@capgo/capacitor-updater 8.41.2 → 8.41.4

package/README.md

@@ -252,6 +252,10 @@ Capacitor Updater works by unzipping a compiled app bundle to the native device
 - Do not password encrypt the bundle zip file, or it will fail to unpack.
 - Make sure the bundle does not contain any extra hidden files or folders, or it may fail to unpack.
 
+### Downgrading to a previous version of the updater plugin
+
+Downgrading to a previous version of the updater plugin is not supported.
+
 ## Updater Plugin Config
 
 <docgen-config>

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java

@@ -85,7 +85,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
     private static final String[] BREAKING_EVENT_NAMES = { "breakingAvailable", "majorAvailable" };
     private static final String LAST_FAILED_BUNDLE_PREF_KEY = "CapacitorUpdater.lastFailedBundle";
 
-    private final String pluginVersion = "8.41.2";
+    private final String pluginVersion = "8.41.4";
     private static final String DELAY_CONDITION_PREFERENCES = "";
 
     private SharedPreferences.Editor editor;

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java

@@ -210,7 +210,7 @@ public class CryptoCipher {
                 detectedFormat = "base64";
             }
             logger.debug(
-                "Received encrypted checksum format: " +
+                "Received checksum format: " +
                     detectedFormat +
                     " (length: " +
                     checksum.length() +
@@ -218,6 +218,18 @@ public class CryptoCipher {
                     checksumBytes.length +
                     " bytes)"
             );
+
+            // RSA-2048 encrypted data must be exactly 256 bytes
+            // If the checksum is not 256 bytes, the bundle was not encrypted properly
+            if (checksumBytes.length != 256) {
+                logger.error(
+                    "Checksum is not RSA encrypted (size: " +
+                        checksumBytes.length +
+                        " bytes, expected 256 for RSA-2048). Bundle must be uploaded with encryption when public key is configured."
+                );
+                throw new IOException("Bundle checksum is not encrypted. Upload bundle with --key flag when encryption is configured.");
+            }
+
             PublicKey pKey = CryptoCipher.stringToPublicKey(publicKey);
             byte[] decryptedChecksum = CryptoCipher.decryptRSA(checksumBytes, pKey);
             // Return as hex string to match calcChecksum output format

package/ios/Sources/CapacitorUpdaterPlugin/CapacitorUpdaterPlugin.swift

@@ -60,7 +60,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
         CAPPluginMethod(name: "completeFlexibleUpdate", returnType: CAPPluginReturnPromise)
     ]
     public var implementation = CapgoUpdater()
-    private let pluginVersion: String = "8.41.2"
+    private let pluginVersion: String = "8.41.4"
     static let updateUrlDefault = "https://plugin.capgo.app/updates"
     static let statsUrlDefault = "https://plugin.capgo.app/stats"
     static let channelUrlDefault = "https://plugin.capgo.app/channel_self"
@@ -382,6 +382,32 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
                 self.logger.info("Cleanup complete")
             }
 
+            // Michael (WcaleNieWolny) at 04.01.2026
+            // The following line of code contains a bug. After having evaluated it, I have decided not to fix it.
+            // The initial report: https://discord.com/channels/912707985829163099/1456985639345061969
+            // The bug happens in a very specific scenario. Here is the reproduction steps, followed by the lackof busniess impact
+            // Reproduction steps:
+            // 1. Install iOS app via app store. Version: 10.13.0. Version v10 of the app uses Capacitor 6 (6.3.13) - a version where the key was still "LatestVersionNative" 
+            // 2. The plugin writes "10.13.0" to the key "LatestVersionNative"
+            // 3. Update the app to version 10.17.0 via Capgo.
+            // 4. Update the app via testflight to version 11.0.0. This version uses Capacitor 8 (8.41.3) - a version where the key was changed to "LatestNativeBuildVersion"
+            // 5. During the initial load of then new native version, the plugin will read "LatestNativeBuildVersion", not find it, read "LatestVersionNative", find it and revert to builtin version sucessfully.
+            // 6. The plugin writes "11.0.0" to the key "LatestNativeBuildVersion"
+            // 7. The app is now in a state where it is using the builtin version, but the key "LatestNativeBuildVersion" is still set to "11.0.0" and "LatestVersionNative" is still set to "10.13.0". 
+            // 8. The user downgrades using app store back to version 10.13.0.
+            // 9. The old plugin reads "LatestVersionNative", finds "10.13.0," so it doesn't revert to builtin version. // <--- THIS IS THE FIRST PART OF THE BUG
+            // 10. "LatestVersionNative" is written to "10.13.0" but "LatestNativeBuildVersion" is not touched, and stays at "11.0.0"
+            // 11. A capgo update happesn to version 10.17.0.
+            // 12. The user updates again to version 11.0.0 via Testflight.
+            // 13. The plugin reads "LatestNativeBuildVersion", finds "11.0.0", so it doesn't revert to builtin version. It is unaware of the native update that happended.
+            // 14. Capgo loads the 10.13.0 version, while it should have loaded the builtin 11.0.0 version. // <--- THIS IS THE SECOND PART OF THE BUG
+            // The business impact:
+            // None - no one will ever be affected by this bug as reverting via app store should in practice never happen. You are not SUPPOSE to go from Capacitor v8 to v6.
+            // Downgrading isn't supported.
+            // Possible fixes:
+            // 1. Write "LatestVersionNative" - this fixes the part 1 of this bug
+            // 2. Compare both keys. If any is not equal to "currentBuildVersion", then revert to builtin version. This fixes the part 2 of this bug
+
             let previous = UserDefaults.standard.string(forKey: "LatestNativeBuildVersion") ?? UserDefaults.standard.string(forKey: "LatestVersionNative") ?? "0"
             if previous != "0" && self.currentBuildVersion != previous {
                 _ = self._reset(toLastSuccessful: false)

package/ios/Sources/CapacitorUpdaterPlugin/CryptoCipher.swift

@@ -63,13 +63,21 @@ public struct CryptoCipher {
                 detectedFormat = "base64"
             }
             // swiftlint:disable:next line_length
-            logger.debug("Received encrypted checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
+            logger.debug("Received checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
 
             if checksumBytes.isEmpty {
                 logger.error("Decoded checksum is empty")
                 throw CustomError.cannotDecode
             }
 
+            // RSA-2048 encrypted data must be exactly 256 bytes
+            // If the checksum is not 256 bytes, the bundle was not encrypted properly
+            if checksumBytes.count != 256 {
+                // swiftlint:disable:next line_length
+                logger.error("Checksum is not RSA encrypted (size: \(checksumBytes.count) bytes, expected 256 for RSA-2048). Bundle must be uploaded with encryption when public key is configured.")
+                throw CustomError.cannotDecode
+            }
+
             guard let rsaPublicKey = RSAPublicKey.load(rsaPublicKey: publicKey) else {
                 logger.error("The public key is not a valid RSA Public key")
                 throw CustomError.cannotDecode

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "8.41.2",
+  "version": "8.41.4",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",
   "main": "dist/plugin.cjs.js",