cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shazron <shaz...@gmail.com>
Subject Re: Security releases this morning
Date Tue, 04 Mar 2014 19:30:28 GMT
Thanks Ian for doing the posts! I'll notify the PhoneGap Google Group as
well (will just post a link to your posts).


On Tue, Mar 4, 2014 at 6:07 AM, Ian Clelland <iclelland@chromium.org> wrote:

> Hello everyone,
>
> This morning, we released new versions of several plugins, containing a
> number of improvements and bug fixes.
>
> Two of these plugins contain important security patches, and we're
> recommending that anyone using them upgrade their plugins immediately.
>
> File-Transfer used an insecure default setting on iOS, which could allow an
> insecure SSL certificate to be accepted as valid when uploading or
> downloading files.
>
> In-App-Browser on iOS contains an exploit that could allow a malicious site
> to execute JavaScript in the context of the Cordova application.
>
> Both plugins have been updated, and the latest versions on git and at
> plugins.cordova.io have been patched.
>
> I've posted the vulnerability notices to this list, as well as bugtraq,
> full-disclosure, and the Apache security list.
>
> We'd like to thank Neil Bergman of Cigital Inc. for finding these issues,
> and working with us to resolve them quickly.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message