cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: Cordova Android < 3.5.1 XAS Security Vulnerability -- possibility of releasing a 2.7-based patched version
Date Thu, 02 Oct 2014 15:40:48 GMT
That said, the relevant patch is here:

https://github.com/apache/cordova-android/commit/2ab81bc5aeb575fef3657cf48a671607e81ca37d

(Ian / Joe, please correct me if there's more than that)



On Thu, Oct 2, 2014 at 11:29 AM, Joe Bowser <bowserj@gmail.com> wrote:

> No, you should upgrade to 3.5.1.  We have dropped support for Cordova 2.x
> months ago, and we recommend upgrading.
>
> On Thu, Oct 2, 2014 at 7:33 AM, <Steve.Wilson@bentley.com> wrote:
>
> > We have released applications in the Google Play store based on Cordova
> > 2.7.0 and have received notification from Google that these apps are
> > vulnerable to an Android Cordova security issue (
> > http://cordova.apache.org/announcements/2014/08/04/android-351.html).
> >
> > Upgrading to Cordova 3.5.1 would require significant work on our part. Is
> > there any possibility that you can release a patched Cordova Android
> > version based on 2.7 that would fix this security vulnerability?
> >
> > Please let me know whether you think this would be possible on your part.
> > Thank you!
> >
> > Thanks,
> > Steve Wilson
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message