Thanks Simon, My development team is currently investigating what it will take for us to migrate away from using cordova-plugin-globalization, but it will take some time to get it scheduled and completed. So it will happen -- that's the good news. The bad news is that it keeps our customers hanging until that is complete. So a new build with our merged pull request helps our customers greatly to bridge the gap until our migration is complete.
Earlier messages suggested a release sometime shortly after Easter. Any idea if or when that might take place? Thanks again for your help, everyone. John On 2018/03/27 14:38:28, Simon MacDonald <[email protected]> wrote: > Since this is a security issue that has already been merged I feel like we > should include globalization in the next plugin release. > > John, you really should start planning to migrate away from this plugin as > we can't guarantee it will be updated in the future. There is a blog post > detailing an alternative that doesn't even require a plugin and aligns with > current web standard API's. > > http://cordova.apache.org/news/2017/11/20/migrate-from-cordova-globalization-plugin.html > > > Simon Mac Donald > http://simonmacdonald.com > > On Tue, Mar 27, 2018 at 9:27 AM, julio cesar sanchez <[email protected] > > wrote: > > > We will probably do a plugins release after Easter with all plugins updated > > since the last release, so we can include this and some other deprecated > > plugins that also got an update. > > > > 2018-03-27 15:24 GMT+02:00 [email protected] <[email protected]>: > > > > > > > > > > > On 2018/03/26 21:23:26, Steven Gill <[email protected]> wrote: > > > > cordova-plugin-globalization was deprecated November 2017. See > > > > https://github.com/apache/cordova-plugin-globalization# > > > deprecation-notice > > > > > > > > We aren't planning on doing anymore releases as far as I'm aware. We > > > > recommend pointing your package.json & config.xml to the github repo > > > > instead if you want to continue using it. Another option is to fork the > > > > plugin and publish it under a different name with the fix you need. > > > > > > > > Cheers, > > > > -Steve > > > > > > > > On Mon, Mar 26, 2018 at 11:19 AM, [email protected] < > > > > [email protected]> wrote: > > > > > > > > > Hi Team, > > > > > > > > > > Pull request #64 (https://github.com/apache/ > > > cordova-plugin-globalization/ > > > > > pull/64) was committed on February 2 to address a ReDoS issue in > > > > > moment.js, which is shipped in cordova-plugin-globalization. As this > > > is a > > > > > security issue, may I ask what the current plans are for releasing a > > > new > > > > > version of the plugin please? We've tested the nightly build and > > > confirmed > > > > > that the issue has been addressed, but would obviously prefer to ship > > > with > > > > > a released version of the plugin as opposed to a nightly build. > > > > > > > > > > Thanks for your help, > > > > > John Gerken > > > > > > > > > > ------------------------------------------------------------ > > --------- > > > > > To unsubscribe, e-mail: [email protected] > > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > Hi Steve, > > > > > > Thanks for your reply. That puts us in a very difficult spot because > > > migrating away from this plugin is a non-trivial task and we've got about > > > 600 enterprise customers to consider. As this is a security issue, is > > > there any recourse for me to request that the decision to not release > > this > > > already committed fix be reconsidered? > > > > > > Thanks for your help, > > > John > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
