"Simple File Manager Pro" - security vulnerability notification

[TheFuzzStone]

I recently received a notification that I had an app installed that had a security vulnerability.

As it is easy to guess from the title it is "Simple File Manager Pro", which probably many FOSS enthusiasts use.

I immediately uninstalled the app, and created an issue on Github. Waiting for a comment from developers.

The most interesting thing about this situation is that I got the security issue notification feature from "Neo Store" (one of the alternative F-droid clients). While the official F-droid client does not have this feature, neither does Droid-ify.

Thanks to the developers of NeoStore for the cool feature. :)

[girlmaya]

I would like to see more info on it instead of just a vague alarm style notification

[jahway603]

@TheFuzzStone I also received this security issue notification in the official F-droid client.

[daegalus]

I wish we had more information. I got this for the Shattered Pixel Dungeon game.

And it kept spamming me with notifications. I had to turn them off.

I still don't know if it's a real problem or what the problem is.

[machiav3lli]

Unfortunately F-Droid index doesn't provide information on the security issues, so users have to either check the project's repository for related issues or in some instances, the F-Droid build receipts of the apps may include notes on the issue…

[daegalus]

Based on this issue on Shattered Pixel: https://github.com/00-Evan/shattered-pixel-dungeon/issues/1394

And this one on FDroid: https://gitlab.com/fdroid/fdroidserver/-/issues/1103

It looks like it was a bug in FDroids Servers that applied vulnerability alerts for a specific version to the entire app/all versions. Looks like it was fixed but no clue how long it will take.

Not sure if NeoStore needs to make a similar change.