I just got this email from Google about all the apps I have published with PhoneGap.
-------
This is a notification that you have multiple apps, listed below, built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcemen....
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
---------
I don't use any user login stuff or anything that would be vulnerable, but I do not want my apps taken down!
How do I upgrade to 3.5.1? I am currently using 3.4
-------
This is a notification that you have multiple apps, listed below, built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcemen....
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
---------
I don't use any user login stuff or anything that would be vulnerable, but I do not want my apps taken down!
How do I upgrade to 3.5.1? I am currently using 3.4
- 68 Posts
- 0 Reply Likes
- anxious
Posted 6 years ago
- 8 Posts
- 0 Reply Likes
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
What kind of 'alerts'?
Are you referring to the Google message, saying that you should update to Apache Cordova 3.5.1 or higher?
Are you referring to the Google message, saying that you should update to Apache Cordova 3.5.1 or higher?
- 8 Posts
- 0 Reply Likes
yes. Google msg about should update to Apache Cordova 3.5.1 or higher?
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
Is your zip file available online somewhere? If so, please post its url and I'll be happy to have a look.
- 8 Posts
- 0 Reply Likes
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
OK.
The version seems correct.
I would suggest:
- you add the cordova-plugin-whitelist, otherwise your access rules don't take effect on Android
- you change android-minSdkVersion to at least '14'
- you add icons and splashes for xxhdpi and xxxhdpi
Not sure if that helps in this case, but these changes are strongly recommended, anyway.
If you rebuild, make sure to have Hydration switched off!
The version seems correct.
I would suggest:
- you add the cordova-plugin-whitelist, otherwise your access rules don't take effect on Android
- you change android-minSdkVersion to at least '14'
- you add icons and splashes for xxhdpi and xxxhdpi
Not sure if that helps in this case, but these changes are strongly recommended, anyway.
If you rebuild, make sure to have Hydration switched off!
- 8 Posts
- 0 Reply Likes
I am not good in developing.
where i am using cordova-plugin-whitelist? and how?
how can i change change android-minSdkVersion to at least '14' ? and where
size of icons and splashes for xxhdpi and xxxhdpi? by px
where is Hydration switche?
where i am using cordova-plugin-whitelist? and how?
how can i change change android-minSdkVersion to at least '14' ? and where
size of icons and splashes for xxhdpi and xxxhdpi? by px
where is Hydration switche?
- 8 Posts
- 0 Reply Likes
how can i change change android-minSdkVersion to at least '14' ? and where
size of icons and splashes for xxhdpi and xxxhdpi? by px
got it.
size of icons and splashes for xxhdpi and xxxhdpi? by px
got it.
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
Oh Dear!
You may want to read the Phonegap Build Docs, first.
1. include cordova-plugin-whitelist from npm in your config.xml. See the Configuring section of the PGB Docs
2. change the android-minSdkVersion in your config.xml, where you have the value '7' now
3. The correct dimensions for xxhdpi and xxxhdpi can easily be googled. You will find for instance
- XXHDPI
- Portrait: 960x1600px
- Landscape: 1600x960px
- XXXHDPI
- Portrait: 1280x1920px
- Landscape: 1920x1280px
For Android, you may also want to use a 9-patch image instead.
See http://radleymarx.com/blog/simple-gui...
4. The Hydration switch is on the Settings page of your app's PGB web page.
You may want to read the Phonegap Build Docs, first.
1. include cordova-plugin-whitelist from npm in your config.xml. See the Configuring section of the PGB Docs
2. change the android-minSdkVersion in your config.xml, where you have the value '7' now
3. The correct dimensions for xxhdpi and xxxhdpi can easily be googled. You will find for instance
- XXHDPI
- Portrait: 960x1600px
- Landscape: 1600x960px
- XXXHDPI
- Portrait: 1280x1920px
- Landscape: 1920x1280px
For Android, you may also want to use a 9-patch image instead.
See http://radleymarx.com/blog/simple-gui...
4. The Hydration switch is on the Settings page of your app's PGB web page.
- 8 Posts
- 0 Reply Likes
Hydration switch enable or disable?
that means click or not?
all are solved without cordova-plugin-whitelist
that means click or not?
all are solved without cordova-plugin-whitelist
- 8 Posts
- 0 Reply Likes
r you saying me using those codes on config.xml file.
engines
engine name="cordova-android" version=">=4.0.0"
engines
plugin name="cordova-plugin-whitelist"
engines
engine name="cordova-android" version=">=4.0.0"
engines
plugin name="cordova-plugin-whitelist"
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
The latter, yes.
Don't use the engines element, though.
Don't use the engines element, though.
- 1 Post
- 0 Reply Likes
After 3 days of trying to publish the APK (tried both command line and PGB) i found reason why Google rejects my application suggesting pre-3.5.1 version.
So my problem was, that in my /js folder there were old unused legacy cordova.js file @2.9.0 version. Although unused, this file was the reason to reject my app.
So my problem was, that in my /js folder there were old unused legacy cordova.js file @2.9.0 version. Although unused, this file was the reason to reject my app.
Related Categories
-
PhoneGap Build
- 15111 Conversations
- 275 Followers



