Security Alert: Apache Cordova vulnerabilities

Hey IntelRobert

I just received the below email regarding a few of my apps. It's been a short while since I updated the apps. If I rebuild will this solve the problem, is Intel XDK using Cordova 3.5.1 or higher?

Thanks

[quote:2rjp3j8w]This is a notification that your com.ballboyfree.nuskid, com.nuskidgames.ballboy, com.nuskidgames.lightsoff, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements ... d-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Not yet. We are working on it.

Intel XDK working with Cordova 3.5 (should with 3.5.1) but with XDK projects only not Construct 2 imported files. All C2 projects fails when build with cli 3.5, working with cli 3.3 only. Just tested sample XDK project, build with 3.5, no errors and app working on device (Android). Even sample C2 project loaded to XDK and compiled with 3.5 creating errors and no go. Problem is in C2 (tested with newest version 184 and olders)

Facet

FredQ

We have updated the cordova in crosswalk, so please read this:

viewtopic.php?f=146&t=101139&p=846131#p846131