Author: steven Date: Sat Nov 21 00:45:41 2015 New Revision: 1715452 URL: http://svn.apache.org/viewvc?rev=1715452&view=rev Log: added secuirty blog post
Added: cordova/site/public/announcements/2015/11/20/ cordova/site/public/announcements/2015/11/20/security.html Modified: cordova/site/public/announcements/2015/11/11/cordova-windows-4.2.0.html cordova/site/public/blog/index.html cordova/site/public/feed.xml cordova/site/public/sitemap.xml cordova/site/public/static/css/main.css cordova/site/public/static/js/index.js cordova/site/public/static/js/plugins.js Modified: cordova/site/public/announcements/2015/11/11/cordova-windows-4.2.0.html URL: http://svn.apache.org/viewvc/cordova/site/public/announcements/2015/11/11/cordova-windows-4.2.0.html?rev=1715452&r1=1715451&r2=1715452&view=diff ============================================================================== --- cordova/site/public/announcements/2015/11/11/cordova-windows-4.2.0.html (original) +++ cordova/site/public/announcements/2015/11/11/cordova-windows-4.2.0.html Sat Nov 21 00:45:41 2015 @@ -158,6 +158,26 @@ cordova platform update windows@4.2.0 </div> <div class="col-sm-6"> + <a href="/announcements/2015/11/20/security.html">Next</a> + <br> + <br> + <a class="title" href="/announcements/2015/11/20/security.html">CVE annoucements for Cordova-Android</a> + <div class="date"> 20 Nov 2015 - By Joe Bowser </div> + <p class="content"> + <!-- + NOTE: + the markdownify filter is used here + because posts are rendered in sequence; + that is, the next post's content isn't + yet rendered at the time that this post + is being rendered, so page.next.excerpt + is still in Markdown and not HTML + + Reference: https://github.com/jekyll/jekyll/issues/2860 + --> + Two older vulerabilities were brought to our attention, and while we found... + </p> + </div> </div> </footer> Added: cordova/site/public/announcements/2015/11/20/security.html URL: http://svn.apache.org/viewvc/cordova/site/public/announcements/2015/11/20/security.html?rev=1715452&view=auto ============================================================================== --- cordova/site/public/announcements/2015/11/20/security.html (added) +++ cordova/site/public/announcements/2015/11/20/security.html Sat Nov 21 00:45:41 2015 @@ -0,0 +1,288 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="utf-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <meta name="format-detection" content="telephone=no"> + <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width" /> + <meta name="description" content="Two older vulerabilities were brought to our attention, and while we found that they were fixed in later versions of Cordova, we are required to announce the..."> + + <title> + + + CVE annoucements for Cordova-Android - Apache Cordova + + + </title> + + <link rel="SHORTCUT ICON" href="/favicon.ico"/> + <link rel="canonical" href="https://cordova.apache.org/announcements/2015/11/20/security.html"> + + <!-- CSS --> + <link rel="stylesheet" type="text/css" href="/static/css/main.css"> + + + <link rel="stylesheet" type="text/css" href="/static/js/lib/prettify/prettify.css"> + + + <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> + <!--[if lt IE 9]> + <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> + <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> + <![endif]--> + <script type="text/javascript"> + var disqus_developer = 1; // this would set it to developer mode + </script> + + <!-- JS --> + <script defer type="text/javascript" src="/static/js/lib/jquery-2.1.1.min.js"></script> + <script defer type="text/javascript" src="/static/js/lib/bootstrap.min.js"></script> + <script defer type="text/javascript" src="/static/js/lib/ZeroClipboard.js"></script> +</head> + +<body> + <a class="scroll-point pt-top" name="top"></a> +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container-fluid"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><img id="logo_top" src="/static/img/cordova-logo-newbrand.svg"/></a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <!-- <img class="pull-right hidden-xs" style="width:25px" src="/static/img/search_icon.svg"/> --> + <div class="nav_bar_center"> + <ul class="nav navbar-nav"> + <li > + <a href="/docs/en/latest/guide/overview/">Documentation</a> + </li> + <li > + <a href="/plugins">Plugins</a> + </li> + <li class="active"> + <a href="/blog" id="blog_button">Blog<span class="badge" id="new_blog_count"></span></a> + </li> + <li > + <a href="/contribute">Contribute</a> + </li> + <li> + <a href="/#getstarted">Get Started</a> + </li> + <!-- <li class="visible-xs"> + <img class="" style="width:25px;margin-left:13px" src="/static/img/search_icon.svg"/> + </li> --> + </ul> + </div> + </div><!--/.navbar-collapse --> + </div> +</nav> +<div id="_fixed_navbar_spacer" style="padding-top:50px"></div> + + <div class="blog"> + <div class="container"> + <h1 class="blogHeader"> + Blog + <span class="rss"> + <img src="/static/img/subscribe.png"><a href="/feed.xml">RSS Feed</a> + </span> +</h1> + +<div class="post"> + <header> + <div class="title">CVE annoucements for Cordova-Android</div> + <div class="author">By: + + <a href="https://twitter.com/infil00p">Joe Bowser</a> + + </div> + <div class="date">20 Nov 2015</div> + </header> + <section> + <div> + <p>Two older vulerabilities were brought to our attention, and while we found that they were fixed in later versions of Cordova, we are required to announce these +vulnerabilities, and to encourage users to upgrade to a supported version of Cordova, the lowest stable version currently being Android 4.1.0. We are no longer supporting +Cordova-Android 3.x due to security issues related to the legacy whitelist implementation, and we recommend that users upgrade to Cordova Android 5.0.x for Marshmallow support.</p> + +<p>When using the Cordova CLI, the command to use 4.1.0 of Cordova Android is:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text">cordova platform add android@4.1.0 +</code></pre></div> +<p>The security issues are CVE-2015-5256 and CVE-2015-5257</p> + +<p>For your convenience, the text of the CVEs are included here.</p> + +<!--more--> + +<hr> + +<p>CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions on Android</p> + +<p>Severity: Medium</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Cordova Android 3.7.2 and earlier</p> + +<p>Description: +Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not properly applied. +Improperly crafted URIs could be used to circumvent the whitelist, allowing for the execution of non-whitelisted Javascript.</p> + +<p>Upgrade path: +Developers who are concerned about this should rebuild their applications with Cordova Android 4.1.1. Developers using remote content roots should also +use SSL, as well as Content Source Policy to further mitigate this issue.</p> + +<p>Credit: Muneaki Nishimura of Sony Digital Network Applications, Inc</p> + +<hr> + +<p>CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android</p> + +<p>Severity: Low</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Cordova Android versions up to 3.6.4</p> + +<p>Description:</p> + +<p>Cordova uses a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the +framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.</p> + +<p>Upgreade Path: +Developers who are concerned about this issue should rebuild their applications with Cordova Android 4.1.1 or later. Versions after 3.6.4 do not contain this vulnerability.</p> + +<p>Credit: David Kaplan & Roee Hay, IBM X-Force Application Security Research Team</p> + + </div> + </section> + <footer> + <div class="row"> + <div class="col-sm-6"> + + <a href="/announcements/2015/11/11/cordova-windows-4.2.0.html">Previous</a> + <br> + <br> + <a class="title" href="/announcements/2015/11/11/cordova-windows-4.2.0.html">Apache Cordova Windows 4.2.0</a> + <div class="date"> 11 Nov 2015 - By Sergey Grebnov </div> + <p class="content"> + We are happy to announce that Cordova Windows 4.2.0 has been released!... + </p> + + </div> + <div class="col-sm-6"> + + </div> + </div> + </footer> + <div class="disqus"> + <div id="disqus_thread"></div> +<script type="text/javascript"> + /* * * CONFIGURATION VARIABLES * * */ + var disqus_shortname = 'cordovablogs'; + + /* * * DON'T EDIT BELOW THIS LINE * * */ + (function() { + var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; + dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; + (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); + })(); +</script> +<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript" rel="nofollow">comments powered by Disqus.</a></noscript> + + </div> +</div> + + </div> +</div> + + <div class="blue-divider"></div> +<footer> + <div class="container" id="footer"> + <div class="row"> + <div class="col-sm-9"> + <h1>More Resources</h1> + <div class="row"> + <div class="col-sm-4"> + <h2>General</h2> + <ul class="nav"> + <li> + <a target="_blank" href="https://projects.apache.org/project.html?cordova">Apache Project Page</a> + </li> + <li> + <a target="_blank" href="http://www.apache.org/licenses/LICENSE-2.0">License</a> + </li> + <li> + <a href="/artwork">Artwork</a> + </li> + </ul> + </div> + <div class="col-sm-4"> + <h2>Development</h2> + <ul class="nav"> + <li><a target="_blank" href="https://github.com/apache?utf8=%E2%9C%93&query=cordova-">Source Code</a></li> + <li><a target="_blank" href="https://issues.apache.org/jira/browse/CB/">Issue Tracker</a></li> + <li><a target="_blank" href="http://stackoverflow.com/questions/tagged/cordova">Stack Overflow</a></li> + <li><a href="/contact">Mailing List</a></li> + </ul> + </div> + <div class="col-sm-4"> + <h2>Apache Software Foundation</h2> + <ul class="nav"> + <li> + <a target="_blank" href="http://www.apache.org/">About ASF</a> + </li> + <li> + <a target="_blank" href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a> + </li> + <li> + <a target="_blank" href="http://www.apache.org/foundation/thanks.html">Thanks</a> + </li> + <li> + <a target="_blank" href="http://www.apache.org/security/">Security</a> + </li> + </ul> + </div> + </div> + </div> + <div class="col-sm-3"> + <h1>Contribute</h1> + <p style="padding-top:20px"><strong>Help Cordova move forward!</strong></p> + <p>Report bugs, improve the docs, or contribute to the code.</p> + <a href="/contribute" class="btn btn-lg btn-primary"> + Learn More + </a> + <p style="padding-top:20px"> <a href="https://twitter.com/apachecordova" class="twitter-follow-button" data-show-count="false">Follow @apachecordova</a></p> + <script async defer src="https://slack.cordova.io/slackin.js"></script> + </div> + </div> + <p class="copyright_text"> + Copyright © 2012, 2013, 2015 The Apache Software Foundation, Licensed under the <a target="_blank" href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/> + Apache and the Apache feather logos are <a target="_blank" href="http://www.apache.org/foundation/marks/list/">trademarks</a> of The Apache Software Foundation. + </p> + <a class="closing" href="#top"></a> + </div> +</footer> + +<script defer type="text/javascript" src="/static/js/lib/prettify/prettify.js"></script> +<script defer type="text/javascript" src="/static/js/index.js"></script> +<script defer type="text/javascript" src="/static/js/twitter.js"></script> + + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + ga('create', 'UA-64283057-3', 'auto'); + ga('send', 'pageview'); +</script> + +</body> +</html> Modified: cordova/site/public/blog/index.html URL: http://svn.apache.org/viewvc/cordova/site/public/blog/index.html?rev=1715452&r1=1715451&r2=1715452&view=diff ============================================================================== --- cordova/site/public/blog/index.html (original) +++ cordova/site/public/blog/index.html Sat Nov 21 00:45:41 2015 @@ -97,6 +97,39 @@ <li> <header> + <div class="adorner" blogTime="Fri, 20 Nov 2015 00:00:00 -0800"></div> + <h2 class="title"> + <a href="/announcements/2015/11/20/security.html">CVE annoucements for Cordova-Android</a> + </h2> + <div class="details"> + <span class="date">20 Nov 2015</span> + - by + <span class="author"> + + <a href="https://twitter.com/infil00p">Joe Bowser</a> + + </span> + <a class="comment" href="/announcements/2015/11/20/security.html#disqus_thread"></a> + </div> + </header> + <section class="post-excerpt"> + <p><p>Two older vulerabilities were brought to our attention, and while we found that they were fixed in later versions of Cordova, we are required to announce these +vulnerabilities, and to encourage users to upgrade to a supported version of Cordova, the lowest stable version currently being Android 4.1.0. We are no longer supporting +Cordova-Android 3.x due to security issues related to the legacy whitelist implementation, and we recommend that users upgrade to Cordova Android 5.0.x for Marshmallow support.</p> + +<p>When using the Cordova CLI, the command to use 4.1.0 of Cordova Android is:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text">cordova platform add android@4.1.0 +</code></pre></div> +<p>The security issues are CVE-2015-5256 and CVE-2015-5257</p> + +<p>For your convenience, the text of the CVEs are included here.</p> +</p> + <div><a href="/announcements/2015/11/20/security.html">More...</a></div> + </section> + </li> + + <li> + <header> <div class="adorner" blogTime="Wed, 11 Nov 2015 00:00:00 -0800"></div> <h2 class="title"> <a href="/announcements/2015/11/11/cordova-windows-4.2.0.html">Apache Cordova Windows 4.2.0</a> @@ -3155,7 +3188,7 @@ window.twttr = (function(d, s, id) { <script> window.onload = function(){ setTimeout(function(){ - var lastPostTime = new Date("Wed, 11 Nov 2015 00:00:00 -0800").getTime(); + var lastPostTime = new Date("Fri, 20 Nov 2015 00:00:00 -0800").getTime(); setCookie("visitTime", lastPostTime, 365); }, 2000); }; Modified: cordova/site/public/feed.xml URL: http://svn.apache.org/viewvc/cordova/site/public/feed.xml?rev=1715452&r1=1715451&r2=1715452&view=diff ============================================================================== --- cordova/site/public/feed.xml (original) +++ cordova/site/public/feed.xml Sat Nov 21 00:45:41 2015 @@ -6,11 +6,85 @@ </description> <link>https://cordova.apache.org/</link> <atom:link href="https://cordova.apache.org/feed.xml" rel="self" type="application/rss+xml"/> - <pubDate>Wed, 18 Nov 2015 21:27:20 -0800</pubDate> - <lastBuildDate>Wed, 18 Nov 2015 21:27:20 -0800</lastBuildDate> + <pubDate>Fri, 20 Nov 2015 16:30:12 -0800</pubDate> + <lastBuildDate>Fri, 20 Nov 2015 16:30:12 -0800</lastBuildDate> <generator>Jekyll v2.5.3</generator> <item> + <title>CVE annoucements for Cordova-Android</title> + <description><p>Two older vulerabilities were brought to our attention, and while we found that they were fixed in later versions of Cordova, we are required to announce these +vulnerabilities, and to encourage users to upgrade to a supported version of Cordova, the lowest stable version currently being Android 4.1.0. We are no longer supporting +Cordova-Android 3.x due to security issues related to the legacy whitelist implementation, and we recommend that users upgrade to Cordova Android 5.0.x for Marshmallow support.</p> + +<p>When using the Cordova CLI, the command to use 4.1.0 of Cordova Android is:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text">cordova platform add android@4.1.0 +</code></pre></div> +<p>The security issues are CVE-2015-5256 and CVE-2015-5257</p> + +<p>For your convenience, the text of the CVEs are included here.</p> + +<!--more--> + +<hr> + +<p>CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions on Android</p> + +<p>Severity: Medium</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Cordova Android 3.7.2 and earlier</p> + +<p>Description: +Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not properly applied. +Improperly crafted URIs could be used to circumvent the whitelist, allowing for the execution of non-whitelisted Javascript.</p> + +<p>Upgrade path: +Developers who are concerned about this should rebuild their applications with Cordova Android 4.1.1. Developers using remote content roots should also +use SSL, as well as Content Source Policy to further mitigate this issue.</p> + +<p>Credit: Muneaki Nishimura of Sony Digital Network Applications, Inc</p> + +<hr> + +<p>CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android</p> + +<p>Severity: Low</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Cordova Android versions up to 3.6.4</p> + +<p>Description:</p> + +<p>Cordova uses a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the +framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.</p> + +<p>Upgreade Path: +Developers who are concerned about this issue should rebuild their applications with Cordova Android 4.1.1 or later. Versions after 3.6.4 do not contain this vulnerability.</p> + +<p>Credit: David Kaplan &amp; Roee Hay, IBM X-Force Application Security Research Team</p> +</description> + <pubDate>Fri, 20 Nov 2015 00:00:00 -0800</pubDate> + <link>https://cordova.apache.org/announcements/2015/11/20/security.html</link> + <guid isPermaLink="true">https://cordova.apache.org/announcements/2015/11/20/security.html</guid> + + <category>news</category> + + <category>releases</category> + + <category>security</category> + + + <category>announcements</category> + + </item> + + <item> <title>Apache Cordova Windows 4.2.0</title> <description><p>We are happy to announce that <code class="prettyprint">Cordova Windows 4.2.0</code> has been released!</p> @@ -637,80 +711,6 @@ cordova platform update blackberry10@3.8 <category>news</category> - <category>releases</category> - - - <category>announcements</category> - - </item> - - <item> - <title>Apache Cordova Windows 4.1.0</title> - <description><p>We are happy to announce that <code class="prettyprint">Cordova Windows 4.1.0</code> has been released and will be the -default Windows version after next <code class="prettyprint">cordova-cli</code> release.</p> - -<p>This release aligns with the RTM release of Windows 10, and supports the web platform enhancements that it included, such as hosted apps and a new version of WinJS. It also supports the new .NET Native compilation model for Cordova plugins which include a native or .NET component.</p> - -<p>There are also a number of bug fixes, including platform dependency problems and the ability to perform a <code class="prettyprint">cordova prepare</code> for Windows while on a Mac.</p> - -<p>Finally, user-configurable packaging parameters are now fully baked, so that Windows code signing requirements don&#39;t overwrite code signing requirements for other platforms. Use the <code class="prettyprint">windows-packageVersion</code> attribute of <code class="prettyprint">&lt;widget&gt;</code> in config.xml to specify an independent version for Windows Store submission, and to incorporate the name of the application which is assigned by the Windows Store, set the <code class="prettyprint">&lt;preference&gt;</code> named <code class="prettyprint">WindowsStoreIdentityName</code>.</p> - -<p>Now there is support to see console.log messages and exceptions from your app in the console. This can be useful for quick diagnostics. In an admin command prompt, you can run:</p> -<div class="highlight"><pre><code class="language-text" data-lang="text">platforms\windows\cordova\log -</code></pre></div> -<p>To upgrade:</p> -<div class="highlight"><pre><code class="language-text" data-lang="text">npm install -g cordova -cd my_project -cordova platform update windows@4.1.0 -</code></pre></div> -<p>To add it explicitly:</p> -<div class="highlight"><pre><code class="language-text" data-lang="text">cordova platform add windows@4.1.0 --save -</code></pre></div> -<p>For non-CLI projects or for pre-3.0 projects, refer to the <a href="http://cordova.apache.org/docs/en/dev/guide_platforms_index.md.html">upgrade guides</a>.</p> - -<!--more--> - -<h2>What&#39;s new in the Windows platform</h2> - -<ul> -<li><a href="https://issues.apache.org/jira/browse/CB-9499">CB-9499</a>: Run failure targeting x64 with an x86 version of Node</li> -<li><a href="https://issues.apache.org/jira/browse/CB-8936">CB-8936</a>: Logs: Stability and formatting improvements</li> -<li><a href="https://issues.apache.org/jira/browse/CB-8936">CB-8936</a>: Windows logs: Improvements</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9482">CB-9482</a>: Mobile deployment failure</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9482">CB-9482</a>: Mobile emulator deployment failure</li> -<li><a href="https://issues.apache.org/jira/browse/CB-8936">CB-8936</a>: Added logging functionality</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9458">CB-9458</a>: Updated the baseline version of Universal Windows to 10240.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9456">CB-9456</a>: Fixed windows app crash on startup</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9450">CB-9450</a>: <code class="prettyprint">WindowsStoreIdentityName</code> preference for Store publishing</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9455">CB-9455</a>: Fixed requirements check failure</li> -<li><a href="https://issues.apache.org/jira/browse/CB-8965">CB-8965</a>: Wait for project creation before adding to it.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-8965">CB-8965</a>: Copy cordova-js-src directory to platform folder during create</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9359">CB-9359</a>: Adds support for .appxbundle creation</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9410">CB-9410</a>: Added preferences for Windows Store ingestion.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9408">CB-9408</a>: Added a <code class="prettyprint">windows-packageVersion</code> attribute to the <code class="prettyprint">&lt;widget&gt;</code> element</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9283">CB-9283</a>: Add support for Windows 10 WinAppDeployCmd for deployment to remote devices.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9239">CB-9239</a>: Fixes issue with windows prepare on posix platforms.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9235">CB-9235</a>: Adds more checks based on the windows-target-version</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9159">CB-9159</a>: Fix WP8.1 deploy when &#39;window-target-version&#39; is 10.0.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9335">CB-9335</a>: Windows quality-of-life improvements.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9271">CB-9271</a>: Removed the unnecessary device capabilities from the Windows 10 app manifest.</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9252">CB-9252</a>: Migrate WinJS to an NPM dependency</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9164">CB-9164</a>: Better error message when deploying to Windows10 phone emulator</li> -<li><a href="https://issues.apache.org/jira/browse/CB-9097">CB-9097</a>: fail with a more descriptive error if run as admin</li> -</ul> - -<p><strong>Known Issues with 4.1.0 and Windows 10</strong></p> - -<ul> -<li>The Windows 10 SDK includes a tool which can deploy to Windows 10 Phone, but not to a Windows 10 Phone Emulator. To deploy to an emulator, open your solution file in Visual Studio.</li> -</ul> -</description> - <pubDate>Tue, 18 Aug 2015 00:00:00 -0700</pubDate> - <link>https://cordova.apache.org/announcements/2015/08/18/cordova-windows-4.1.0.html</link> - <guid isPermaLink="true">https://cordova.apache.org/announcements/2015/08/18/cordova-windows-4.1.0.html</guid> - - <category>news</category> - <category>releases</category> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cordova.apache.org For additional commands, e-mail: commits-h...@cordova.apache.org