You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by jo...@gmail.com,
jo...@gmail.com on 2018/03/26 18:19:01 UTC
Request estimate for next release of cordova-plugin-globalization
Hi Team,
Pull request #64 (https://github.com/apache/cordova-plugin-globalization/pull/64) was committed on February 2 to address a ReDoS issue in moment.js, which is shipped in cordova-plugin-globalization. As this is a security issue, may I ask what the current plans are for releasing a new version of the plugin please? We've tested the nightly build and confirmed that the issue has been addressed, but would obviously prefer to ship with a released version of the plugin as opposed to a nightly build.
Thanks for your help,
John Gerken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Re: Request estimate for next release of cordova-plugin-globalization
Posted by jo...@gmail.com,
jo...@gmail.com.
Thanks Simon,
My development team is currently investigating what it will take for us to migrate away from using cordova-plugin-globalization, but it will take some time to get it scheduled and completed. So it will happen -- that's the good news. The bad news is that it keeps our customers hanging until that is complete. So a new build with our merged pull request helps our customers greatly to bridge the gap until our migration is complete.
Earlier messages suggested a release sometime shortly after Easter. Any idea if or when that might take place?
Thanks again for your help, everyone.
John
On 2018/03/27 14:38:28, Simon MacDonald <si...@gmail.com> wrote:
> Since this is a security issue that has already been merged I feel like we
> should include globalization in the next plugin release.
>
> John, you really should start planning to migrate away from this plugin as
> we can't guarantee it will be updated in the future. There is a blog post
> detailing an alternative that doesn't even require a plugin and aligns with
> current web standard API's.
>
> http://cordova.apache.org/news/2017/11/20/migrate-from-cordova-globalization-plugin.html
>
>
> Simon Mac Donald
> http://simonmacdonald.com
>
> On Tue, Mar 27, 2018 at 9:27 AM, julio cesar sanchez <jcesarmobile@gmail.com
> > wrote:
>
> > We will probably do a plugins release after Easter with all plugins updated
> > since the last release, so we can include this and some other deprecated
> > plugins that also got an update.
> >
> > 2018-03-27 15:24 GMT+02:00 johnkgerken@gmail.com <jo...@gmail.com>:
> >
> > >
> > >
> > > On 2018/03/26 21:23:26, Steven Gill <st...@gmail.com> wrote:
> > > > cordova-plugin-globalization was deprecated November 2017. See
> > > > https://github.com/apache/cordova-plugin-globalization#
> > > deprecation-notice
> > > >
> > > > We aren't planning on doing anymore releases as far as I'm aware. We
> > > > recommend pointing your package.json & config.xml to the github repo
> > > > instead if you want to continue using it. Another option is to fork the
> > > > plugin and publish it under a different name with the fix you need.
> > > >
> > > > Cheers,
> > > > -Steve
> > > >
> > > > On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
> > > > johnkgerken@gmail.com> wrote:
> > > >
> > > > > Hi Team,
> > > > >
> > > > > Pull request #64 (https://github.com/apache/
> > > cordova-plugin-globalization/
> > > > > pull/64) was committed on February 2 to address a ReDoS issue in
> > > > > moment.js, which is shipped in cordova-plugin-globalization. As this
> > > is a
> > > > > security issue, may I ask what the current plans are for releasing a
> > > new
> > > > > version of the plugin please? We've tested the nightly build and
> > > confirmed
> > > > > that the issue has been addressed, but would obviously prefer to ship
> > > with
> > > > > a released version of the plugin as opposed to a nightly build.
> > > > >
> > > > > Thanks for your help,
> > > > > John Gerken
> > > > >
> > > > > ------------------------------------------------------------
> > ---------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > > > For additional commands, e-mail: dev-help@cordova.apache.org
> > > > >
> > > > >
> > > >
> > > Hi Steve,
> > >
> > > Thanks for your reply. That puts us in a very difficult spot because
> > > migrating away from this plugin is a non-trivial task and we've got about
> > > 600 enterprise customers to consider. As this is a security issue, is
> > > there any recourse for me to request that the decision to not release
> > this
> > > already committed fix be reconsidered?
> > >
> > > Thanks for your help,
> > > John
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > For additional commands, e-mail: dev-help@cordova.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Re: Request estimate for next release of cordova-plugin-globalization
Posted by Simon MacDonald <si...@gmail.com>.
Since this is a security issue that has already been merged I feel like we
should include globalization in the next plugin release.
John, you really should start planning to migrate away from this plugin as
we can't guarantee it will be updated in the future. There is a blog post
detailing an alternative that doesn't even require a plugin and aligns with
current web standard API's.
http://cordova.apache.org/news/2017/11/20/migrate-from-cordova-globalization-plugin.html
Simon Mac Donald
http://simonmacdonald.com
On Tue, Mar 27, 2018 at 9:27 AM, julio cesar sanchez <jcesarmobile@gmail.com
> wrote:
> We will probably do a plugins release after Easter with all plugins updated
> since the last release, so we can include this and some other deprecated
> plugins that also got an update.
>
> 2018-03-27 15:24 GMT+02:00 johnkgerken@gmail.com <jo...@gmail.com>:
>
> >
> >
> > On 2018/03/26 21:23:26, Steven Gill <st...@gmail.com> wrote:
> > > cordova-plugin-globalization was deprecated November 2017. See
> > > https://github.com/apache/cordova-plugin-globalization#
> > deprecation-notice
> > >
> > > We aren't planning on doing anymore releases as far as I'm aware. We
> > > recommend pointing your package.json & config.xml to the github repo
> > > instead if you want to continue using it. Another option is to fork the
> > > plugin and publish it under a different name with the fix you need.
> > >
> > > Cheers,
> > > -Steve
> > >
> > > On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
> > > johnkgerken@gmail.com> wrote:
> > >
> > > > Hi Team,
> > > >
> > > > Pull request #64 (https://github.com/apache/
> > cordova-plugin-globalization/
> > > > pull/64) was committed on February 2 to address a ReDoS issue in
> > > > moment.js, which is shipped in cordova-plugin-globalization. As this
> > is a
> > > > security issue, may I ask what the current plans are for releasing a
> > new
> > > > version of the plugin please? We've tested the nightly build and
> > confirmed
> > > > that the issue has been addressed, but would obviously prefer to ship
> > with
> > > > a released version of the plugin as opposed to a nightly build.
> > > >
> > > > Thanks for your help,
> > > > John Gerken
> > > >
> > > > ------------------------------------------------------------
> ---------
> > > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > > For additional commands, e-mail: dev-help@cordova.apache.org
> > > >
> > > >
> > >
> > Hi Steve,
> >
> > Thanks for your reply. That puts us in a very difficult spot because
> > migrating away from this plugin is a non-trivial task and we've got about
> > 600 enterprise customers to consider. As this is a security issue, is
> > there any recourse for me to request that the decision to not release
> this
> > already committed fix be reconsidered?
> >
> > Thanks for your help,
> > John
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > For additional commands, e-mail: dev-help@cordova.apache.org
> >
> >
>
Re: Request estimate for next release of cordova-plugin-globalization
Posted by julio cesar sanchez <jc...@gmail.com>.
We will probably do a plugins release after Easter with all plugins updated
since the last release, so we can include this and some other deprecated
plugins that also got an update.
2018-03-27 15:24 GMT+02:00 johnkgerken@gmail.com <jo...@gmail.com>:
>
>
> On 2018/03/26 21:23:26, Steven Gill <st...@gmail.com> wrote:
> > cordova-plugin-globalization was deprecated November 2017. See
> > https://github.com/apache/cordova-plugin-globalization#
> deprecation-notice
> >
> > We aren't planning on doing anymore releases as far as I'm aware. We
> > recommend pointing your package.json & config.xml to the github repo
> > instead if you want to continue using it. Another option is to fork the
> > plugin and publish it under a different name with the fix you need.
> >
> > Cheers,
> > -Steve
> >
> > On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
> > johnkgerken@gmail.com> wrote:
> >
> > > Hi Team,
> > >
> > > Pull request #64 (https://github.com/apache/
> cordova-plugin-globalization/
> > > pull/64) was committed on February 2 to address a ReDoS issue in
> > > moment.js, which is shipped in cordova-plugin-globalization. As this
> is a
> > > security issue, may I ask what the current plans are for releasing a
> new
> > > version of the plugin please? We've tested the nightly build and
> confirmed
> > > that the issue has been addressed, but would obviously prefer to ship
> with
> > > a released version of the plugin as opposed to a nightly build.
> > >
> > > Thanks for your help,
> > > John Gerken
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > > For additional commands, e-mail: dev-help@cordova.apache.org
> > >
> > >
> >
> Hi Steve,
>
> Thanks for your reply. That puts us in a very difficult spot because
> migrating away from this plugin is a non-trivial task and we've got about
> 600 enterprise customers to consider. As this is a security issue, is
> there any recourse for me to request that the decision to not release this
> already committed fix be reconsidered?
>
> Thanks for your help,
> John
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>
>
Re: Request estimate for next release of cordova-plugin-globalization
Posted by jo...@gmail.com,
jo...@gmail.com.
On 2018/03/26 21:23:26, Steven Gill <st...@gmail.com> wrote:
> cordova-plugin-globalization was deprecated November 2017. See
> https://github.com/apache/cordova-plugin-globalization#deprecation-notice
>
> We aren't planning on doing anymore releases as far as I'm aware. We
> recommend pointing your package.json & config.xml to the github repo
> instead if you want to continue using it. Another option is to fork the
> plugin and publish it under a different name with the fix you need.
>
> Cheers,
> -Steve
>
> On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
> johnkgerken@gmail.com> wrote:
>
> > Hi Team,
> >
> > Pull request #64 (https://github.com/apache/cordova-plugin-globalization/
> > pull/64) was committed on February 2 to address a ReDoS issue in
> > moment.js, which is shipped in cordova-plugin-globalization. As this is a
> > security issue, may I ask what the current plans are for releasing a new
> > version of the plugin please? We've tested the nightly build and confirmed
> > that the issue has been addressed, but would obviously prefer to ship with
> > a released version of the plugin as opposed to a nightly build.
> >
> > Thanks for your help,
> > John Gerken
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> > For additional commands, e-mail: dev-help@cordova.apache.org
> >
> >
>
Hi Steve,
Thanks for your reply. That puts us in a very difficult spot because migrating away from this plugin is a non-trivial task and we've got about 600 enterprise customers to consider. As this is a security issue, is there any recourse for me to request that the decision to not release this already committed fix be reconsidered?
Thanks for your help,
John
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Re: Request estimate for next release of cordova-plugin-globalization
Posted by Steven Gill <st...@gmail.com>.
cordova-plugin-globalization was deprecated November 2017. See
https://github.com/apache/cordova-plugin-globalization#deprecation-notice
We aren't planning on doing anymore releases as far as I'm aware. We
recommend pointing your package.json & config.xml to the github repo
instead if you want to continue using it. Another option is to fork the
plugin and publish it under a different name with the fix you need.
Cheers,
-Steve
On Mon, Mar 26, 2018 at 11:19 AM, johnkgerken@gmail.com <
johnkgerken@gmail.com> wrote:
> Hi Team,
>
> Pull request #64 (https://github.com/apache/cordova-plugin-globalization/
> pull/64) was committed on February 2 to address a ReDoS issue in
> moment.js, which is shipped in cordova-plugin-globalization. As this is a
> security issue, may I ask what the current plans are for releasing a new
> version of the plugin please? We've tested the nightly build and confirmed
> that the issue has been addressed, but would obviously prefer to ship with
> a released version of the plugin as opposed to a nightly build.
>
> Thanks for your help,
> John Gerken
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>
>