On Tue, Aug 5, 2014 at 1:57 PM, tolis emmanouilidis <tolisemm@gmail.com> wrote:

2014-08-05 14:34 GMT+03:00 Erik Jan de Wit <edewit@redhat.com>:

It’s not cordova itself that is vulnerable it’s one particular version of a platform ( 3.5.0 android ). I’m not saying that people should ignore security, just that we use a runtime and we cannot be held responsible or control what version of that runtime people are using

+1 I think it's users responsiblity to upgrade or not. Also, it looks like Apache is not enforcing the latest cordova version in their plugins e.g https://github.com/apache/cordova-plugin-statusbar/blob/master/plugin.xml#L32

ha! That's good info!

-M

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf