[aerogear-dev] security updates

Karel Piwko kpiwko at redhat.com
Wed Apr 9 04:37:05 EDT 2014 

On Tue, 8 Apr 2014 16:14:26 +0200
Matthias Wessendorf <matzew at apache.org> wrote:

> On Tue, Apr 8, 2014 at 2:36 PM, Sebastien Blanc <scm.blanc at gmail.com> wrote:
> 
> >
> >
> >
> > On Tue, Apr 8, 2014 at 11:21 AM, Matthias Wessendorf
> > <matzew at apache.org>wrote:
> >
> >>
> >>
> >>
> >> On Tue, Apr 8, 2014 at 11:17 AM, Erik Jan de Wit <edewit at redhat.com>wrote:
> >>
> >>> Hi,
> >>>
> >>> The simplified plugin is using evaluateJavascript in favour of
> >>> sendJavascript, but this method is only available in 4.4
> >>
> >>
> >>
> >> Ah! Thanks for clarification! But this, than, automatically means: the
> >> Push-Plugin requires 4.4 ? That's a huge impact. We have to support way
> >> older versions, w/ the plugin.
> >>
> >>
> >>> as this is a new method introduced by the chrome web view we can change
> >>> this by using sendJavascript method again. Don't know if this will
> >>> introduce security errors, but I guess not.
> >>
> >>
> >> That would be worth to investigate. Not only for security - also for
> >> 'love' of older Android versions!
> >>
> > +9001, I would even say that this is quite critical and we should find a
> > solution before we release any new version of the plugin.
> >
> 
> +1 IMO it's a must criteria to not rely on newer Android versions like 4.4
> (or later)
> 
+3 as well.

> -M
> 
> 
> >
> >>
> >> Thanks for the details, Erik!
> >>
> >> -Matthias
> >>
> >>
> >>
> >>> I think the actual fix is not using the old web view.
> >>>
> >>> Cheers,
> >>>         Erik Jan
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>
> >>
> >>
> >> --
> >> Matthias Wessendorf
> >>
> >> blog: http://matthiaswessendorf.wordpress.com/
> >> sessions: http://www.slideshare.net/mwessendorf
> >> twitter: http://twitter.com/mwessendorf
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> 
> 
>

More information about the aerogear-dev mailing list