checking the latest version of PPRiskMagnes from Carthage, and I also downloaded the framework directly from https://assets.braintreegateway.com/mobile/ios/carthage-frameworks/pp-risk-magnes/PPRiskMagnes.5.4.1.xcframework.zip for comparison. In both cases, I am still seeing both stage urls present in the code. Can we please ensure that this is the actual latest version that has the stage urls removed?
from braintree_ios.
Update: I resolved the Undefined symbol errors by simply adding a blank swift file to my project. Now the app builds, but immediately crashes on startup with the error dyld: Library not loaded: @rpath/PPRiskMagnes.framework/PPRiskMagnes
. I am getting two different reasons depending on whether I am building for a device or simulator; both say "No suitable image found. Did find" followed by the framework and the reason is:
For simulator, no matching architecture in universal wrapper
For device, unknown file type, first eight bytes: 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A
I am using XCode 14.2 and I am targeting iOS 12.
Any help in resolving this (as well as removing the stage URLs) would be much appreciated. Thanks
from braintree_ios.
Hey @samfriedmanfuji -
We can certainly reach out to our 3rd party provider of the Magnes framework to let them know not all of the URLs have been removed as expected. They had assured us stage was fully removed so I will reach back out once we hear back from them.
Regarding the build errors you are seeing, I am not seeing the same warnings on Xcode 14.2 targeting iOS 12. I am using our Demo app from our repo and am able to build for both simulator and device without issue. Are you able to share more about your setup so we can troubleshoot further?
from braintree_ios.
Hello @samfriedmanfuji -
It looks like some of the frameworks uploaded were mixed up and an older version was uploaded for Carthage
and the 5.x
branch. The 6.x
branch contains the correct Framework for Cocoapods and SPM. We will get a PR up to correct the frameworks and let you know when that has been released.
from braintree_ios.
@jaxdesmarais would you have an update to this problem? Hope this is going to be resolved soon. Thanks
from braintree_ios.
Hey all -
This was released in version 5.24.1. Thanks again for your patience and once you've confirmed things are working as expected I will close out this issue.
from braintree_ios.
Related Issues (20)
- fetchPaymentMethodNonces in BTAPIClient return wrong nonce types HOT 4
- Error on pod install after the release of Braintree version 6.8.0 HOT 5
- Unable to Publish Build to App Store with Xcode 15.0 HOT 7
- Unable to Use The Package HOT 5
- policy required: Xcode15 requires Privacy Manifest HOT 22
- V6 Migration guide has incorrect system requirement HOT 2
- Production Access HOT 1
- Better Error Handling HOT 3
- BTThreeDSecureClient.initializeChallenge never completes HOT 3
- Expose SDK struct definitions to consumer apps to enable overridability exclusively for writing unit tests. HOT 4
- ErrorCode 2 and ErrorMessage is 無法完成作業。forbidden HOT 3
- Archiving using Xcode 15.3 Fails Due when Including PPRiskMagnes.framework (minimum OS Version specified in the Info.plist) HOT 17
- Command SwiftCompile failed with a nonzero exit code HOT 3
- 📣 Upgrade your integration to continue accepting Braintree payments HOT 4
- Expose `prefersEphemeralWebBrowserSession` HOT 2
- Braintree iOS SDK takes a long amount of time to resolve via SPM HOT 2
- BraintreeCore Fails to Build in Xcode 16 Beta 3 with Error: Type 'UIApplication' does not conform to protocol 'URLOpener' HOT 4
- PayPal Vault Crash using v6 HOT 2
- Crash in BTAnalyticsService HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from braintree_ios.