8:45 a.m.
FYI
https://twitter.com/apachecordova/status/496418463666028545
Wondering, should we update the plugin ?
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
10:04 a.m.
New subject: [Cordova] Important security fixes for Cordova-Android just released
+1 for updating.
On Tue, Aug 5, 2014 at 8:45 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
FYI
https://twitter.com/apachecordova/status/496418463666028545
Wondering, should we update the plugin ?
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
10:26 a.m.
New subject: [Cordova] Important security fixes for Cordova-Android just released
We had this discussion before and I still feel that this course of action is wrong. It’s
like let’s update the java library that we created when there is a security error in
java.
All people have to do is to use the newer version of the android platform (if they are
currently using 3.5.0)
cordova platform add android(a)3.5.1
On 5 Aug,2014, at 10:04 , Karel Piwko <kpiwko(a)redhat.com> wrote:
+1 for updating.
On Tue, Aug 5, 2014 at 8:45 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
> FYI
>
> https://twitter.com/apachecordova/status/496418463666028545
>
> Wondering, should we update the plugin ?
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
10:30 a.m.
how about adding some notes on the README ?
On Tue, Aug 5, 2014 at 10:26 AM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
We had this discussion before and I still feel that this course of
action
is wrong. It’s like let’s update the java library that we created when
there is a security error in java.
All people have to do is to use the newer version of the android platform
(if they are currently using 3.5.0)
cordova platform add android(a)3.5.1
On 5 Aug,2014, at 10:04 , Karel Piwko <kpiwko(a)redhat.com> wrote:
+1 for updating.
On Tue, Aug 5, 2014 at 8:45 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
FYI
https://twitter.com/apachecordova/status/496418463666028545
Wondering, should we update the plugin ?
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
10:42 a.m.
New subject: [Cordova] Important security fixes for Cordova-Android just released
In such case, would it make sense to lock Cordova related versions in
our tutorials/quickstarts/documentation and update versions there after
security bug instead?
On Tue, Aug 5, 2014 at 10:26 AM, Erik Jan de Wit <edewit(a)redhat.com>
wrote:
We had this discussion before and I still feel that this course of
action is wrong. It’s like let’s update the java library that we
created when there is a security error in java.
All people have to do is to use the newer version of the android
platform (if they are currently using 3.5.0)
cordova platform add android(a)3.5.1
On 5 Aug,2014, at 10:04 , Karel Piwko <kpiwko(a)redhat.com> wrote:
> +1 for updating.
>
> On Tue, Aug 5, 2014 at 8:45 AM, Matthias Wessendorf
> <matzew(a)apache.org>
> wrote:
>> FYI
>>
>> https://twitter.com/apachecordova/status/496418463666028545
>>
>> Wondering, should we update the plugin ?
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
10:48 a.m.
New subject: [Cordova] Important security fixes for Cordova-Android just released
On 5 Aug,2014, at 10:42 , Karel Piwko <kpiwko(a)redhat.com> wrote:
In such case, would it make sense to lock Cordova related versions in
our tutorials/quickstarts/documentation and update versions there after
security bug instead?
When you tryout / install our demo now you’ll get the latest version of the android
platform (3.5.1) this security update is ‘only’ important if you have a project currently
on your drive then you’ll have to update the android platform
1:25 p.m.
On 2014-08-05, Erik Jan de Wit wrote:
We had this discussion before and I still feel that this course of
action is wrong. It’s like let’s update the java library that we created when there is a
security error in java.
That **must** be the correct approach, most part of the time the cause
of people exploiting security vulnerabilities is because the software is
outdated. Do you want to engage our developers to ignore it?
All people have to do is to use the newer version of the android platform (if they are
currently using 3.5.0)
cordova platform add android(a)3.5.1
I still disagree on that, we must lead by example and encourage them to
update their versions.
On 5 Aug,2014, at 10:04 , Karel Piwko <kpiwko(a)redhat.com> wrote:
> +1 for updating.
>
> On Tue, Aug 5, 2014 at 8:45 AM, Matthias Wessendorf <matzew(a)apache.org>
> wrote:
>> FYI
>>
>> https://twitter.com/apachecordova/status/496418463666028545
>>
>> Wondering, should we update the plugin ?
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
1:34 p.m.
On 5 Aug,2014, at 13:25 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
On 2014-08-05, Erik Jan de Wit wrote:
> We had this discussion before and I still feel that this course of action is wrong.
It’s like let’s update the java library that we created when there is a security error in
java.
That **must** be the correct approach, most part of the time the cause
of people exploiting security vulnerabilities is because the software is
outdated. Do you want to engage our developers to ignore it?
It’s not cordova itself that is vulnerable it’s one particular version of a platform (
3.5.0 android ). I’m not saying that people should ignore security, just that we use a
runtime and we cannot be held responsible or control what version of that runtime people
are using
1:57 p.m.
2014-08-05 14:34 GMT+03:00 Erik Jan de Wit <edewit(a)redhat.com>:
It’s not cordova itself that is vulnerable it’s one particular version of
a platform ( 3.5.0 android ). I’m not saying that people should ignore
security, just that we use a runtime and we cannot be held responsible or
control what version of that runtime people are using
+1 I think it's users responsiblity to upgrade or not. Also, it looks like
Apache is not enforcing the latest cordova version in their plugins e.g
https://github.com/apache/cordova-plugin-statusbar/blob/master/plugin.xml...
2:10 p.m.
On Tue, Aug 5, 2014 at 1:57 PM, tolis emmanouilidis <tolisemm(a)gmail.com>
wrote:
2014-08-05 14:34 GMT+03:00 Erik Jan de Wit
<edewit(a)redhat.com>:
> It’s not cordova itself that is vulnerable it’s one particular version of
> a platform ( 3.5.0 android ). I’m not saying that people should ignore
> security, just that we use a runtime and we cannot be held responsible or
> control what version of that runtime people are using
>
>
+1 I think it's users responsiblity to upgrade or not. Also, it looks like
Apache is not enforcing the latest cordova version in their plugins e.g
https://github.com/apache/cordova-plugin-statusbar/blob/master/plugin.xml...
ha! That's good info!
-M
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
1:22 p.m.
Please!
On 2014-08-05, Matthias Wessendorf wrote:
FYI
https://twitter.com/apachecordova/status/496418463666028545
Wondering, should we update the plugin ?
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
3552
days inactive
3552
days old
10 comments
5 participants
participants (5)
-
Bruno Oliveira -
Erik Jan de Wit -
Karel Piwko -
Matthias Wessendorf -
tolis emmanouilidis