[aerogear-dev] security updates
Sebastien Blanc
scm.blanc at gmail.com
Wed Apr 9 04:42:25 EDT 2014
On Wed, Apr 9, 2014 at 10:37 AM, Karel Piwko <kpiwko at redhat.com> wrote:
> On Tue, 8 Apr 2014 16:14:26 +0200
> Matthias Wessendorf <matzew at apache.org> wrote:
>
> > On Tue, Apr 8, 2014 at 2:36 PM, Sebastien Blanc <scm.blanc at gmail.com>
> wrote:
> >
> > >
> > >
> > >
> > > On Tue, Apr 8, 2014 at 11:21 AM, Matthias Wessendorf
> > > <matzew at apache.org>wrote:
> > >
> > >>
> > >>
> > >>
> > >> On Tue, Apr 8, 2014 at 11:17 AM, Erik Jan de Wit <edewit at redhat.com
> >wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> The simplified plugin is using evaluateJavascript in favour of
> > >>> sendJavascript, but this method is only available in 4.4
> > >>
> > >>
> > >>
> > >> Ah! Thanks for clarification! But this, than, automatically means: the
> > >> Push-Plugin requires 4.4 ? That's a huge impact. We have to support
> way
> > >> older versions, w/ the plugin.
> > >>
> > >>
> > >>> as this is a new method introduced by the chrome web view we can
> change
> > >>> this by using sendJavascript method again. Don't know if this will
> > >>> introduce security errors, but I guess not.
> > >>
> > >>
> > >> That would be worth to investigate. Not only for security - also for
> > >> 'love' of older Android versions!
> > >>
> > > +9001, I would even say that this is quite critical and we should find
> a
> > > solution before we release any new version of the plugin.
> > >
> >
> > +1 IMO it's a must criteria to not rely on newer Android versions like
> 4.4
> > (or later)
> >
> +3 as well.
>
Things have gone back to normal ;)
https://github.com/aerogear/aerogear-pushplugin-cordova/commit/4a26b801f4b41637ed6808358a11f2b61fbfd180
But like I suggested on IRC, let's wait for the Cordova 3.4.1 release
(which could happen today and that contains the xcode 5.1 fix) before
releasing a new version of the plugin
>
> > -M
> >
> >
> > >
> > >>
> > >> Thanks for the details, Erik!
> > >>
> > >> -Matthias
> > >>
> > >>
> > >>
> > >>> I think the actual fix is not using the old web view.
> > >>>
> > >>> Cheers,
> > >>> Erik Jan
> > >>> _______________________________________________
> > >>> aerogear-dev mailing list
> > >>> aerogear-dev at lists.jboss.org
> > >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Matthias Wessendorf
> > >>
> > >> blog: http://matthiaswessendorf.wordpress.com/
> > >> sessions: http://www.slideshare.net/mwessendorf
> > >> twitter: http://twitter.com/mwessendorf
> > >>
> > >> _______________________________________________
> > >> aerogear-dev mailing list
> > >> aerogear-dev at lists.jboss.org
> > >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>
> > >
> > >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> >
> >
> >
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140409/911b529d/attachment-0001.html
More information about the aerogear-dev
mailing list