Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google App Store Warning - You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible

Tags:

apache

google-play

cordova

cordova-3

I have received an Email from Google Play Store for my Android App:

This is a notification that your com.mydomain.myapp, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials. You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html. Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play. Regards, Google Play Team ©2014 Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043

If I try the command mentioned on the given link/page, i.e.:

cordova platform add [email protected] --usenpm

I get an error:

Platform android already added

How can I upgrade Cordova from 3.1 to 3.5.1? I have tried all sort of things like:

npm update -g cordova

But I do not appear to be getting successful. The version file in MyApp\platforms\android\cordova folder still shows following entry and no file in this folder changes:

// Coho updates this line:
var VERSION = "3.1.0";

console.log(VERSION);
like image 206
AnR Avatar asked Oct 01 '14 18:10

AnR

2 Answers

After some research, I think, I have found the solution here:

http://cordova.apache.org/index.html#download

npm install -g cordova
cd my_project
cordova platform update android

Running the last command does the trick and I get this response:

**cordova platform update android**
Deleting E:/PhoneGap/my_project/platforms/android/libs/cordova-3.1.0.jar
Android project is now at version 3.6.3
If you updated from a pre-3.2.0 version and use an IDE, we now require that you
import the "CordovaLib" library project.

Hope that helps.

Regards

like image 105
AnR Avatar answered Nov 11 '22 15:11

AnR

If you are using Phonegap, you just need to update Phonegap to version 3.5.0

It's explained here: http://phonegap.com/blog/2014/06/12/phonegap-3_5_release/

And here's the note from Phonegap that says how you're covered: http://phonegap.com/blog/2014/08/07/cordova-android-3_5_0-patched-with-security-fixes/

like image 31
Jonny White Avatar answered Nov 11 '22 17:11

Jonny White
Sign in to Comment

Related questions

Google Chrome audit on caching
NTLM Authentication - Get Windows login, domain and host in PHP
Angular 2 routing and direct access to a specific route : how to configure Apache?
ProxyPassMatch with ProxyPassReverse
.htaccess file to allow access to images folder to view pictures?
web server maximum number of users apache can handle?
Why is XAMPP not suited for production? [closed]
How to disable Apache gzip compression for some media files in .htaccess file?
How would I make Apache case insensitive using .htaccess?
htaccess If...Else always selects Else
Best practice for structuring a 'large' Rails app
Pretty URLs in PHP frameworks
Apache Httpd Build from source: fatal error: expat.h: No such file or directory
Best practices for withstanding launch day traffic burst
How much slower is serving static content from Tomcat?
mod_wsgi and multiple installations of python
.htaccess page and lang error
rewrite urls for product name
package org.apache.commons.io does not exist error
force or generate jvm core dump ( IBM JVM ) [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!