Comments (4)
That might a mistake while I was upgrading Gradle, didn't even knew that such thing exists.
The application has android:usesCleartextTraffic set to true, which allows it to access resources that do not use encryption, a situation that could be exploited by an attacker to perform MitM attacks and compromise the confidentiality and integrity of the application.
Source
I will offer an update so fast I can.
from mmrl.
That might a mistake while I was upgrading Gradle, didn't even knew that such thing exists.
Ah, OK. I thought the intention might have been to support "local repos" (for hosting one's preferred modules within the own home network, where https might be a bit overkill and getting a proper certificate even difficult), in which case it would totally make sense.
I will offer an update so fast I can.
No stress, the "alert" will only pop up again when a new release is being pulled. And it's just a warning. Sure, if it's not needed it shouldn't be there – but before removing it better be sure it is not needed. I don't think (m)any people will host any repositories locally, though, so removing could be fine.
Leaving the decision to you. I just need to know if I should add that flag to your app's allow-list (if it's needed) or not (otherwise, so we get another warning should it "sneak back in").
from mmrl.
That might a mistake while I was upgrading Gradle, didn't even knew that such thing exists.
Ah, OK. I thought the intention might have been to support "local repos" (for hosting one's preferred modules within the own home network, where https might be a bit overkill and getting a proper certificate even difficult), in which case it would totally make sense.
I will offer an update so fast I can.
No stress, the "alert" will only pop up again when a new release is being pulled. And it's just a warning. Sure, if it's not needed it shouldn't be there – but before removing it better be sure it is not needed. I don't think (m)any people will host any repositories locally, though, so removing could be fine.
Leaving the decision to you. I just need to know if I should add that flag to your app's allow-list (if it's needed) or not (otherwise, so we get another warning should it "sneak back in").
"Local repos" are just the saved repo data.
[
{
"name": "Magisk Modules Alt Repo",
"website": "https://github.com/Magisk-Modules-Alt-Repo",
"support": "https://github.com/Magisk-Modules-Alt-Repo/json/issues",
"donate": null,
"submitModule": null,
"last_update": 1690995729000,
"modules": "https://gr.dergoogler.com/magisk/mmar.json"
}
]
from mmrl.
"Local repos" are just the saved repo data.
I thought of that in a different way, like:
[
{
"name": "My personal Repo",
"website": "http://192.168.1.15/magisk",
"support": null,
"donate": null,
"submitModule": null,
"last_update": 1690995729000,
"modules": "http://192.168.1.15/magisk.json"
}
]
But as already mentioned, that would be a rare edge-case. And you decided already – so yes, better security that way, thanks!
from mmrl.
Related Issues (20)
- Native `view` api not available HOT 5
- [BUG] Module update error - zygisk next HOT 1
- [BUG] We hit a brick message HOT 2
- error updating ccbins HOT 2
- [BUG] REPLACE HOT 3
- [BUG] REPLACE
- mmrl hangs upon loading / freezes completely HOT 5
- Improve Anti-Features and add a anti feature for obfuscated code
- More Terminal Settings
- [BUG] MMRL trying to use V6 script instead of V8 HOT 3
- Fix code scanning alert - Useless regular-expression character escape
- Fix code scanning alert - Incorrect suffix check
- New Release info popup HOT 7
- Installer only opens when multiple modules are choosed
- Anti-Features always displayed
- Highlight/hide installed modules in Explore tab HOT 1
- Wrap `Terminal` and `Chooser` with `Native`
- Handle relative paths in ModConf
- Add `XMLSerializer` to ModConf
- [BUG] Info not available in url install HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mmrl.