-
-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apple certificate update #188
Comments
I'm in the same boat. I think that this happens at a lower level. Apple wants you to ensure that you have a certain root certificate in your "trust store", which is the collection of certificates that can be sources of trust for signed certificates. I believe that Pigeon, like the rest of Elixir applications, relies on the certificates in the That said, if you use Pigeon without having |
I took a couple days to dig around and investigate before answering, but @subsetpark beat me to it. So the good news: The bad news: Yesterday I learned that the Erlang's How to FixI have published Kadabra 0.6.0 with This kadabra release should be compatible as far back as pigeon 1.2.0, though you will need to override in your deps: [
{:kadabra, "~> 0.6.0", override: true},
] I'll be doing an impact analysis and putting out a security notice. ADM pushes are not affected, as they use hackney for traditional HTTP requests. Anyone using a custom http/2 client adapter is not affected by kadabra's vulnerability either, though you will need to verify that library does not have a similar issue. |
Hello,
I recently received (like many others) an email from Apple, stating the following:
Is pigeon affected by this? Do I need to change/update something so my apps continue to work?
The text was updated successfully, but these errors were encountered: