Kada dovoljno dugo razvijate mobilne aplikacije koristeći Apache Cordova odnosno Ionic Framework pitanje je vremena kada će vam se Google javiti sa zanimljivim e-mailom uz dramatičan naslov “You are using a vulnerable version of Apache Cordova” s obavijesti o uklanjaju vaše aplikacije sa Play Storea ako ne izvršite potreban sigurnosni update.
Hello Google Play Developer,
Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.
Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.
The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
For information about the vulnerabilities, please see this Google Help Center article. For other technical questions, you can post to Stack Overflow and use the tag “android-security.”
While these specific issues may not affect every app that uses Apache Cordova, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered Dangerous Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Content Policy. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.
Regards,
The Google Play Team
Ipak, nema mjesta panici. Nadogradnju možete napraviti pokretanjem naredbe
|
1 |
$ npm update –g cordova |
I to je skoro to. Sada možete nadograditi i platforme za koje ste radili mobilnu aplikaciju. U ovom slučaju aplikacija je rađena za iOS i Android platformu pa se nakon pokretanja naredbe
|
1 |
$ cordova platform check |
može vidjeti da postoji nadogradnja za obje platforme:
- android @ 4.1.1 could be updated to 5.1.0
- ios @ 3.8.0 could be update to 4.0.1
Možete pokrenuti nadogradnju platformi
|
1 2 |
$ cordova platform update android $ cordova platform update ios |
i očekivati prikaz obavijesti o uspješnoj nadogradnji
- Android project updated with cordova-android@5.1.0
- iOS project updated with cordova-ios@4.0.1
Dalje možete normalno raditi pripremu za postavljanje aplikacije na Google Play Store tj. App Store.
