Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hermes framework version mismatch after upgrading to React Native 0.76.0 (still shows 0.12.0) #1548

Closed
1 of 2 tasks
P0nj4 opened this issue Oct 24, 2024 · 1 comment
Closed
1 of 2 tasks

Hermes framework version mismatch after upgrading to React Native 0.76.0 (still shows 0.12.0) #1548

P0nj4 opened this issue Oct 24, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@P0nj4
Copy link

P0nj4 commented Oct 24, 2024
edited
Loading

Bug Description

I’ve updated my app to React Native 0.76.0 to address security vulnerabilities, including CVE-2023-24833, which seems to be resolved in Hermes v0.13.0. However, after the update, the Hermes framework on iOS is still showing version 0.12.0.

Specifically, the hermes.xcframework/ios-arm64/hermes.framework/Info.plist has a CFBundleVersion of 0.12.0, even though React Native 0.76.0 was expected to use Hermes 0.13.0. I also downloaded the Hermes 0.13.0 source code and noticed that the .podspec file still says version 0.12.0.

Shouldn’t the RN update to 0.76.0 also include the Hermes update to 0.13.0? Is there a version mismatch or additional step I need to follow?

Thanks!

  • I have run gradle clean and confirmed this bug does not occur with JSC
  • The issue is reproducible with the latest version of React Native.

Hermes git revision (if applicable): Hermes v0.13.0
React Native version: 0.76.0
OS: iOS
Platform (most likely one of arm64-v8a, armeabi-v7a, x86, x86_64):

Steps To Reproduce

1.	Create a React Native app using version 0.76.0.
2.	Ensure Hermes is enabled in the project.
3.	Check the Info.plist inside the hermes.xcframework/ios-arm64/hermes.framework for CFBundleVersion.

code example:

The Expected Behavior

•	The React Native 0.76.0 update should include Hermes v0.13.0 to address known vulnerabilities.
•	The hermes.xcframework version in the iOS build should reflect the updated version (0.13.0).
@P0nj4 P0nj4 added the bug Something isn't working label Oct 24, 2024
@tmikov
Copy link
Contributor

tmikov commented Oct 24, 2024

Hi, React Native builds and packages Hermes for their releases, and have their own copies of the pod and Gradle files. Unfortunately they don't update the version there, which makes things a little confusing. Logically speaking, you should not think of the Hermes packaged in RN as having a separate version.

The good news is that whenever RN cuts a release, it uses the latest version of Hermes. So, the Hermes version included in 0.76 has all the latest fixes, etc, from the time when 0.76 was cut.

We made a separate release 0.13.0 in order to make Hermes available to non-RN users. That version corresponds to what was shipped in RN 0.75. So, 0.13.0 is older than what was shipped in RN 0.76.

The current versioning situation is unfortunate and confusing. We are aware that it is a problem and are slowly working towards moving Hermes to a stable ABI, where it will be possible to simply drop in any version of Hermes in RN. When that happens, separate versions of Hermes will become significant.

@tmikov tmikov closed this as completed Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@P0nj4 @tmikov