-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Various Firebase types does not conform to NSSecureCoding #3686
Labels
Comments
We removed NSCoding from Messaging but not InstanceID yet. InstanceID is deprecated and will be removed from Messaging soon. We will keep this open for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[READ] Step 1: Are you in the right place?
Yes
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3: Describe the problem
Our security team scanned our code and dependencies for vulnerabilities and found that the following classes did not conform to
NSSecureCoding
making them vulnerable to object substitution attacks:FIRMessagingTopicBatch
,FIRInstanceIDAPNSInfo
,FIRInstanceIDTokenInfo
andFIRMessagingPendingTopicsList
Steps to reproduce:
Open up the header files, note that they conform to
NSCoding
, and notNSSecureCoding
.Relevant Code:
The text was updated successfully, but these errors were encountered: