On 2018/03/26 21:23:26, Steven Gill <stevengil...@gmail.com> wrote: > cordova-plugin-globalization was deprecated November 2017. See > https://github.com/apache/cordova-plugin-globalization#deprecation-notice > > We aren't planning on doing anymore releases as far as I'm aware. We > recommend pointing your package.json & config.xml to the github repo > instead if you want to continue using it. Another option is to fork the > plugin and publish it under a different name with the fix you need. > > Cheers, > -Steve > > On Mon, Mar 26, 2018 at 11:19 AM, johnkger...@gmail.com < > johnkger...@gmail.com> wrote: > > > Hi Team, > > > > Pull request #64 (https://github.com/apache/cordova-plugin-globalization/ > > pull/64) was committed on February 2 to address a ReDoS issue in > > moment.js, which is shipped in cordova-plugin-globalization. As this is a > > security issue, may I ask what the current plans are for releasing a new > > version of the plugin please? We've tested the nightly build and confirmed > > that the issue has been addressed, but would obviously prefer to ship with > > a released version of the plugin as opposed to a nightly build. > > > > Thanks for your help, > > John Gerken > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > > For additional commands, e-mail: dev-h...@cordova.apache.org > > > > > Hi Steve,
Thanks for your reply. That puts us in a very difficult spot because migrating away from this plugin is a non-trivial task and we've got about 600 enterprise customers to consider. As this is a security issue, is there any recourse for me to request that the decision to not release this already committed fix be reconsidered? Thanks for your help, John --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
