Impact
SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be potentially exposed in case the application bundle is subsequently published.
You may ignore this notification if you are not using authToken
configuration parameter in your React Native SDK configuration or did not publish apps using this way of configuring the authToken
.
If you had set the authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.
Patches
The behavior that allowed setting an authToken
parameter was fixed in SDK version 5.19.1 where, if this parameter was set, you will see a warning and the authToken
would be removed before bundling the application.
Workarounds
- Remove
authToken
from the plugin configuration.
- If you had set the
authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.
References
Impact
SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be potentially exposed in case the application bundle is subsequently published.
You may ignore this notification if you are not using
authToken
configuration parameter in your React Native SDK configuration or did not publish apps using this way of configuring theauthToken
.If you had set the
authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.Patches
The behavior that allowed setting an
authToken
parameter was fixed in SDK version 5.19.1 where, if this parameter was set, you will see a warning and theauthToken
would be removed before bundling the application.Workarounds
authToken
from the plugin configuration.authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.References