Skip to content

fix(deps): bump iOS OpenSSL-Universal to 3.6.2#1049

Merged
boorad merged 1 commit into
mainfrom
fix/deps-openssl-ios-3.6.2
May 21, 2026
Merged

fix(deps): bump iOS OpenSSL-Universal to 3.6.2#1049
boorad merged 1 commit into
mainfrom
fix/deps-openssl-ios-3.6.2

Conversation

@boorad
Copy link
Copy Markdown
Collaborator

@boorad boorad commented May 21, 2026

Summary

Bump the iOS OpenSSL-Universal CocoaPod to 3.6.2000 (OpenSSL 3.6.2) to clear four CVEs published against OpenSSL 3.6.1.

Changes

  • QuickCrypto.podspec: pin OpenSSL-Universal to ~> 3.6.2000
  • example/ios/Podfile.lock: refresh to pull pod 3.6.2000

CVEs cleared

CVE Severity Component RNQC reachable?
CVE-2025-15467 High CMS EnvelopedData stack overflow No
CVE-2026-2673 Low TLS1.3 group selection No
CVE-2025-11187 Moderate PBMAC1 / PKCS#12 No
CVE-2026-31790 Moderate RSA-KEM RSASVE No

None are reachable from RNQC's current API surface, but the bump clears scanners and removes latent risk.

Testing

  • iOS E2E workflow on CI
  • pod install in example/ios resolves cleanly to 3.6.2000

Closes #987

@boorad
fix(deps): bump iOS OpenSSL-Universal to 3.6.2
40a9699 
Pin `OpenSSL-Universal` to `~> 3.6.2000` in QuickCrypto.podspec and
refresh the example Podfile.lock to pull pod 3.6.2000 (OpenSSL 3.6.2).
Clears four CVEs published against OpenSSL 3.6.1 (CVE-2025-15467,
CVE-2026-2673, CVE-2025-11187, CVE-2026-31790). None are reachable from
RNQC's current API surface, but the bump clears scanners and removes
latent risk.

Closes #987
@boorad boorad self-assigned this May 21, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
react-native-quick-crypto Ready Ready Preview, Comment May 21, 2026 1:33pm

Request Review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 21, 2026

🤖 End-to-End Test Results - Android

Status: ✅ Passed
Platform: Android
Run: 26229233860

📸 Final Test Screenshot

Maestro Test Results - android

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 21, 2026

🤖 End-to-End Test Results - iOS

Status: ✅ Passed
Platform: iOS
Run: 26229233861

📸 Final Test Screenshot

Maestro Test Results - ios

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@boorad boorad merged commit 9e11f31 into main May 21, 2026
6 checks passed
@boorad boorad deleted the fix/deps-openssl-ios-3.6.2 branch May 21, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@boorad boorad

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

deps(ios): bump OpenSSL-Universal pod 3.6.1 → 3.6.2

1 participant

@boorad