cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From johnkgerken@gmail.com <johnkger...@gmail.com>
Subject Re: Request estimate for next release of cordova-plugin-globalization
Date Fri, 06 Apr 2018 17:13:21 GMT
Thanks Simon,

My development team is currently investigating what it will take for us to migrate away from
using cordova-plugin-globalization, but it will take some time to get it scheduled and completed.
 So it will happen -- that's the good news.  The bad news is that it keeps our customers hanging
until that is complete.  So a new build with our merged pull request helps our customers greatly
to bridge the gap until our migration is complete.

Earlier messages suggested a release sometime shortly after Easter.  Any idea if or when that
might take place?

Thanks again for your help, everyone.
John

On 2018/03/27 14:38:28, Simon MacDonald <simon.macdonald@gmail.com> wrote: 
> Since this is a security issue that has already been merged I feel like we
> should include globalization in the next plugin release.
> 
> John, you really should start planning to migrate away from this plugin as
> we can't guarantee it will be updated in the future. There is a blog post
> detailing an alternative that doesn't even require a plugin and aligns with
> current web standard API's.
> 
> http://cordova.apache.org/news/2017/11/20/migrate-from-cordova-globalization-plugin.html
> 
> 
> Simon Mac Donald
> http://simonmacdonald.com
> 
> On Tue, Mar 27, 2018 at 9:27 AM, julio cesar sanchez <jcesarmobile@gmail.com
> > wrote:
> 
> > We will probably do a plugins release after Easter with all plugins updated
> > since the last release, so we can include this and some other deprecated
> > plugins that also got an update.
> >
> > 2018-03-27 15:24 GMT+02:00 johnkgerken@gmail.com <johnkgerken@gmail.com>:
> >
> > >
> > >
> > > On 2018/03/26 21:23:26, Steven Gill <stevengill97@gmail.com> wrote:
> > > > cordova-plugin-globalization was deprecated November 2017. See
> > > > https://github.com/apache/cordova-plugin-globalization#
> > > deprecation-notice
> > > >
> > > > We aren't planning on doing anymore releases as far as I'm aware. We
> > > > recommend pointing your package.json & config.xml to the github repo
> > > > instead if you want to continue using it. Another option is to fork the
> > > > plugin and publish it under a different name with the fix you need.
> > > >
> > > > Cheers,
> > > > -Steve
> > > >
> > > > On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
> > > > johnkgerken@gmail.com> wrote:
> > > >
> > > > > Hi Team,
> > > > >
> > > > > Pull request #64 (https://github.com/apache/
> > > cordova-plugin-globalization/
> > > > > pull/64) was committed on February 2 to address a ReDoS issue in
> > > > > moment.js, which is shipped in cordova-plugin-globalization.  As
this
> > > is a
> > > > > security issue, may I ask what the current plans are for releasing
a
> > > new
> > > > > version of the plugin please?  We've tested the nightly build and
> > > confirmed
> > > > > that the issue has been addressed, but would obviously prefer to
ship
> > > with
> > > > > a released version of the plugin as opposed to a nightly build.
> > > > >
> > > > > Thanks for your help,
> > > > > John Gerken
> > > > >
> > > > > ------------------------------------------------------------
> > ---------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > > > For additional commands, e-mail: dev-help@cordova.apache.org
> > > > >
> > > > >
> > > >
> > > Hi Steve,
> > >
> > > Thanks for your reply.  That puts us in a very difficult spot because
> > > migrating away from this plugin is a non-trivial task and we've got about
> > > 600 enterprise customers to consider.  As this is a security issue, is
> > > there any recourse for me to request that the decision to not release
> > this
> > > already committed fix be reconsidered?
> > >
> > > Thanks for your help,
> > > John
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > For additional commands, e-mail: dev-help@cordova.apache.org
> > >
> > >
> >
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org


Mime
View raw message