dietrichmax/colota

v1.2.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo Forensics & Incident Response

✓ No known CVEs patched

This release patches 1 known CVE

Topics

android google-timeline gps-tracker gps-tracking location location-tracker

+1 more

react-native

Affected surfaces

auth deps

Summary

AI summary

Updates Bug Fixes, New Features, and 100.64.x.x across a mixed release.

Full changelog

Android 17+ local network permission - Devices running Android 17 now receive a disclosure modal and permission request before accessing local network endpoints (#157)

Speed data guard and fallback - Speed is only included in payloads when the GPS chip reports it; when unavailable, a fallback is calculated from consecutive GPS points (#164)
Sync retry-forever no longer drops locations - Locations were silently deleted after repeated failures even with retry-forever enabled (#163)
Lowered minimum accuracy threshold - Accuracy filter minimum reduced from 50m to 1m (#153)

Expanded private network detection - HTTP endpoints now also accept CGNAT (100.64.x.x), link-local (169.254.x.x), and full loopback range (127.x.x.x) (#153)
Narrowed ProGuard rules - Tighter keep rules for the location provider layer (#153)

Added tests for speed fallback, sync retry logic, local network permission, and disclosure modal

Full Changelog: https://github.com/dietrichmax/colota/compare/v1.1.0...v1.2.0

Expanded private network detection now includes CGNAT (100.64.x.x), link‑local (169.254.x.x) and full loopback (127.x.x.x)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track dietrichmax/colota

Get notified when new releases ship.

About dietrichmax/colota

v1.9.0 Stricter TLS trust: user-installed Android CAs no longer trusted by Colota.