Security and trust

Apache Trust Manager

Error Security

Your application uses an insecure implementation of the X509TrustManager interface with an Apache HTTP client, which causes a security vulnerability. See this article in the Google Help Center for more information, including the deadline to fix the vulnerability.

• Lcom/zxy/tiny/core/HttpUrlConnectionFetcher$TinyTrustManager;
• sv: deadline: 02/17/2022

Additional Information
To properly process SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to select CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations. In particular, be aware of the following issues:

• Check that the exceptions thrown by checkServerTrusted are not included in the method. If they were included, this would cause checkServerTrusted to exit normally, and the application would trust a malicious certificate.
• Don't use checkValidity to examine the server's certificate. The checkValidity method checks if a certificate has expired, but does not determine if it is trusted.
• You can also use network security settings to customize the behavior of your application's certificates in a less error-prone way.

https://blog.csdn.net/luckyleaf666/article/details/119546361