We will probably do a plugins release after Easter with all plugins updated since the last release, so we can include this and some other deprecated plugins that also got an update.
2018-03-27 15:24 GMT+02:00 [email protected] <[email protected]>: > > > On 2018/03/26 21:23:26, Steven Gill <[email protected]> wrote: > > cordova-plugin-globalization was deprecated November 2017. See > > https://github.com/apache/cordova-plugin-globalization# > deprecation-notice > > > > We aren't planning on doing anymore releases as far as I'm aware. We > > recommend pointing your package.json & config.xml to the github repo > > instead if you want to continue using it. Another option is to fork the > > plugin and publish it under a different name with the fix you need. > > > > Cheers, > > -Steve > > > > On Mon, Mar 26, 2018 at 11:19 AM, [email protected] < > > [email protected]> wrote: > > > > > Hi Team, > > > > > > Pull request #64 (https://github.com/apache/ > cordova-plugin-globalization/ > > > pull/64) was committed on February 2 to address a ReDoS issue in > > > moment.js, which is shipped in cordova-plugin-globalization. As this > is a > > > security issue, may I ask what the current plans are for releasing a > new > > > version of the plugin please? We've tested the nightly build and > confirmed > > > that the issue has been addressed, but would obviously prefer to ship > with > > > a released version of the plugin as opposed to a nightly build. > > > > > > Thanks for your help, > > > John Gerken > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > Hi Steve, > > Thanks for your reply. That puts us in a very difficult spot because > migrating away from this plugin is a non-trivial task and we've got about > 600 enterprise customers to consider. As this is a security issue, is > there any recourse for me to request that the decision to not release this > already committed fix be reconsidered? > > Thanks for your help, > John > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
