I have received a Security Alert from Google this week that tells me to upgrade my android version of cordova app. The email from google is as below -
This is a notification that your --apps ids--, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
So, I needed to check the current version of my cordova apps. I can upgrade my cordova installation by using npm update -g cordova
on windows cmd. The question is how can I check the current platform (android in my case) version of my cordova app?
After upgrading the Application. I observed different Cordova versions.
Now i am confused, On which version basis, Google Dev Console is giving warning?
Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.
The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.
And before upgrading. Our Application versions were these.
The file platforms/platforms.json
lists all of the platform versions.
just type
cordova platform ls
This will list all the platforms installed along with its version and available for installation plus :)
Try
cordova platform version
It will give you the following output
Installed platforms: android 3.5.1, ios 3.5.0
Available platforms: amazon-fireos, blackberry10, browser, firefoxos
Also to know the version of cordodva cli try
cordova -v
Run
cordova -v
to see the currently running version. Run the npm info command
npm info cordova
for a longer listing that includes the current version along with other available version numbers
Recent versions of Cordova have the version number in www/cordova.js.
For getting all the info about the cordova package use this command:
npm info cordova
Source: Stackoverflow.com