HEADS UP: Cordova-ios 3.9.2 and below - issues, Upgrade required

  • 1
  • Idea
  • Updated 4 years ago
Six (6) months ago we got:

Cordova iOS9 is Officially Supported as Apache Cordova iOS 3.9.2

Yesterday (2016-Apr-27), we got CVE announcements for Apache Cordova iOS on Google Groups

This all leads to Cordova Blog from yesterday (2016-Apr-27)

Quote

(...)
Versions Affected: cordova-ios 3.9.2 and below

Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker can use any of the 2 methods to load malicious resources in an app that uses a whitelist to only load trusted resources.

Upgrade path: Developers who are concerned about this issue should install version 4.0.0 or higher of the cordova-ios platform.
(...)


Be ready to upgrade soon, I'll research later today where PGB is at.
If someone else knows, please chime in.

Jesse
Photo of JesseMonroy650 (Volunteer)

JesseMonroy650 (Volunteer), Champion

  • 3325 Posts
  • 122 Reply Likes

Posted 4 years ago

  • 1
Photo of Petra V.

Petra V., Champion

  • 7794 Posts
  • 1391 Reply Likes
Cli-5.2.0 has cordova/ios 3.9.1
Cli-6.0.0 has cordova/ios 4.0.1
Cli-6.1.0 has cordova/ios 4.1.0
Photo of JesseMonroy650 (Volunteer)

JesseMonroy650 (Volunteer), Champion

  • 3325 Posts
  • 122 Reply Likes
Thanks for the notes - Petra. I'll include these in an upcoming blog.

Jesse