I developed an app that'll stream a rtmp video. Before I used VitamioBundle-master. I upload my app in play store it shows some warning message for upgrading my app that has to use vitamio latest version. I download it from the link shown in that alert message. Now I develop the app using vitamio 5.0.2 downloaded from the link https://www.vitamio.org/en/Download/. Once I upload the app play store shows the same alert message
Security alert
Your app utilizes a version of Vitamio, a multimedia library used for playing various types of media files, containing a security vulnerability.
Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK. Beginning 14 March 2016, Google Play will block publishing of any new apps or updates that use pre-5.0 versions of Vitamio.
The vulnerability was addressed in Vitamio v5.0. The latest versions of Vitamio can be downloaded on the Vitamio website. You can confirm your Vitamio version by checking if the SDK includes libs/armeabi-v7a/libvinit.so or libs/armeabi/libvinit.so. If either file is present, the SDK needs to be upgraded. For help upgrading, see the Vitamio support documentation. If you’re using a 3rd party library that bundles Vitamio, please notify the 3rd party and work with them to address this.
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
The vulnerability is due to the Vitamio SDK containing world-writable code. For more information about the vulnerability, please see this NowSecure blog post. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “vitamio.”
While these specific issues may not affect every app that uses Vitamio, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.
I gone through several solutions mentioned in different tutorial but not yet get a clear idea. Can anyone tell me the step by step procedure for updating my vitamio sdk version, or else is there any other lib for streaming rtmp video in my Android app?
Unfortunately, Vitamio 5.0.2 added back the old libvinit.so file, so it gets flagged as an old version of Vitamio. You can just delete libvinit.so and it should work.
Related
Our app has been in the Play Market for 4 years.
Before the last build, we added AppMetrica in the app:
implementation 'com.yandex.android:mobmetricalib:3.13.1'
implementation 'com.android.installreferrer:installreferrer:1.1.2'
implementation 'com.yandex.android:mobmetricapushlib:1.5.1'
The project with these instruments was successfully uploaded into the Play Market without any notifications (errors or warnings). In a few weeks after that, I made minor changes in sending reports in the AppMetrica and received the following notification from Google:
"We reviewed XXX, with package name XXX, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
Vulnerability TrustManager You can find more information about TrustManager in this Google Help Center article."
We don't use TrustManager and his classes in the project.
What can be the possible reason for rejecting? Is it possible that this rejection was made by mistake? How can we find out what is the reason for that? Can AppMetrica cause this setback and should we stop using it?
Also, in the rejection text they said you can set up the network config (https://developer.android.com/training/articles/security-config) in the app -- how can it help?
We are fighting this trouble for two weeks and we hope for your help
I am trying to implement code where I can send and receive the SOAP messages to IBM MQ. As of my knowledge jar file are required for my code to work, but could not find any place where either I can download the files or can do whole setup of WebSphere 6.0
Do anyone have any idea how can I get it ?
Please be aware that grabbing the jar files from an MQ Server or other installation is not supported by IBM and never has been. However, because it is one of the most commonly used methods to install the MQ client for Java or JMS and fairly common in Java developer culture, IBM has provided a Java-only install option. Please see the Redistributable Clients page in the Knowledge Center for details.
As the name suggests, this install provides an MQ Client package that can be redistributed with independently developed MQ applications. While that is helpful, the main reason IBM provides it is to provide a lightweight install package that...
Contains the correct and complete set of jar files as packaged by IBM.
Is intact and verifiable against a known specification and inventory.
Can reliably be expected to perform as per the documentation set for that version.
Contains all of IBM's diagnostic utilities both in the compiled binaries and in the Java classes.
Contains additional utilities such as GSKit for managing certificates.
Can be patched using IBM's standard Fix Pack install media so that integrity of the installed classes and libraries is preserved.
When using IBM's install media and procedure, the result is far more stable but int he event something goes wrong, the presence of the diagnostic utilities and conformance to a standard install procedure can dramatically reduce outage durations.
Also, there are occasional instances in which a customer with full support entitlements is told that their non-standard installation is not supported and they need to correct it before continuing the PMR. Though this doesn't happen often, in most cases the problem is resolved when the MQ client is installed according to spec. When that doesn't fix it, at least diagnostics can proceed at a faster pace.
The link above has all the details, including links to the client downloads, and is highly recommended reading. You can also go directly to Fix Central for the downloads. Fix Central offers all supported MQ client versions and the relocatable clients come in v8.0 and up. In the download list, look for the "All Java" package.
As Tim noted, mixing client and server versions is supported, provided both client and server are currently in service. Generally you want to develop against the latest version of MQ client because it has the most recent client-side features and will have the longest service life before a version upgrade is required.
Assuming you're on a Unix platform for your queue manager, the client will be found at:
/opt/mqm/java/lib
However, all MQ clients are compatible with all queue manager versions. I strongly recommend you use a client which is still supported, which means 7.1, 7.5, 8.0, or 9.0 at time of writing. These are freely downloadable from the SupportPac website.
The SupportPacs of interest are those starting 'MQC'. SupportPac MQC8 for example contains the MQ V8.0 client.
Thanks everyone. Just an update to the above answer. In my case I have asked the WebSphere administrator for providing me the lib folders which contains all the required MQ jar files.
I have asked him to provide following files from the C:\Program Files (x86)\IBM\WebSphere MQ\Java\lib\ folders:
* com.ibm.mq.jar
* connector.jar
* com.ibm.mq.jmqi.jar
* com.ibm.mq.headers.jar
* com.ibm.mq.commonservices.jar
Years ago, I created a SWF application that enabled users to perform online video chat. It used simple SMTFP publish/play method to stream video. Now a few years passed and i am trying to create a backward compatible SWF application.
My problem status:
New version fails to play the streams that are published from the old swf. It
connects to server and to the publisher, but it cannot play and gives
the NetStream.Play.Failed error.
New version plays the streams that are published from its own version.
Online players like in this
guide can play my new version, but they are unable to play
streams from my old version.
I tried it with different SDKs (3.6, 4.1, 4.6) and they all fail to play the old swf streams.
I searched the web for the error and documents don't clear anything and they are just saying that it is a general error. There is question in SO that could be related, but it has no answers.
Does anyone know the reason? or any suggestions?
Are you sure that the same publication names are used in both applications? It is possible that you publish a stream with name "test1" for example and the player try to play the stream with name "test2".
Otherwise if you think that the names are correct you can try with MonaServer, it is our own open source server. It supports RTMFP, RTMP[E], HTTP and Websocket (also RTSP for testing only). Install it on your computer/server and check the log to see what's going on.
I found the problem. It seems like the flash player has changed RTMFP protocol in 11.1 version. There is not much documentation about it and as far as i can understand, I should either upgrade all the flash players or I should upgrade all of the old applications to flex 4 sdk.
As an owner of Flash Builder 4.6 I'm struggling with 2 problems in my web application:
XML parsing makes the whole application sluggish
Russian input in TextInput doesn't work with Opera
I wonder, if there is a new Flex SDK available for download, where some fixes might have been integrated since the Flash Builder 4.6 release several months ago.
So I have downloaded the "Flex SDK version 4.6.0.23201 is the latest production quality release" and installed it:
However this seems to be a version, which differs very little from the stock Flex SDK included with Flash Builder 4.6 originally.
My questions is: is there some good (i.e. fresh, but also tested/stable) source for Flex SDK, which would be suitable for Flash Builder 4.6?
Maybe I can check out the source from some repository and build it myself (how, please?).
Does Apache offer anything, since they are the new owners?
UPDATE:
I've checked out Apache's Flex with
svn co https://svn.apache.org/repos/asf/incubator/flex/trunk flex
(and have yet to figure out, how to build it) - isn't it newer and better?
is there some good (i.e. fresh, but also tested/stable) source for
Flex SDK, which would be suitable for Flash Builder 4.6?
Yes, that would be Adobe. I am not aware of any updates to Flex 4.6 since it's release late last November. It's only been three months. I believe the bulk of Adobe's work around Flex has been getting legal approval to submit Flex to Apache. They are getting that slowly.
You can download the source for the Adobe Flex SDK from opensource.adobe.com. Read this for info on getting the source from the Adobe SVN repository.
Does Apache offer anything, since they are the new owners?
The Apache project is still formally waiting for donations from Adobe, including their testing suite. But, some code is submitted from Adobe. A few people have submitted some new components, and there has been work done around localization. The Apache project does not have a formal release yet.
You should be able to get the Apache Source from SVN as an anonymous user. The trunk includes the framework dump from Adobe; but I haven't delved in myself. I know people have successfully built the Flex SDK from the Apache trunk. Here are some instructions on how to do it with IntelliJ
I should add that I'm not sure if updating the SDK will solve any XML parsing issues you have. But, it's tough to say for sure since you went into no details on what those issues are. My mobile game uses a 30K line, 1MB XML file for the level definitions and it has no problems parsing it effeciently.
Flex SDK sources
You can find the latest source code through the Flex Apache incubator page and use Subversion to check it out. However since the migration of the Flex SDK from Adobe to the Apache foundation is still very much in progress, I sincerely doubt that there would already be significant changes that would fix your issues.
The actual issues
XML parsing makes the whole application sluggish
XML parsing is a pure ActionScript matter and has nothing to do with Flex. It is closely related to how the Flash VM works, which is still closed property of Adobe. I don't think it is subject to change any time soon, mostly because I've heard very little complaints about its performance and the E4X language is one of the most powerfull around. If you're having performance issues better have a look at your architecture or work with AS model objects instead of XML.
Russian input in TextInput doesn't work with Opera
This is either related to the Flash VM (see above) or to the Text Layout Framework, which is "open-source", but still in the hands of Adobe. Whether it should also be contributed to Apache Flex is still being discussed. In both cases very little will change in the short future, so I think you'll have to try another approach.
Are you sure it has anything to do with the SDK? If the problem of cyrillic chars exists only in Opera - then it's more like a problem of Opera and its Flash-plugin.
This is what you get with Flex SDK 4.5 and Opera 11.61:
There might be another problem if you're using some font that doesn't have the cyrillic char subset (e.g. not using the default font). But if that were it, it would affect all browsers, not just Opera.
привет землякам!
I am having an application that will be installed on various machines. Now if i have a newer version than the installed one, i need to inform the users that an update is available. An update that shows up in Mozilla Firefox about a newer version,similar to that. Is this possible to implement?? Or how those Firefox guys implementing that feature? My application has been implemented using Qt 4.4. But i guess this doesn't conform to a specific programming language. I have virtually no idea about implementing this so any ideas regarding this are welcome.
you need a web site page, like http://yourapp.com/version
and place version number in this page.
each time your app runs, check this page(quietly),
if found version > current version, then open a confirm window.