Hi Campbell, >Typically, how much advance warning would a developer receive before their app is blocked?
We appreciate that the time required to make upgrades varies. As I mentioned, we want you to have time to update now. If you're planning to update soon, that should be fine. >is there a process that we can follow with Google to ensure that the app is safe without upgrading the library? As I mentioned, although it's unclear whether the issues affect every app that's using pre-3.5.1 versions of Apache Cordova, we're trying to help developers stay up to date on all security patches. Even if you think that specific issues may not be relevant, it's good practice to update any libraries in your app that have known issues. >Also wondering if the warning about the vulnerable version of Cordova are being sent out to developers only, or are end-users being warned as well? These warnings are intended for developers. Best, - Eric On Thursday, October 9, 2014 12:00:00 PM UTC-7, Campbell Moss wrote: > > Also wondering if the warning about the vulnerable version of Cordova are > being sent out to developers only, or are end-users being warned as well? > > Thanks, > Campbell > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
