Author: janpio
Date: Mon Nov 30 18:07:13 2020
New Revision: 1883957
URL: http://svn.apache.org/viewvc?rev=1883957&view=rev
Log:
Updated docs
Added:
cordova/site/public/2020/
cordova/site/public/2020/11/
cordova/site/public/2020/11/30/
cordova/site/public/2020/11/30/cve-2020-11990.html
Modified:
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
cordova/site/public/blog/index.html
cordova/site/public/feed.xml
cordova/site/public/sitemap.xml
cordova/site/public/static/js/index.js
Added: cordova/site/public/2020/11/30/cve-2020-11990.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/2020/11/30/cve-2020-11990.html?rev=1883957&view=auto
==============================================================================
--- cordova/site/public/2020/11/30/cve-2020-11990.html (added)
+++ cordova/site/public/2020/11/30/cve-2020-11990.html Mon Nov 30 18:07:13 2020
@@ -0,0 +1,54 @@
+<hr>
+
+<p>layout: post
+author:
+ name: Jesse MacFadyen
+title: "Security Advisory CVE-2020-11990"
+categories: news</p>
+
+<h2>tags: security advisory</h2>
+
+<p>We have resolved a security issue in the camera plugin that could have
affected certain Cordova (Android) applications.</p>
+
+<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin camera vulnerable to
information disclosure</p>
+
+<p><strong>Type of Vulnerability:</strong></p>
+
+<p>CWE-200: Exposure of Sensitive Information to an Unauthorized Actor</p>
+
+<p><strong>Severity:</strong> Low</p>
+
+<p><strong>Vendor:</strong> The Apache Software Foundation</p>
+
+<p><strong>Possible attackers condition:</strong></p>
+
+<p>An attacker who can install (or lead the victim to install) the specially
crafted (or malicious) Android application. Android documentation describes the
external cache location as application specific, however,
+<em>"There is no security enforced with these files. For example, any
application holding Manifest.permission.WRITE</em>EXTERNAL<em>STORAGE can write
to these files."</em>
+( and thereby read )</p>
+
+<p><strong>Possible victims:</strong></p>
+
+<p>Android users that take pictures with an Apache Cordova based application
and attached removable storage.</p>
+
+<p><strong>Possible Impacts:</strong></p>
+
+<ul>
+<li>Confidentiality is breached.</li>
+<li>The image file (photo) taken by the Android apps that was developed using
the Apache Cordova camera plugin will be disclosed.</li>
+</ul>
+
+<p><strong>Versions Affected:</strong></p>
+
+<p>Cordova Android applications using the Camera plugin</p>
+
+<p>( cordova-plugin-camera version 4.1.0 and below )</p>
+
+<p><strong>Upgrade path:</strong></p>
+
+<p>Developers who are concerned about this issue should install version 5.0.0
or higher of cordova-plugin-camera</p>
+
+<p><strong>Mitigation Steps:</strong></p>
+
+<p>Upgrade plugin and rebuild application, update deployments.</p>
+
+<p><strong>Credit:</strong> JPCERT/CC Vulnerability Coordination Group.
(JVN#59779918)</p>
Modified:
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html?rev=1883957&r1=1883956&r2=1883957&view=diff
==============================================================================
---
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
(original)
+++
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
Mon Nov 30 18:07:13 2020
@@ -274,6 +274,26 @@ cordova platform add electron@2.0.0
</div>
<div class="col-sm-6">
+ <a href="/2020/11/30/cve-2020-11990.html">Next</a>
+ <br>
+ <br>
+ <a class="title"
href="/2020/11/30/cve-2020-11990.html">Cve 2020 11990</a>
+ <div class="date"> 30 Nov 2020 - By </div>
+ <p class="content">
+ <!--
+ NOTE:
+ the markdownify filter is used here
+ because posts are rendered in sequence;
+ that is, the next post's content isn't
+ yet rendered at the time that this post
+ is being rendered, so page.next.excerpt
+ is still in Markdown and not HTML
+
+ Reference:
https://github.com/jekyll/jekyll/issues/2860
+ -->
+ layout: post author: name: Jesse MacFadyen title:
"Security Advisory CVE-2020-11990" categories: news...
+ </p>
+
</div>
</div>
</footer>
Modified: cordova/site/public/blog/index.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/blog/index.html?rev=1883957&r1=1883956&r2=1883957&view=diff
==============================================================================
--- cordova/site/public/blog/index.html (original)
+++ cordova/site/public/blog/index.html Mon Nov 30 18:07:13 2020
@@ -126,6 +126,83 @@
<li>
<header>
+ <div class="adorner" blogTime="Mon, 30 Nov 2020 00:00:00
+0000"></div>
+ <h2 class="title">
+ <a href="/2020/11/30/cve-2020-11990.html">Cve 2020
11990</a>
+ </h2>
+ <div class="details">
+ <span class="date">30 Nov 2020</span>
+ - by
+ <span class="author">
+
+
+
+ </span>
+ <a class="comment"
href="/2020/11/30/cve-2020-11990.html#disqus_thread"></a>
+ </div>
+ </header>
+ <section class="post-excerpt">
+ <p><hr>
+
+<p>layout: post
+author:
+ name: Jesse MacFadyen
+title: "Security Advisory CVE-2020-11990"
+categories: news</p>
+
+<h2>tags: security advisory</h2>
+
+<p>We have resolved a security issue in the camera plugin that could have
affected certain Cordova (Android) applications.</p>
+
+<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin camera vulnerable to
information disclosure</p>
+
+<p><strong>Type of Vulnerability:</strong></p>
+
+<p>CWE-200: Exposure of Sensitive Information to an Unauthorized Actor</p>
+
+<p><strong>Severity:</strong> Low</p>
+
+<p><strong>Vendor:</strong> The Apache Software Foundation</p>
+
+<p><strong>Possible attackers condition:</strong></p>
+
+<p>An attacker who can install (or lead the victim to install) the specially
crafted (or malicious) Android application. Android documentation describes the
external cache location as application specific, however,
+<em>"There is no security enforced with these files. For example, any
application holding Manifest.permission.WRITE</em>EXTERNAL<em>STORAGE can write
to these files."</em>
+( and thereby read )</p>
+
+<p><strong>Possible victims:</strong></p>
+
+<p>Android users that take pictures with an Apache Cordova based application
and attached removable storage.</p>
+
+<p><strong>Possible Impacts:</strong></p>
+
+<ul>
+<li>Confidentiality is breached.</li>
+<li>The image file (photo) taken by the Android apps that was developed using
the Apache Cordova camera plugin will be disclosed.</li>
+</ul>
+
+<p><strong>Versions Affected:</strong></p>
+
+<p>Cordova Android applications using the Camera plugin</p>
+
+<p>( cordova-plugin-camera version 4.1.0 and below )</p>
+
+<p><strong>Upgrade path:</strong></p>
+
+<p>Developers who are concerned about this issue should install version 5.0.0
or higher of cordova-plugin-camera</p>
+
+<p><strong>Mitigation Steps:</strong></p>
+
+<p>Upgrade plugin and rebuild application, update deployments.</p>
+
+<p><strong>Credit:</strong> JPCERT/CC Vulnerability Coordination Group.
(JVN#59779918)</p>
+</p>
+ <div><a
href="/2020/11/30/cve-2020-11990.html">More...</a></div>
+ </section>
+ </li>
+
+ <li>
+ <header>
<div class="adorner" blogTime="Fri, 02 Oct 2020 00:00:00
+0000"></div>
<h2 class="title">
<a
href="/announcements/2020/10/02/cordova-electron-release-2.0.0.html">Cordova
Electron 2.0.0 Released!</a>
@@ -10183,7 +10260,7 @@ window.twttr = (function(d, s, id) {
<script>
window.onload = function(){
setTimeout(function(){
- var lastPostTime = new Date("Fri, 02 Oct 2020 00:00:00
+0000").getTime();
+ var lastPostTime = new Date("Mon, 30 Nov 2020 00:00:00
+0000").getTime();
setCookie("visitTime", lastPostTime, 365);
}, 2000);
};
Modified: cordova/site/public/feed.xml
URL:
http://svn.apache.org/viewvc/cordova/site/public/feed.xml?rev=1883957&r1=1883956&r2=1883957&view=diff
==============================================================================
--- cordova/site/public/feed.xml (original)
+++ cordova/site/public/feed.xml Mon Nov 30 18:07:13 2020
@@ -6,11 +6,75 @@
</description>
<link>https://cordova.apache.org/</link>
<atom:link href="https://cordova.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Sat, 28 Nov 2020 08:28:32 +0000</pubDate>
- <lastBuildDate>Sat, 28 Nov 2020 08:28:32 +0000</lastBuildDate>
+ <pubDate>Mon, 30 Nov 2020 17:47:38 +0000</pubDate>
+ <lastBuildDate>Mon, 30 Nov 2020 17:47:38 +0000</lastBuildDate>
<generator>Jekyll v2.5.3</generator>
<item>
+ <title>Cve 2020 11990</title>
+ <description><hr>
+
+<p>layout: post
+author:
+ name: Jesse MacFadyen
+title: &quot;Security Advisory CVE-2020-11990&quot;
+categories: news</p>
+
+<h2>tags: security advisory</h2>
+
+<p>We have resolved a security issue in the camera plugin that could
have affected certain Cordova (Android) applications.</p>
+
+<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin
camera vulnerable to information disclosure</p>
+
+<p><strong>Type of Vulnerability:</strong></p>
+
+<p>CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor</p>
+
+<p><strong>Severity:</strong> Low</p>
+
+<p><strong>Vendor:</strong> The Apache Software
Foundation</p>
+
+<p><strong>Possible attackers condition:</strong></p>
+
+<p>An attacker who can install (or lead the victim to install) the
specially crafted (or malicious) Android application. Android documentation
describes the external cache location as application specific, however,
+<em>&quot;There is no security enforced with these files. For
example, any application holding
Manifest.permission.WRITE</em>EXTERNAL<em>STORAGE can write to
these files.&quot;</em>
+( and thereby read )</p>
+
+<p><strong>Possible victims:</strong></p>
+
+<p>Android users that take pictures with an Apache Cordova based
application and attached removable storage.</p>
+
+<p><strong>Possible Impacts:</strong></p>
+
+<ul>
+<li>Confidentiality is breached.</li>
+<li>The image file (photo) taken by the Android apps that was developed
using the Apache Cordova camera plugin will be disclosed.</li>
+</ul>
+
+<p><strong>Versions Affected:</strong></p>
+
+<p>Cordova Android applications using the Camera plugin</p>
+
+<p>( cordova-plugin-camera version 4.1.0 and below )</p>
+
+<p><strong>Upgrade path:</strong></p>
+
+<p>Developers who are concerned about this issue should install version
5.0.0 or higher of cordova-plugin-camera</p>
+
+<p><strong>Mitigation Steps:</strong></p>
+
+<p>Upgrade plugin and rebuild application, update deployments.</p>
+
+<p><strong>Credit:</strong> JPCERT/CC Vulnerability
Coordination Group. (JVN#59779918)</p>
+</description>
+ <pubDate>Mon, 30 Nov 2020 00:00:00 +0000</pubDate>
+ <link>https://cordova.apache.org/2020/11/30/cve-2020-11990.html</link>
+ <guid
isPermaLink="true">https://cordova.apache.org/2020/11/30/cve-2020-11990.html</guid>
+
+
+ </item>
+
+ <item>
<title>Cordova Electron 2.0.0 Released!</title>
<description><p>We are happy to announce that we have just
released <code>Cordova Electron 2.0.0</code>! This is one of
Cordova&#39;s supported platforms for building Electron
applications.</p>
@@ -745,39 +809,5 @@ npm install <span class="nt"
</item>
- <item>
- <title>Cordova Common 4.0.2 Released!</title>
- <description><p>We are happy to announce that
<code>cordova-common@4.0.2</code> was released in July 2020. This
is one of the libraries used behind-the-scenes by nearly all of the Cordova
tooling and provides utilities for dealing with things like
<code>config.xml</code> parsing.</p>
-
-<h2>Release Highlights</h2>
-
-<p>The most notable fix in this patch release is the ability to update
the correct app&#39;s <code>plist</code> file when multiple
<code>plist</code> files are present within the project. More
details can be found in the <a
href="https://github.com/apache/cordova-common/pull/148">pull
request</a> and <a
href="https://github.com/apache/cordova-common/issues/144">original
bug ticket</a>.</p>
-
-<p>Please report any issues you find at <a
href="http://issues.cordova.io/">issues.cordova.io</a>!</p>
-
-<!--more-->
-
-<h1>Changes include:</h1>
-
-<ul>
-<li><a
href="https://github.com/apache/cordova-common/pull/148">GH-148</a>
fix(ios): resolve correct path to app info <code>plist</code> when
multiple <code>plist</code> files are present</li>
-<li><a
href="https://github.com/apache/cordova-common/pull/147">GH-147</a>
chore: remove trailing whitespace</li>
-<li><a
href="https://github.com/apache/cordova-common/pull/146">GH-146</a>
chore: bump <code>devDependencies</code>
<code>nyc</code> -&gt;
<code>^15.1.0</code></li>
-<li><a
href="https://github.com/apache/cordova-common/pull/145">GH-145</a>
test: remove unused test fixtures</li>
-</ul>
-</description>
- <pubDate>Sat, 04 Jul 2020 00:00:00 +0000</pubDate>
-
<link>https://cordova.apache.org/announcements/2020/07/04/cordova-common-release-4.0.2.html</link>
- <guid
isPermaLink="true">https://cordova.apache.org/announcements/2020/07/04/cordova-common-release-4.0.2.html</guid>
-
- <category>news</category>
-
- <category>releases</category>
-
-
- <category>announcements</category>
-
- </item>
-
</channel>
</rss>
Modified: cordova/site/public/sitemap.xml
URL:
http://svn.apache.org/viewvc/cordova/site/public/sitemap.xml?rev=1883957&r1=1883956&r2=1883957&view=diff
==============================================================================
--- cordova/site/public/sitemap.xml (original)
+++ cordova/site/public/sitemap.xml Mon Nov 30 18:07:13 2020
@@ -4,6 +4,11 @@
<!-- posts -->
<url>
+ <loc>https://cordova.apache.org/2020/11/30/cve-2020-11990.html</loc>
+</url>
+
+
+<url>
<loc>https://cordova.apache.org/announcements/2020/10/02/cordova-electron-release-2.0.0.html</loc>
</url>
Modified: cordova/site/public/static/js/index.js
URL:
http://svn.apache.org/viewvc/cordova/site/public/static/js/index.js?rev=1883957&r1=1883956&r2=1883957&view=diff
==============================================================================
--- cordova/site/public/static/js/index.js (original)
+++ cordova/site/public/static/js/index.js Mon Nov 30 18:07:13 2020
@@ -77,6 +77,7 @@ function checkNotification() {
var dates = [];
if (lastVisit != "") {
+ dates.push('Mon, 30 Nov 2020 00:00:00 +0000');
dates.push('Fri, 02 Oct 2020 00:00:00 +0000');
dates.push('Tue, 29 Sep 2020 00:00:00 +0000');
dates.push('Fri, 18 Sep 2020 00:00:00 +0000');
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cordova.apache.org
For additional commands, e-mail: commits-h...@cordova.apache.org
