<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2014-08-05 14:34 GMT+03:00 Erik Jan de Wit <span dir="ltr"><<a href="mailto:edewit@redhat.com" target="_blank">edewit@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div style="word-wrap:break-word"><div><div><div><br></div></div><div>It’s not cordova itself that is vulnerable it’s one particular version of a platform ( 3.5.0 android ). I’m not saying that people should ignore security, just that we use a runtime and we cannot be held responsible or control what version of that runtime people are using</div>
</div></div><br></blockquote><div><br></div><div>+1 I think it's users responsiblity to upgrade or not. Also, it looks like Apache is not enforcing the latest cordova version in their plugins e.g <a href="https://github.com/apache/cordova-plugin-statusbar/blob/master/plugin.xml#L32" target="_blank">https://github.com/apache/cordova-plugin-statusbar/blob/master/plugin.xml#L32</a></div>
</div><br></div></div>