I'm updating the app right now. I'm using plugman and it's working fine, the only problem I've found is, as the app is old and I don't want to change the code, I tried to install the file plugin from an older release (older than 1.0.0 release as it brought a lot of changes) and got an error, but I'm not even sure if plugman supports installing plugins from older releases.
I ended downloading the older release and instaled it from the folder, this is working fine. 2014-10-02 21:37 GMT+02:00 julio cesar sanchez <jcesarmob...@gmail.com>: > I've using it for two and a half year on iOS but only for a year on android > Your blog post was very helpful ( > http://infil00p.org/android/cordova/phonegap/2012/12/04/advanced-tutorial-using-cordovawebview-on-android/ > ) > > We had a meeting with IBM guys yesterday and I think they mentioned that > they use the embedded webviews on worklight too > > 2014-10-02 19:16 GMT+02:00 Joe Bowser <bows...@gmail.com>: > >> >> >> On Thu, Oct 2, 2014 at 9:57 AM, julio cesar sanchez < >> jcesarmob...@gmail.com> wrote: >> >>> I have received the same mail. >>> >>> BTW, in one of my apps I use an embedded cordova webview and I'm not sure >>> how to upgrade that app. >>> >>> My main problem is I don't know how to install the core plugins I need, >>> that isn't explained on the embedding webviews guide. I don't think I can >>> use the CLI as the project isn't created with the CLI and isn't a real >>> cordova project. >>> >>> Any hints? >>> >>> Maybe using plugman? >>> >> >> Yes! Use plugman to install your plugins. It's kind-of annoying, but it's >> the best way to get them to work. If there's bugs with Plugman, you should >> file an issue that it doesn't support this use case. >> >> Also, thanks for using the Embedded Cordova WebView! I'm really glad that >> there's real people who use it, since at times I was thinking I was making >> a big issue out of nothing. >> >> >>> >>> >>> 2014-10-02 17:52 GMT+02:00 Ian Clelland <iclell...@chromium.org>: >>> >>> > That patch fixes the startURL / errorURL issue, which is one of the >>> major >>> > components of the 3.5.1 security release (CVE-2014-3500). >>> > >>> > The other issue is CVE-2014-3502, which is that intent urls can be >>> launched >>> > by a Cordova app regardless of the whitelist settings. There isn't a >>> patch >>> > which addresses this on the 2.x branch (unless IBM has produced one -- >>> > Mike?) but it shouldn't be much work to simply remove the all of the >>> code >>> > that handles intent / sms / geo / tel / etc. URLs from the >>> > shouldOverrideUrlLoading method of CordovaWebViewClient.java. If you >>> remove >>> > the intent-launching code from that method, then it should stop your >>> > application from launching external applications. >>> > >>> > That being said, if you can afford to upgrade to 3.x (3.6.x now) then >>> it >>> > will be much easier for you to get additional security patches in the >>> > future. We're not running or testing 2.x anymore, and can't guarantee, >>> for >>> > instance, that the patch that Andrew mentioned or the technique that I >>> just >>> > described will actually work. >>> > >>> > Ian >>> > >>> > On Thu, Oct 2, 2014 at 11:40 AM, Andrew Grieve <agri...@chromium.org> >>> > wrote: >>> > >>> > > That said, the relevant patch is here: >>> > > >>> > > >>> > > >>> > >>> https://github.com/apache/cordova-android/commit/2ab81bc5aeb575fef3657cf48a671607e81ca37d >>> > > >>> > > (Ian / Joe, please correct me if there's more than that) >>> > > >>> > > >>> > > >>> > > On Thu, Oct 2, 2014 at 11:29 AM, Joe Bowser <bows...@gmail.com> >>> wrote: >>> > > >>> > >> No, you should upgrade to 3.5.1. We have dropped support for >>> Cordova >>> > 2.x >>> > >> months ago, and we recommend upgrading. >>> > >> >>> > >> On Thu, Oct 2, 2014 at 7:33 AM, <steve.wil...@bentley.com> wrote: >>> > >> >>> > >> > We have released applications in the Google Play store based on >>> > Cordova >>> > >> > 2.7.0 and have received notification from Google that these apps >>> are >>> > >> > vulnerable to an Android Cordova security issue ( >>> > >> > >>> http://cordova.apache.org/announcements/2014/08/04/android-351.html). >>> > >> > >>> > >> > Upgrading to Cordova 3.5.1 would require significant work on our >>> part. >>> > >> Is >>> > >> > there any possibility that you can release a patched Cordova >>> Android >>> > >> > version based on 2.7 that would fix this security vulnerability? >>> > >> > >>> > >> > Please let me know whether you think this would be possible on >>> your >>> > >> part. >>> > >> > Thank you! >>> > >> > >>> > >> > Thanks, >>> > >> > Steve Wilson >>> > >> > >>> > >> >>> > > >>> > > >>> > >>> >> >> >
