)]}'
{
  "commit": "8064a47f09e2959e26a0ede59ecc08e5754b6e51",
  "tree": "d303f5551fe79ef39e21eb45102c470379b0af91",
  "parents": [
    "974aaeb80e6dd5df6717865bbe85376e00921c85"
  ],
  "author": {
    "name": "techyminati",
    "email": "sinha.aryan03@gmail.com",
    "time": "Sat Mar 30 19:16:09 2024 +0530"
  },
  "committer": {
    "name": "TechyMinati",
    "email": "sinha.aryan03@gmail.com",
    "time": "Wed Jun 19 15:26:51 2024 +0000"
  },
  "message": "LatinIME: Fix Implicit PendingIntent Vulnerability\n\n* checkTimeAndMaybeSetupUpdateAlarm method created an Implicit PendingIntent vulnerability, which may cause security threats in the form of denial-of-service, private data theft, and privilege escalation.\n\n* PendingIntents are Intents delegated to another app to be delivered at some future time. Creating an implicit intent wrapped under a PendingIntent is a security vulnerability that might lead to denial-of-service, private data theft, and privilege escalation.\n\n* We\u0027ve used FLAG_IMMUTABLE (added in SDK 23) to create PendingIntents for SDK \u003e 23, This prevents apps that receive the PendingIntent from filling in unpopulated properties \u0026 Ensures that PendingIntent is only delivered to trusted components.\n\nTest: m\nChange-Id: I68a1f3f2d81138e42092cc201d36e5d29853a86e\nSigned-off-by: techyminati \u003csinha.aryan03@gmail.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "fe988ac704e39d13ee183c4b7be8f870ae9fb24a",
      "old_mode": 33188,
      "old_path": "java/src/com/android/inputmethod/dictionarypack/DictionaryService.java",
      "new_id": "5ab55bc44449588345517dc44c82df6e74217ca7",
      "new_mode": 33188,
      "new_path": "java/src/com/android/inputmethod/dictionarypack/DictionaryService.java"
    }
  ]
}
