Yesterday, I’ve got an issue from a user of my application called “Open in browser”.
The user says F-Droid recommends to uninstall my application because a vulnerability was found in it.
I believe this usually happens if the last update has been a long time ago and the app was moved into the F-Droid archive.
When did you last supply an update for the app?
I agree the wording of the error message is misleading: Just because the last update was a long time ago doesn’t mean that a vulnerability has been found.
@relan I’m confused: That quoted section is correct: 0.0.8 is the current version (& tagged as such, AFAICT), though not (yet?) in the F-Droid repo. Now the question: is anything else needed to have it published?
The concern is re: that “Auto-update mode: none.” Does that mean it won’t be automatically published in F-Droid? If so, how is it fixed? If not, what’s it mean?
I means that the source code repo does not tag the releases with a machine readable tag (eg. versioncode is some sort of “date of build” that get dynamically created only if you build the app), hence the fdroidupdate-bot can’t detect that a new version was released.
If you do know that one was released come to the fdroiddata repo, edit the metadata, make a Merge Request with the new versioncode/number.