cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Clelland <>
Subject Security releases this morning
Date Tue, 04 Mar 2014 14:07:36 GMT
Hello everyone,

This morning, we released new versions of several plugins, containing a
number of improvements and bug fixes.

Two of these plugins contain important security patches, and we're
recommending that anyone using them upgrade their plugins immediately.

File-Transfer used an insecure default setting on iOS, which could allow an
insecure SSL certificate to be accepted as valid when uploading or
downloading files.

In-App-Browser on iOS contains an exploit that could allow a malicious site
to execute JavaScript in the context of the Cordova application.

Both plugins have been updated, and the latest versions on git and at have been patched.

I've posted the vulnerability notices to this list, as well as bugtraq,
full-disclosure, and the Apache security list.

We'd like to thank Neil Bergman of Cigital Inc. for finding these issues,
and working with us to resolve them quickly.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message