Hello everyone, This morning, we released new versions of several plugins, containing a number of improvements and bug fixes.
Two of these plugins contain important security patches, and we're recommending that anyone using them upgrade their plugins immediately. File-Transfer used an insecure default setting on iOS, which could allow an insecure SSL certificate to be accepted as valid when uploading or downloading files. In-App-Browser on iOS contains an exploit that could allow a malicious site to execute JavaScript in the context of the Cordova application. Both plugins have been updated, and the latest versions on git and at plugins.cordova.io have been patched. I've posted the vulnerability notices to this list, as well as bugtraq, full-disclosure, and the Apache security list. We'd like to thank Neil Bergman of Cigital Inc. for finding these issues, and working with us to resolve them quickly.
