That said, the relevant patch is here: https://github.com/apache/cordova-android/commit/2ab81bc5aeb575fef3657cf48a671607e81ca37d
(Ian / Joe, please correct me if there's more than that) On Thu, Oct 2, 2014 at 11:29 AM, Joe Bowser <bows...@gmail.com> wrote: > No, you should upgrade to 3.5.1. We have dropped support for Cordova 2.x > months ago, and we recommend upgrading. > > On Thu, Oct 2, 2014 at 7:33 AM, <steve.wil...@bentley.com> wrote: > > > We have released applications in the Google Play store based on Cordova > > 2.7.0 and have received notification from Google that these apps are > > vulnerable to an Android Cordova security issue ( > > http://cordova.apache.org/announcements/2014/08/04/android-351.html). > > > > Upgrading to Cordova 3.5.1 would require significant work on our part. Is > > there any possibility that you can release a patched Cordova Android > > version based on 2.7 that would fix this security vulnerability? > > > > Please let me know whether you think this would be possible on your part. > > Thank you! > > > > Thanks, > > Steve Wilson > > >
