1.11 Arrives!
CocoaPods 1.11 raises the minimum Ruby version to 2.6 while adding support for Ruby 3.0. It also adds support for 'On Demand Resources' and contains numerous bug fixes and improvements!
CocoaPods 1.11 raises the minimum Ruby version to 2.6 while adding support for Ruby 3.0. It also adds support for 'On Demand Resources' and contains numerous bug fixes and improvements!
Part of the server-side validation for uploading a new CocoaPod to the central repository of Podspecs (trunk) could be exploited to execute arbitrary shell commands on the trunk server.
We were contacted via Max Justicz this morning who provided us with a great technical write-up and showed how to trigger it for ourselves. The exploit is a combination of un-sanitized user input getting through to a git call param which can be used to send remote payloads.
Being able to execute arbitrary shell commands on the server gave a possible attacker the ability to read the environment variables, which could be used to write to the CocoaPods/Specs repo and read the trunk database.
This means you will need to log in again to trunk again to deploy any new Podspecs. If you have automated deployment to CocoaPods working right now, this will break, and you will need to pod trunk register again and replace your COCOAPODS_TRUNK_TOKEN. We're sorry, I know that sucks, but it also guarantees that you are the only person with write access to your pods.
If you are not a pod author, you do not need to do anything.
CocoaPods 1.10 drops support for Ruby 2.0, adds support for Ruby 2.7 and adds initial support for Xcode 12 as well as a revamped XCFramework integration process!
CocoaPods 1.9 adds support for XCFrameworks, configuration-based dependencies for pod authors, code coverage in generated schemes, and other enhancements and bug fixes!
CocoaPods 1.8 switches the CDN as the default spec repo source and comes with a few enhancements!
CocoaPods 1.7.2 brings with it the final version of CDN support for the trunk specs repo.
CocoaPods 1.7.0 expands heavily on the improved underlying infrastructure of prior releases with support for multiple Swift versions, app specs and more!
CocoaPods 1.6.0 release continues our focus on stability, performance and scalability for large projects.
CocoaPods 1.5.0 comes with native support for building Swift pods as static libraries.
This week we shipped a new behind-the-scenes service for CocoaPods authors: cocoapods-metadata-service it handles a subset of CocoaDocs responsibilities but does not have the requirement of running on a Mac. This makes it easier for us to maintain.
It's been almost a year since we announced that CocoaDocs was going to be shut down. CocoaDocs' sunsetting was intially slowed down by the team at BuddyBuild offering to take over the project, but the migration wasn't finished before they were acquired by Apple. This means they cannot take over community services.
Instead I've started building out a simpler replacement that handles just the needs of the cocoapods.org website. Read on to find out what that looks like.