Blog
RSS Feed
-
CVE announcements for Cordova iOS
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: cordova-ios 3.9.2 and below
Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker can use any of the 2 methods to load malicious resources in an app that uses a whitelist to only load trusted resources.
Upgrade path: Developers who are concerned about this issue should install version 4.0.0 or higher of the cordova-ios platform.
Credit: This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: cordova-ios 3.9.2 and below
Description: An arbitrary plugin can be executed when a user clicks on a link.
Upgrade path: Developers who are concerned about this issue should install version 4.0.0 or higher of the cordova-ios platform.
Credit: This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
-
Plugins Release
The following plugins were updated today:
- cordova-plugin-battery-status: 1.1.2
- cordova-plugin-camera: 2.2.0
- cordova-plugin-console: 1.0.3
- cordova-plugin-contacts: 2.1.0
- cordova-plugin-device: 1.1.2
- cordova-plugin-device-motion: 1.2.1
- cordova-plugin-device-orientation:
- cordova-plugin-dialogs: 1.2.1
- cordova-plugin-file: 4.2.0
- cordova-plugin-file-transfer: 1.5.1
- cordova-plugin-geolocation: 2.2.0
- cordova-plugin-inappbrowser: 1.4.0
- cordova-plugin-media: 2.3.0
- cordova-plugin-media-capture: 1.3.0
- cordova-plugin-network-information: 1.2.1
- cordova-plugin-splashscreen: 3.2.2
- cordova-plugin-statusbar: 2.1.3
- cordova-plugin-test-framework: 1.1.2
- cordova-plugin-vibration: 2.1.1
- cordova-plugin-whitelist: 1.2.2
- cordova-plugin-wkwebview-engine: 1.0.3
- cordova-plugin-compat: 1.0.0
This release includes a new plugin named cordova-plugin-compat.
cordova-plugin-compatallows backwards compatibility for plugins that had to upgrade to the new permissions model forcordova-android@5+. Plugin authors can use and depend oncordova-plugin-compatto continue to support older versions (<5) ofcordova-android. Checkout the cordova-plugin-compat repo for more information. Previously, we were packaging copies ofPermissionHelper.javawith the plugins that needed the permission updates, but have now decided that it would be better to storePermissionHelper.javaincordova-plugin-compat.Plugin authors can also use the new engines element to specify what versions of
cordova-androidyour plugin supports. Read more about it in our plugin fetching blog post.
You can update any plugin by removing it, and then re-adding it.
E.g. To update your camera plugin:
cordova plugin rm cordova-plugin-camera --save cordova plugin add cordova-plugin-camera@latest --saveChanges include:
-
Apache Cordova Windows 4.3.2
We are happy to announce that
Cordova Windows 4.3.2has been released!This release fixes a number of bugs including an issue when some of
config-filechanges were not applied to appxmanifest files and the bug with omitted icons, specified usingtargetattribute (see icons guide fortargetattribute usage). See below for full list of changes.Cordova CLI 6.1.1 will automatically start using this version of Cordova-Windows when creating new projects.
To upgrade:
npm install -g cordova cd my_project cordova platform update windows@4.3.2To add it explicitly:
cordova platform add windows@4.3.2For non-CLI projects or for pre-3.0 projects, refer to the upgrade guide.
-
Tools Release
New patch update of
cordova-cliandcordovaare now live!We had to fix a few issues that were discovered with the recent 6.1.0 release.
To update your tools:
If you have
cordovainstalled:npm install -g cordova@latestIf you have
plugmaninstalled:npm install -g plugman@latest
-
Cordova iOS 4.1.1
We are happy to announce that
Cordova iOS 4.1.1has been released!This release addresses issue CB-10773, which was an issue with creating an iOS project on a Windows machine and then building on OSX.
A new version of the
cordova-cliwill need to be released to pin this version of cordova-ios as the default version when creating a new project. If you want to start using this version now, make sure to specify the version when doing acordova platform add/update.To upgrade:
npm install -g cordova cd my_project cordova platform rm ios cordova platform add ios@4.1.1To add it explicitly:
cordova platform add ios@4.1.1 -
Cordova 6.1.0 Released!
New versions of cordova tools are now live!
Release Highlights include:
- CB-10679 implemented new plugin fetching logic. We now allow community plugins to define cordova engine restrictions. Read about it in our new plugin fetching blog post.
- CB-10880 Removed plugin pinning. Replaced by new plugin fetching logic.
To update your tools:
If you have
cordovainstalled:npm install -g cordova@latestIf you have
plugmaninstalled:npm install -g plugman@latest
-
Upcoming Changes to Plugin Fetching
The Cordova 6.0.0 release introduced the pinning of core plugin versions in cordova-lib.
We are happy to announce that one of the new features in the upcoming Cordova 6.1.0 release is a general API that allows any plugin to guide the CLI in choosing a compatible plugin release to fetch for a given project. This moves the plugin dependency information out of cordova-lib so that it can update independently of the Cordova tools and support third-party plugins outside of core. Our hope is that this feature will improve Cordova's plugin ecosystem and reduce some of the frustration that Cordova developers face when adding a new plugin to a project.
-
Plugins Release
The following plugins were updated today:
- cordova-plugin-camera@2.1.1
- cordova-plugin-statusbar@2.1.2
- cordova-plugin-globalization@1.0.3
- cordova-plugin-splashscreen@3.2.1
You can update any plugin by removing it, and then re-adding it.
E.g. To update your camera plugin:
cordova plugin rm cordova-plugin-camera --save cordova plugin add cordova-plugin-camera@2.1.1 --saveChanges include:
-
Cordova Browser 4.1.0
We are happy to announce that
Cordova Browser 4.1.0has been released. It will be the default Browser version after the nextcordova-clirelease.To upgrade:
npm install -g cordova cd my_project cordova platform update browser@4.1.0To add it explicitly:
cordova platform add browser@4.1.0 -
Significant Documentation Updates
We are happy to announce that we have made significant content updates to our documentation.
-
Cordova iOS 4.1.0
We are happy to announce that
Cordova iOS 4.1.0has been released!This release addresses issue CB-10530, which was an issue with your apps periodically freezing directly after starting.
A new version of the
cordova-cliwill need to be released to pin this version of cordova-ios as the default version when creating a new project. If you want to start using this version now, make sure to specify the version when doing acordova platform add/update.To upgrade:
npm install -g cordova cd my_project cordova platform rm ios cordova platform add ios@4.1.0To add it explicitly:
cordova platform add ios@4.1.0 -
Cordova Android 5.1.1
We are happy to announce that
Cordova Android 5.1.1has been released.Cordova CLI 6.0.0 will automatically start using this version of Cordova-Android when creating new projects.
To upgrade:
npm install -g cordova cd my_project cordova platform update android@5.1.1To add it explicitly:
cordova platform add android@5.1.1 -
Cordova OSX 4.0.0
We are happy to announce that
Cordova OSX 4.0.0has been released! This was a much needed updated to getcordova-osxworking with thecordova-cli. Try it out!Add it to your projects via:
cordova platform add osx@4.0.0 -
Plugins Release
The following plugins were updated today:
- cordova-plugin file@4.1.1
- cordova-plugin-inappbrowser@1.3.0
- cordova-plugin-media@2.2.0
- cordova-plugin-statusbar@2.1.1
- cordova-plugin-splashscreen@3.2.0
- cordova-plugin-wkwebviewengine@1.0.2
You can update any plugin by removing it, and then re-adding it.
E.g. To update your media plugin:
cordova plugin rm cordova-plugin-media --save cordova plugin add cordova-plugin-media@2.2.0 --saveChanges include:
-
cordova-plugin-inappbrowser Plugin Release
An important regression issue was discovered for
cordova-plugin-inappbrowserversion1.2.0. We are releasing version1.2.1ofcordova-plugin-inappbrowserto address CB-10407: InAppBrowser not firingloadstartevent on Android. This release also includes some other improvements for Android, iOS and Windows platforms.
You can update the plugin by removing it, and then re-adding it.
cordova plugin rm cordova-plugin-inappbrowser --save cordova plugin add cordova-plugin-inappbrowser --saveChanges include:
-
Apache Cordova Windows 4.3.1
We are happy to announce that
Cordova Windows 4.3.1has been released!This is a patch release which fixes a couple of small bugs related to plugins installation, and the significant issue that caused Windows 10 Universal apps to restart instead of resume in some cases.
To upgrade:
npm install -g cordova cd my_project cordova platform update windows@4.3.1To add it explicitly:
cordova platform add windows@4.3.1For non-CLI projects or for pre-3.0 projects, refer to the upgrade guide.
-
Cordova 6.0.0 Released!
New versions of cordova tools are now live!
Release Highlights include:
- Updated default platform versions to
cordova-android@5,cordova-ios@4andcordova-windows@4.3.cordova-android@5.1supports Android 6.X.X (Marshmallow)cordova-ios@4.0adds iOS9 andWKWebViewsupportcordova-windows@4.3updated the platform to use the new Platform API.
- Added a new template feature to
createcommand. E.g.cordova create --template cordova-app-hello-world. This can fetch templates via npm, git URL or local paths. - Removed support for our old Cordova Plugins Registry. Now plugins can only be installed via npm, git URL or local paths.
- Added default plugin pinning to
cordova. This means thatcordova plugin add cordova-plugin-camerawill fetch the pinned version of the plugin instead of the always grabbing thelatest. Users can still install any version of a plugin viacordova plugin add cordova-plugin-camera@VERSION. - Added deprecation notices for amazon-fireos and wp8. We are aiming to remove support for these platforms in 6 months. Target Android and Windows instead.
To update your tools:
If you have
cordovainstalled:npm install -g cordova@latestIf you have
plugmaninstalled:npm install -g plugman@latest
- Updated default platform versions to
-
Cordova Android 5.1.0
We are happy to announce that
Cordova Android 5.1.0has been released.This update introduces a new API for Android plugin authors. Plugins that launch external activities can now better handle method calls on devices that are low on memory. In that scenario, the Android OS will sometimes kill the Cordova Activity when it is pushed into the background by the external Activity. This causes the plugin to lose any callbacks they have pending in the javascript. The new API allows the results of external Activity calls to be delivered via the resume event that is fired in the javascript after the Cordova Activity is destroyed and recreated. Plugin authors wishing to implement the new API should read the updated plugin guide here.
Two core plugins support this new API and have been updated to fix longstanding bugs:
Application authors are encouraged to update both their plugin and cordova-android versions to take advantage of these bug fixes. Please note that the aforementioned fixes require changes to your application as well. More information can be found in the READMEs of each of those plugins and in the new Android lifecycle guide that has been published to the Cordova documentation. This guide provides explanations and guidance on how to handle low memory scenarios on the Android platform as well as integrate the new resume APIs into your application.
To upgrade:
npm install -g cordova cd my_project cordova platform update android@5.1.0To add it explicitly:
cordova platform add android@5.1.0 -
Plugins Release
The following plugins were updated today:
- cordova-plugin-camera@2.1.0
- cordova-plugin-contacts@2.0.1
- cordova-plugin-device@1.1.1
- cordova-plugin-file@4.1.0
- cordova-plugin-file-transfer@1.5.0
- cordova-plugin-geolocation@2.1.0
- cordova-plugin-inappbrowser@1.2.0
- cordova-plugin-media@2.1.0
- cordova-plugin-media-capture@1.2.0
- cordova-plugin-network-information@1.2.0
- cordova-plugin-splashscreen@3.1.0
- cordova-plugin-statusbar@2.1.0
- cordova-plugin-test-framework@1.1.1
- cordova-plugin-vibration@2.1.0
- cordova-plugin-whitelist@1.2.1
You can update any plugin by removing it, and then re-adding it.
E.g. To update your camera plugin:
cordova plugin rm cordova-plugin-camera --save cordova plugin add cordova-plugin-camera --saveChanges include:
-
Apache Cordova Windows 4.3.0
We are happy to announce that
Cordova Windows 4.3.0has been released!This release mostly aims to bring support for Platform Api interface and unified message logging for Windows. It will be the default Windows version after the next
cordova-clirelease.To upgrade:
npm install -g cordova cd my_project cordova platform update windows@4.3.0To add it explicitly:
cordova platform add windows@4.3.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Cordova Ubuntu 4.3.2
We are happy to announce that
Cordova Ubuntu 4.3.2has been released. This is a patch release, with several usability improvements and an update of the default framework toubuntu-sdk-15.04.To upgrade:
npm install -g cordova cd my_project cordova platform update ubuntu@4.3.2To add it explicitly:
cordova platform add ubuntu@4.3.2 -
Cordova iOS 4.0.1
We are happy to announce that
Cordova iOS 4.0.1has been released. This is a patch release.To upgrade:
npm install -g cordova cd my_project cordova platform update ios@4.0.1To add it explicitly:
cordova platform add ios@4.0.1 -
Plugins Release
The following plugins were updated today:
- cordova-plugin-inappbrowser@1.1.1
- cordova-plugin-wkwebview-engine@1.0.1
This release brings
cordova-ios@4.0.0platform compatibility to thecordova-plugin-inappbrowserplugin, and it is also backwards compatible with cordova-ios@3.The
cordova-plugin-wkwebview-engineplugin was updated to fix a bug related to loading pages incordova-plugin-inappbrowser.To install:
cordova plugin add cordova-plugin-inappbrowser --save cordova plugin add cordova-plugin-wkwebview-engine --saveChanges include:
-
Plugins Release
The following plugins were updated today:
- cordova-plugin-wkwebview-engine@1.0.0
This is the initial release of this plugin. This plugin requires
cordova-ios@4.0.0. Please read the iOS 4.0.0 release blog for instructions to update.To install:
cordova plugin add cordova-plugin-wkwebview-engine --saveIf you are thinking of migrating from using the UIWebView on iOS, please read the README and also take note of the limitations of this plugin.
Changes include:
-
Cordova iOS 4.0.0
We are happy to announce that
Cordova iOS 4.0.0has been released.This is a major release, and deprecated APIs have been removed. Some 3rd party plugins might require updates before they are compatible. This release adds first-class support for pluggable webviews - namely we now support WKWebView -- a bundled modern WebView for iOS!
The platform now supports Asset Catalogs for splashscreens and icons -- this is all transparent to you when using the
<splash>and<icon>tags in config.xml.ios-sim is bundled with the platform now, you will not need to install this separately anymore. However for ios-deploy you will need to update your version to the latest.
The minimum deployment target has been updated to iOS 8.0. This means that this platform release has only been tested on iOS 8 devices and greater only and will only support those iOS versions.
cordova-ios@4.0.0will be the default iOS version in the next version ofcordova. If you just can't wait though, you can try it out now:cd my_project cordova platform update ios@4.0.0 # To install the WKWebView engine (optional): cordova plugin add cordova-plugin-wkwebview-engineWe are in the process of releasing the
cordova-plugin-wkwebview-engineplugin to npm. If you decide to update tocordova-ios@4.0.0before we release this plugin, please install the plugin viagitfor now.cordova plugin add https://github.com/apache/cordova-plugin-wkwebview-engine.git#1.0.0Note that the
cordova-plugin-wkwebview-engineplugin has some limitations versus the default UIWebView, please consult the README for more details.In addition to the
<access>tag, there is support for the new<allow-intent>and<allow-navigation>tags, documented here. Note that you do not needcordova-plugin-whitelistinstalled forcordova-ios-4.0.0.cordovawill convert<access>and<allow-navigation>tags to the appropriate Application Transport Security (ATS) directives which are new in iOS 9.<access>and<allow-navigation>tags also support two new attributes:minimum-tls-versionandrequires-forward-secrecy.To upgrade:
npm install -g cordova cd my_project cordova platform update ios@4.0.0To add it explicitly:
cordova platform add ios@4.0.0 -
Tools Release
New patch update of
cordova-cliandcordovaare now live!We had to fix a few issues that were discovered with the recent 5.4.0 release.
To update your tools:
If you have
cordovainstalled:npm install -g cordova@latest
-
Plugins Release
The following plugins were updated today:
- cordova-plugin-battery-status@1.1.1
- cordova-plugin-camera@2.0.0
- cordova-plugin-console@1.0.2
- cordova-plugin-contacts@2.0.0
- cordova-plugin-device@1.1.0
- cordova-plugin-device-motion@1.2.0
- cordova-plugin-device-orientation@1.0.2
- cordova-plugin-dialogs@1.2.0
- cordova-plugin-file@4.0.0
- cordova-plugin-file-transfer@1.4.0
- cordova-plugin-geolocation@2.0.0
- cordova-plugin-globalization@1.0.2
- cordova-plugin-inappbrowser@1.1.0
- cordova-plugin-legacy-whitelist@1.1.1
- cordova-plugin-media@2.0.0
- cordova-plugin-media-capture@1.1.0
- cordova-plugin-network-information@1.1.0
- cordova-plugin-splashscreen@3.0.0
- cordova-plugin-statusbar@2.0.0
- cordova-plugin-test-framework@1.1.0
- cordova-plugin-vibration@2.0.0
- cordova-plugin-whitelist@1.2.0
The following plugins now require
cordova-android@5.0.0. Please read the Android 5.0.0 release blog for instructions to update.- cordova-plugin-camera@2.0.0
- cordova-plugin-contacts@2.0.0
- cordova-plugin-file@4.0.0
- cordova-plugin-geolocation@2.0.0
- cordova-plugin-media@2.0.0
Update
Since
cordova-android@5.0.0isn't yet pinned by default incordova, you will have to explicitly install these new versions of these five plugins now. The previous released versions of the above five plugins are still set tolateston npm instead of these newly released versions. These will be set tolatestonce we releasecordova@6which will havecordova-android@5.0.0pinned.E.g.
cordova plugin add cordova-plugin-camera@2.0.0 --saveTo see what versions exist for a plugin, run
npm info PLUGINNAME versions.
You can update any plugin by removing it, and then re-adding it.
E.g. To update your camera plugin:
cordova plugin rm cordova-plugin-camera --save cordova plugin add cordova-plugin-camera --saveChanges include:
-
CVE announcements for Cordova-Android
Updated 02/20/2016
Apache Cordova has re-visited CVE-2015-5256 "Apache Cordova vulnerable to improper application of whitelist restrictions on Android”. Upon further investigation we found that the vulnerability is more limited than was previously understood. We are lowering the severity to Low, and updating the description, affected versions, and upgrade path.
CVE-2015-5257 continues to be a valid vulnerability present in Cordova 3.6.4 and this is fixed in later versions of Cordova, and we want to encourage users to upgrade to 4.1.1 and for users needing to support Marshmallow (API 23+) we recommend to upgrade to Cordova Android 5.1.x.
When using the Cordova CLI, the command to use 4.1.1 or 5.1.0 of Cordova Android is:
cordova platform add android@4.1.0 cordova platform add android@5.1.0The security issues are CVE-2015-5256 and CVE-2015-5257
For your convenience, the text of the CVEs are included here.
-
Apache Cordova Windows 4.2.0
We are happy to announce that
Cordova Windows 4.2.0has been released!This release adds support for back button handling on Windows 10 and Windows Phone 8.1 and various other improvements. It will be the default Windows version after the next
cordova-clirelease.To upgrade:
npm install -g cordova cd my_project cordova platform update windows@4.2.0To add it explicitly:
cordova platform add windows@4.2.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Cordova Android 5.0.0
We are happy to announce that
Cordova Android 5.0.0has been released.With this release, there is now support for Android Marshmallow permission checking in plugins. Due to the nature of the recent Android changes, the major version has been incremented to reflect the new API changes. Only plugins that use certain permissions as defined by Google are affected by this change. The following core plugins needed to be updated:
cordova-plugin-cameracordova-plugin-geolocationcordova-plugin-contactscordova-plugin-filecordova-plugin-media
We are in the process of releasing these plugins to npm. If you decide to update to
cordova-android@5.0.0before we release the plugins, please install these updated plugins viagitfor now.cordova plugin add https://github.com/apache/cordova-plugin-camera.gitInformation on how to use the new Android Permission APIs can be found in the Cordova documentation, which can be found here.
To upgrade:
npm install -g cordova cd my_project cordova platform update android@5.0.0To add it explicitly:
cordova platform add android@5.0.0 -
Tools Release: November 6th, 2015
New versions of cordova tools are now live!
Release highlights:
- Fixed issues with using Node 4 & 5 and npm 3.
- Cordova will now auto convert old-style plugin IDs to new style plugin IDs when doing a
cordova plugin add. This only happens if the old-style plugin ID exists in the registry-mapper, it will be auto converted to the new ID and fetched from npm instead. - Cordova
CLIwill now know if a newer version is available and will prompt users to update. - Some core utility methods from
cordova-libhave been moved into a new module namedcordova-common.cordova-commonis shared amongcordova-liband cordova platforms.
To update your tools:
If you have
cordovainstalled:npm install -g cordova@latestIf you have
plugmaninstalled:npm install -g plugman@latest
-
Apache Cordova iOS 3.9.2
We are happy to announce that
Cordova iOS 3.9.2has been released and will be the default iOS version.This release addresses multiple iOS 9/9.1 and XCode 7/7.1 issues. It also deprecates a number of APIs, which will be removed in
Cordova iOS 4.0.0. For a full list of API changes see API changes in 4.0.mdTo upgrade:
npm install -g cordova cd my_project cordova platform update ios@3.9.2 -
Tools Release 5.3.3
Cordova tools 5.3.3 has been released to properly support Node v4.
If you are currently develop for the iOS platform and plan to use Node v4, we recommend you update to this release:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
-
cordova-plugin-file-transfer release: September 21, 2015
A medium security issue was discovered for cordova-plugin-file-transfer plugin. We are releasing version
1.3.0ofcordova-plugin-file-transferto address this security issue. We recommend that all applications currently using an older version of this plugin to upgrade as soon as possible.
You can update the plugin by removing it, and then re-adding it.
E.g. To update your file-transfer plugin:
cordova plugin rm cordova-plugin-file-transfer --save cordova plugin add cordova-plugin-file-transfer --saveThe security issue is CVE-2015-5204.
For your convenience, the text of the CVE is included here:
-
Tools Release: September 9th, 2015
New versions of cordova tools are now live!
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
-
Cordova Plugins Registry becomes immutable
Starting today, plugins.cordova.io has become immutable. Plugin authors are encouraged to move their plugins over to npm if they haven't already. Plugin authors should checkout our guide to transition over to npm here.
Users can start searching for cordova plugins which have moved over to npm on our new cordova npm search page.
Cordova CLI version 5.0.0 or higher is required to fetch plugins from npm. If you want to use the latest releases of plugins, please update your version of Cordova. Alternatively, older cli users can add plugins via git urls. Example:
cordova plugin add https://github.com/apache/cordova-plugin-camera.gitMake sure to checkout our previous blog post about moving plugins to npm if you missed it the first time around.
-
Apache Cordova BlackBerry 3.8.0
We are happy to announce that
Cordova BlackBerry 3.8.0has been released and will be the default BlackBerry version after nextcordova-clirelease.This release adds support for adding blackberry10 platform on any workstation OS, adds subdomain whitelisting and includes several bug fixes.
To upgrade:
npm install -g cordova cd my_project cordova platform update blackberry10@3.8.0To add it explicitly:
cordova platform add blackberry10@3.8.0 --saveFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Apache Cordova Windows 4.1.0
We are happy to announce that
Cordova Windows 4.1.0has been released and will be the default Windows version after nextcordova-clirelease.This release aligns with the RTM release of Windows 10, and supports the web platform enhancements that it included, such as hosted apps and a new version of WinJS. It also supports the new .NET Native compilation model for Cordova plugins which include a native or .NET component.
There are also a number of bug fixes, including platform dependency problems and the ability to perform a
cordova preparefor Windows while on a Mac.Finally, user-configurable packaging parameters are now fully baked, so that Windows code signing requirements don't overwrite code signing requirements for other platforms. Use the
windows-packageVersionattribute of<widget>in config.xml to specify an independent version for Windows Store submission, and to incorporate the name of the application which is assigned by the Windows Store, set the<preference>namedWindowsStoreIdentityName.Now there is support to see console.log messages and exceptions from your app in the console. This can be useful for quick diagnostics. In an admin command prompt, you can run:
platforms\windows\cordova\logTo upgrade:
npm install -g cordova cd my_project cordova platform update windows@4.1.0To add it explicitly:
cordova platform add windows@4.1.0 --saveFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Tools Release: August 13th, 2015
New versions of cordova tools are now live!
Release highlights:
- CB-9330 Removed
Plugmanpublish,unpublish,addUserandowner add/rmcommands due to plugins.cordova.io switching to read only. Plugin authors are encouraged to publish to npm instead. Learn more at http://plugins.cordova.io/npm/authors.html. - CB-5578 Adds
cleancommand tocordova-cli. This cleans the build artifacts for your project. Runcordova clean -hfor more information. - CB-9177 Use tilde instead of caret when saving to
config.xmlvia--saveflag. - CB-9225 Add Windows platform support to
plugman platform add - CB-9114: Deprecation Warning for
--usegitflag. - Browserify flag for adding plugins at build time vs run time has all tests passings. Please try it out via
--browserify. EX.cordova run android --browserify.
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
- CB-9330 Removed
-
Apache Cordova iOS 3.9.0
We are happy to announce that
Cordova iOS 3.9.0has been released and will be the default iOS version after next cordova-cli release.UPDATE: To deploy to iOS devices, developers will have to update their ios-deploy dependency to the version 1.4.0 or greater. Run
npm install ios-deploy -gto download the latest release.Apart from a number of bug fixes, there is now support for checking system requirements for iOS platform:
$>cordova requirements ios Requirements check results for ios: Apple OS X: installed darwin Xcode: installed 6.3 ios-deploy: installed 1.7.0 ios-sim: installed 4.1.1and support for Signing the App for iOS platform:
$>/path/to/my/project/cordova/build --codeSignIdentity="iPhone Distribtion" --provisioningProfile="926c2bd6-8de9-4c2f-8407-1016d2d12954"To upgrade:
npm install -g cordova cd my_project cordova platform update ios@3.9.0 -
Apache Cordova Android 4.1.0
We are happy to announce that
Cordova Android 4.1.0has been released.With this release, there is now support for checking system requirements for Android platform:
$>cordova requirements android Requirements check results for android: Java JDK: installed 1.7.0 Android SDK: installed Android target: installed android-19,android-21,android-22,Google Inc.:Google APIs:19,Google Inc.:Google APIs (x86 System Image):19,Google Inc.:Google APIs:21 Gradle: installed 1.12Apart from a number of bug fixes, mininumSdkTarget has also been switched to 14 from 7. The minimum supported Android OS for Cordova is now Ice Cream Sandwich.
To upgrade:
npm install -g cordova cd my_project cordova platform update android@4.1.0To add it explicitly:
cordova platform add android@4.1.0 -
Plugins Release: June 22, 2015
The following plugins were updated today:
- cordova-plugin-battery-status@1.1.0
- cordova-plugin-camera@1.2.0
- cordova-plugin-console@1.0.1
- cordova-plugin-contacts@1.1.0
- cordova-plugin-device@1.0.1
- cordova-plugin-device-motion@1.1.1
- cordova-plugin-device-orientation@1.0.1
- cordova-plugin-dialogs@1.1.1
- cordova-plugin-file@2.1.0
- cordova-plugin-file-transfer@1.2.0
- cordova-plugin-geolocation@1.0.1
- cordova-plugin-globalization@1.0.1
- cordova-plugin-inappbrowser@1.0.1
- cordova-plugin-legacy-whitelist@1.1.0
-
Tools Release: June 10, 2015
New versions of cordova tools are now live!
Release highlights:
- CB-8898 Introduced a new
cordova requirementscommand - CB-8441
cordova prepare --browserifynow supports 3rd party plugins to build yourcordova.jsat run time! Try it out! - CB-9075 pinned platforms will include platform patch updates without requiring a new tools release.
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
- CB-8898 Introduced a new
-
Tools Release 4.3.1
Cordova tools 4.3.1 has been released to pin version 3.7.2 of the Android platform, which includes an important security update.
If you are currently using Cordova 4.x and develop for the Android platform, we recommend you update to this release:
npm install -g cordova@4.3.1If you have existing projects that use Cordova Android 3.7.1 or earlier, you can update them to 3.7.2:
cordova platform update android@3.7.2Pinned Platform Versions for Cordova CLI 4.3.1
- Cordova Amazon-FireOS: 3.6.3
- Cordova Android: 3.7.2
- Cordova BlackBerry10: 3.7.0
- Cordova Browser: 3.6.0
- Cordova FirefoxOS: 3.6.3
- Cordova iOS: 3.8.0
- Cordova Ubuntu: 4.0.0
- Cordova Windows: 3.8.0
- Cordova WP8: 3.7.1
-
Apache Cordova Windows 4.0.0 release
We are happy to announce that Cordova Windows 4.0.0 has been released!
Key features
- The default Windows target version is now 8.1. Windows 8.0 support is deprecated and a warning will be issued when building for Windows 8.0. The support for Windows 8.0 will be removed in 6 months. If you have
windows-target-versionpreference in config.xml set to 8.0, you will see this warning and you should consider changing it to 8.1. windows8platform keyword is deprecated. For all plugins, usewindowsas the platform keyword.- Support for Windows 10 Insider Preview and building using Visual Studio 2015 RC. More details can be found below. This support will evolve as Windows 10 release comes along.
- Support for specifying parameters for signing Windows apps - like signing certificate, publisher identity etc. More details can be found in docs
What's new in Windows 10
- Windows 10 Insider Preview introduces the Universal Windows Platform (UWP) which provides a guaranteed core API layer across devices. You can create a single app package that can be installed onto a wide range of devices. A single store makes it easy to publish apps across all device types - desktop, mobile, Xbox, iOT.
- In Windows 8 and 8.1, the app was loaded in the ms-appx context. In Windows 10 for Cordova, by default the app is loaded in ms-appx-web and have access to most Windows Runtime APIs. This allows you to host remote content in your Windows Cordova app. More details on how to customize this behavior can be found here.
- Some JavaScript libraries could not run in Windows 8/8.1 due to the safeHTML restriction and we needed to use winstore-jscompat. In Windows 10 Cordova apps, the security can be applied using Content Security Policies.
- The default Windows target version is now 8.1. Windows 8.0 support is deprecated and a warning will be issued when building for Windows 8.0. The support for Windows 8.0 will be removed in 6 months. If you have
-
Apache Cordova Android 4.0.2 and 3.7.2 released
A major Security issue were discovered in the Android platform of Cordova. We are releasing version 4.0.2 of Cordova Android to address these security issues. We recommend that all Android applications built using Cordova 4.0.x or higher be upgraded to use version 4.0.2 of Cordova Android. If you are using an older version of Cordova, we have also released 3.7.2 with the same fix, and we recommend that you at upgrade your project to either of these fixed versions. Other Cordova platforms such as iOS are unaffected, and do not have an update.
When using the Cordova CLI, the command to use 4.0.2 of Cordova Android is:
cordova platform add android@4.0.2and the command to use 3.7.2 is:
cordova platform add android@3.7.2The security issue is CVE-2015-1835
For your convenience, the text of the CVE is included here.
-
Tools Release: April 21, 2015
New versions of cordova tools are now live!
Release highlights:
- Plugins have been renamed and the Cordova-CLI now supports fetching plugins from npm. We highly recommend reading about it in the plugins release blog post.
<feature>tags have been renamed to<plugin>tags in your projectsconfig.xml. Adding a<plugin>tag to yourconfig.xmlwill fetch and install it oncordova prepareif it isn't already installed.- Cordova Android@4.0.0 has been released and pinned as the default version for new projects. This includes support for pluggable WebViews! Read about it in the Android 4.0.0 release blog post.
- Our template app, Cordova App Hello World, has been moved to npm.
- Added the ability to manage your plugin and platform dependencies in your project's
config.xml. When adding plugins or platforms, use the--saveflag to add them toconfig.xml. Ex:cordova platform add android --save. Existing projects can usecordova plugin saveandcordova platform savecommands to save all previously installed plugins and platforms into your project'sconfig.xml. Platforms and plugins will be autorestored whencordova prepareis run. This allows developers to easily manage and share their dependenceis among different development enviroments and with their coworkers.
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
-
Plugins Release and Moving plugins to npm: April 21, 2015
The Apache Cordova team is happy to announce a new plugins release that coincides with us moving our core plugins to npm!
- We are also encouraging third party plugin developers to start publishing their plugins to npm!
- To start using plugins from npm, developers will have to update their Cordova CLI to version 5.0.0 or higher. Read about Cordova CLI 5.0.0 in its release blog post.
With the move over to npm, we have decided to rename our core plugins for improved readability and to better fit within the npm ecosystem.
- All of our core plugins have changed their IDs from
org.apache.cordova.*tocordova-plugin-*. - Developers can now install a plugin with the command
cordova plugin add cordova-plugin-device. Using the new ID will fetch the plugin directly from npm.
Our current Cordova plugins registry (CPR) will continue to be operational for at least 6 months (
October 15th, 2015) as we help plugin developers transition over to npm. This will also allow current Cordova developers to upgrade theirCLIto version 5.0.0 or higher.- We will be switching CPR to read-only on
July 15th, 2015.
To find plugins on npm, search for ecosystem:cordova. We are working with npm to improve discoverability and will have more to announce later this year. We encourage all third party plugin developers to add
ecosystem:cordovaas a keyword in their plugin'spackage.json. -
Apache Cordova Android 4.0.0
We are happy to announce that
Cordova Android 4.0.0has been released!This release adds significant functionality, and also introduces a number of breaking changes. Mostly though, it adds first-class support for Crosswalk -- a bundled modern WebView!
cordova-android@4.0.0will be the default android version in the next version ofcordova. If you just can't wait though, you can try it out now:cd my_project cordova platform update android@4.0.0 cordova plugin add https://github.com/apache/cordova-plugin-whitelist.git#r1.0.0 # To install Crosswalk (optional): cordova plugin add https://github.com/MobileChromeApps/cordova-plugin-crosswalk-webview.git#1.0.0 -
Tools Release: March 02, 2015
New versions of cordova tools are now live!
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
Release highlights:
- Cordova-iOS developers will need to update their
iOS-deploydependency to launch on iOS devices. Please runnpm install -g ios-deployto install the latest version1.4.0. - You can now save your list of installed plugins and platforms using the
--savecommand when adding platforms and plugins to your project. Saved platforms and plugins are automagically restored during prepare. Ex.cordova platform add android --save. This should make it easier developing cordova projects among a team. - Plugin authors can use the new command
plugman createpackagejson <plugin_path>to add apackage.jsonfile to their plugins. - We are preparing to transition our plugin hosting over to npm. We will be doing a detailed blog post soon. Stay tuned.
-
Apache Cordova Windows 3.8.0
We are happy to announce that
Cordova Windows 3.8.0has been released!This release adds support for new Visual Studio 2015 Tools and has various other improvements. It will be the default Windows version when the cordova-cli 4.3.0 is released.
To upgrade:
npm install -g cordova cd my_project cordova platform update windowsTo add it explicitly:
cordova platform add windows@3.8.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Apache Cordova iOS 3.8.0
UPDATE: To deploy to iOS devices, developers will have to update their
ios-deploydependency to the latest release. Runnpm install ios-deploy -gto download the latest release of version1.4.0.We are happy to announce that
Cordova iOS 3.8.0has been released!This release has various bug fixes, and will be the default iOS version when the cordova-cli 4.3.0 is released. This release also requires Xcode 6.
To upgrade:
npm install -g cordova cd my_project cordova platform update iosTo add it explicitly:
cordova platform add ios@3.8.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Plugins Release: February 10, 2015
The following plugins were updated today:
- cordova-plugin-battery-status@0.2.12
- cordova-plugin-camera@0.3.5
- cordova-plugin-console@0.2.13
- cordova-plugin-contacts@0.2.16
- cordova-plugin-device-motion@0.2.11
- cordova-plugin-device-orientation@0.3.11
- cordova-plugin-device@0.3.0
- cordova-plugin-dialogs@0.3.0
- cordova-plugin-file-transfer@0.5.0
- cordova-plugin-file@1.3.3
- cordova-plugin-geolocation@0.3.12
- cordova-plugin-globalization@0.3.4
- cordova-plugin-inappbrowser@0.6.0
- cordova-plugin-media@0.2.16
- cordova-plugin-media-capture@0.3.6
- cordova-plugin-network-information@0.2.15
- cordova-plugin-splashscreen@1.0.0
- cordova-plugin-vibration@0.3.13
- cordova-plugin-statusbar@0.1.10
- cordova-plugins@file-system-roots-0.1.0
- cordova-plugin-test-framework@0.0.1
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then re-adding it.
E.g. To update your camera plugin:
cordova plugin rm org.apache.cordova.camera cordova plugin add org.apache.cordova.cameraChanges include:
-
Apache Cordova Android 3.7.1
We are happy to announce that
Cordova Android 3.7.1has been released!This release has numerous bug fixes, and sets the target-sdk to android-21 (which yields a pretty good graphics speed-up on Lollipop devices!). It will be the default Android version when the cordova-cli 4.1.0 is released.
To upgrade:
npm install -g cordova cd my_project cordova platform update android@3.7.1To add it explicitly:
cordova platform add android@3.7.1For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Tools Release: January 09, 2015
New versions of cordova tools are now live!
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
-
Plugins Release: December 9, 2014
The following plugins were updated today:
- org.apache.cordova.battery-status@0.2.12
- org.apache.cordova.camera@0.3.4
- org.apache.cordova.console@0.2.12
- org.apache.cordova.contacts@0.2.15
- org.apache.cordova.device@0.2.13
- org.apache.cordova.device-motion@0.2.11
- org.apache.cordova.device-orientation@0.3.10
- org.apache.cordova.dialogs@0.2.11
- org.apache.cordova.file@1.3.2
- org.apache.cordova.file-transfer@0.4.8
- org.apache.cordova.geolocation@0.3.11
- org.apache.cordova.globalization@0.3.3
- org.apache.cordova.inappbrowser@0.5.4
- org.apache.cordova.media@0.2.15
- org.apache.cordova.media-capture@0.3.5
- org.apache.cordova.network-information@0.2.14
- org.apache.cordova.splashscreen@0.3.5
- org.apache.cordova.statusbar@0.1.9
- org.apache.cordova.vibration@0.3.12
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then readding it. E.g. To update your camera plugin:
cordova plugin rm org.apache.cordova.camera cordova plugin add org.apache.cordova.cameraChanges include:
-
iOS 64-bit apps in Cordova
Apple has recently announced that new and updated apps submitted to the Apple App Store must include 64-bit support for them to be approved. This change will be implemented by the Apple App Store starting February 1, 2015.
This means that starting at that time, Cordova-based apps should be built using a version of Cordova that has 64-bit iOS support.
The first version of Cordova to include 64-bit for iOS is 3.4.1. Therefore, to meet these requirements of the Apple App Store, you should be using at least version 3.4.1 of Cordova before this February deadline.
-
Automating Performance Audits for Cordova apps
While developing mobile apps with Cordova, performance is a common concern many developers have. Though recent WebView improvements have made smooth experiences easy to achieve, it is always important to watch out for code in our apps that may make the app janky.
Measuring Performance
The latest versions of Android and iOS WebViews can connect to and leverage developer tools in browsers for profiling rendering performance of apps. Developer tools provide insights into details like frames rates, repaints, layouts, etc.
Articles (like my performance audit workflow and the runtime performance checklist) articulate the typical workflow for auditing performance of webpages. Similar principles can be applied to apps too.
-
Tools Release: November 13, 2014
New versions of cordova tools are now live!
To update your tools:
If you have
cordovainstalled:npm install -g cordovaIf you have
plugmaninstalled:npm install -g plugman
-
Critical Update: Windows 3.7.1. Release
A certificate in the Windows platform template has expired on 11/11/2014 and as a result, building Windows using the Cordova CLI currently fails. This affects all existing projects and any new projects created using the command line prior to Cordova versions <=
4.0.0.Note that this does not affect the WP8 platform.
Error Message
When building Cordova for Windows, you may seen an error message that looks something like this
cordova run windows C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\AppxPackage\Microsoft.AppXPackage.Targets(1772,9): error APPX0108: The certificate specified has expired.For more information about renewing certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
Workaround
This issue will be fixed in the next release of the Cordova CLI
However, to ensure that you can continue building your existing Cordova projects for Windows till then, please replace the expired certificate located at
yourCordovaProject\platforms\windows\CordovaApp_TemporaryKey.pfxwith a new one from here. Ensure that the downloaded file is renamed toCordovaApp_TemporaryKey.pfx -
Apache Cordova Windows & Windows Phone 3.7.0
We are happy to announce that
Cordova Windows & WP8 3.7.0has been released!This release has various bug fixes.
It will be available in the next cordova-cli release (Cordova CLI 4.1.0), which is expected in a few days.
To upgrade (once CLI update is released):
npm install -g cordova cd my_project cordova platform update windowsTo add it explicitly (available now):
cordova platform add windows@3.7.0 cordova platform add wp8@3.7.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Apache Cordova iOS 3.7.0
We are happy to announce that
Cordova iOS 3.7.0has been released!This release has various bug fixes, and will be the default iOS version when the cordova-cli 4.1.0 is released. This release also requires Xcode 6.
To upgrade:
npm install -g cordova cd my_project cordova platform update iosTo add it explicitly:
cordova platform add ios@3.7.0For non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Plugins Release: October 17, 2014
The following plugins were updated today:
- cordova-plugin-camera: 0.3.3
- cordova-plugin-contacts: 0.2.14
- cordova-plugin-file-transfer: 0.4.7
- cordova-plugin-globalization: 0.3.2
- cordova-plugin-inappbrowser: 0.5.3
- cordova-plugin-media: 0.2.14
- cordova-plugin-media-capture: 0.3.4
- cordova-plugin-network-information: 0.2.13
- cordova-plugin-splashscreen: 0.3.4
Notable changes include:
- CB-7633 - Add
iPhone 6/6+support forcordova-splashscreenplugin - CB-7595: Android L changes the type from
MobiletoCellularforcordova-network-informationplugin. - CB-7429 Added Windows support for
cordova-media-captureplugin - CB-7548 BlackBerry10 Re-implement
getPreferredLanguage()andgetLocaleName()forcordova-globalizationplugin. - CB-7529 Windows Adds support for
ms-appdata URIsforcordova-file-transferplugin
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then readding it. E.g. To update your camera plugin:
cordova plugin rm org.apache.cordova.camera cordova plugin add org.apache.cordova.cameraOther changes include:
-
Apache Cordova CLI 4.0 Release
We are happy to announce that
Apache Cordova CLI 4.0has been released!We have also released
Cordova-Browser 3.6.0,Cordova-Android 3.6.4,Cordova-Windows 3.6.4, andCordova-WP8 3.6.4.Most notable changes include:
- Cordova CLI version bump to
4.0.0to reflect our changes in release policy. - WP8 and Windows both implemented support for
--targetflag - Initial support for Cordova-Browser platform.
- CB-5390 Uninstall - recursively remove dependencies of dependencies
To upgrade: (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
Cordova CLI bumped to version 4.0
We have recently decided to update our release process to include independent releases for platforms. This means that our platform maintainers can release updates when they need to and not have to wait for other platforms to be ready to release.
- Cordova CLI version bump to
-
Plugins Release: September 22, 2014
The following plugins were updated today:
- cordova-plugin-battery-status: 0.2.11
- cordova-plugin-camera: 0.3.2
- cordova-plugin-console: 0.2.11
- cordova-plugin-contacts: 0.2.13
- cordova-plugin-device: 0.2.12
- cordova-plugin-device-motion: 0.2.10
- cordova-plugin-device-orientation: 0.3.9
- cordova-plugin-dialogs: 0.2.10
- cordova-plugin-file: 1.3.1
- cordova-plugin-file-transfer: 0.4.6
- cordova-plugin-geolocation: 0.3.10
- cordova-plugin-globalization: 0.3.1
- cordova-plugin-inappbrowser: 0.5.2
- cordova-plugin-media: 0.2.13
- cordova-plugin-media-capture: 0.3.3
- cordova-plugin-network-information: 0.2.12
- cordova-plugin-splashscreen: 0.3.3
- cordova-plugin-statusbar: 0.1.8
- cordova-plugin-vibration: 0.3.11
Notable changes include:
- There is a new framework for testing the plugins. This affects plugin developers, not plugin users.
- Many fixes have been made to the file plugin and other plugins that use it.
- Globalization plugin has been cleaned up.
- Brought the vibration plugin API into alignment with the W3C specification.
The plugins have been updated on our registry at plugins.cordova.io.
-
Apache Cordova 3.6
We are happy to announce that
Apache Cordova 3.6has been released!Most notable changes include:
- Android and Amazon FireOS platforms include a new whitelist for controlling the launch of external applications via intents. Also support for gradle was added.
- CB-6761 Android: Fix native->JS bridge ceasing to fire when page changes and online is set to false and the JS loads quickly
- Windows8 platform is now called Windows to indicate the support for windows universal apps. The windows8/windows platform now supports building apps targeting Windows 8.1 and Windows Phone 8.1 in addition to Windows 8 which was originally supported (see documentation for new --win and --phone Command Line switches).
- For targeting Windows Phone 8.0, the wp8 is still supported.
- Support for Windows Universal Apps is being added.
To upgrade: (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
If this is 3.6.3, where are 3.6.0, 3.6.1, and 3.6.2?
While preparing the 3.6.0 release, the release candidates were published to a write-once repository. When it was discovered that the release candidates needed to be updated, we were unable to modify the write-once repository, so we were forced to bump the version number. This is why all the 3.6 cadence release items are labelled as "3.6.3". So 3.6.3 is the first release of the 3.6.x version. Apologies for the confusion.
What's new in Android
-
Tools Release: August 13, 2014
An updated version of
cordovaandcordova-libare available starting today.To update your tools:
npm install -g cordovaThese contain only one minor function change, which is related to the recent release of Cordova Android 3.5.1. Before today's update, when adding the Android platform to a project, by default it would use version 3.5.0 of Cordova Android. In order to get the latest 3.5.1 of Cordova Android, you would need to manually specify the 3.5.1 version number on the
platform addcommand. Today's update changes the default version of Cordova Android used when adding the Android platform to a project, so that you no longer need to manually specify the 3.5.1 version number to get the 3.5.1 version. You'll now get 3.5.1 by default. -
Plugins Release: August 11, 2014
The following plugins were updated today:
- cordova-plugin-battery-status: 0.2.10
- cordova-plugin-camera: 0.3.1
- cordova-plugin-console: 0.2.10
- cordova-plugin-contacts: 0.2.12
- cordova-plugin-device: 0.2.11
- cordova-plugin-device-motion: 0.2.9
- cordova-plugin-device-orientation: 0.3.8
- cordova-plugin-dialogs: 0.2.9
- cordova-plugin-file: 1.3.0
- cordova-plugin-file-transfer: 0.4.5
- cordova-plugin-geolocation: 0.3.9
- cordova-plugin-globalization: 0.3.0
- cordova-plugin-inappbrowser: 0.5.1
- cordova-plugin-media: 0.2.12
- cordova-plugin-media-capture: 0.3.2
- cordova-plugin-network-information: 0.2.11
- cordova-plugin-splashscreen: 0.3.2
- cordova-plugin-statusbar: 0.1.7
- cordova-plugin-vibration: 0.3.10
Notable changes include:
- Most of the plugins docs are now translated into other languages.
- FirefoxOS has updated many of their proxies for plugins
- FirefoxOS support added to device motion plugin
- Many updates to file plugin for BlackBerry10, FirefoxOS and Windows
- BlackBerry10 & FirefoxOS support added to globalization plugin
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then readding it. E.g. To update your file plugin:
cordova plugin rm org.apache.cordova.file cordova plugin add org.apache.cordova.fileOther changes include:
-
Apache Cordova Android 3.5.1 Update
On Monday, we released Cordova Android 3.5.1, to address a couple of security issues. Afterwards, talking with the original researchers, we realized that the text of the security announcement that went out wasn't quite right, so we've amended it.
You can read the amended blog post here.
The issue in CVE-2014-3502 is that Cordova applications would, by default, pass any URLs that they couldn't load to the Android intent system for handling. This lets developers construct URLs that open email applications, maps, or send SMS messages, or even open web pages in the system browser, but it also allowed malicious URLs that could potentially open other applications on the device. This meant that if someone could execute their own JavaScript in your application, that they could use other applications on the device to "phone home" with the user's data. This is why we are recommending that all Android developers upgrade to Cordova 3.5.1.
-
Apache Cordova Android 3.5.1
Updated: 2014-08-06 (The text of CVE-2014-3502 was changed after this post was released, to better explain the cope of the issue and the ways to mitigate the problem)
Security issues were discovered in the Android platform of Cordova. We are releasing version 3.5.1 of Cordova Android to address these security issues. We recommend that all Android applications built using Cordova be upgraded to use version 3.5.1 of Cordova Android. Other Cordova platforms such as iOS are unaffected, and do not have an update.
When using the Cordova CLI, the command to use 3.5.1 of Cordova Android is:
cordova platform add android@3.5.1 --usenpmThe security issues are CVE-2014-3500, CVE-2014-3501, and CVE-2014-3502.
For your convenience, the text of these CVEs is included here.
-
Tools Release: July 10, 2014
New versions of
plugman,cordovaandcordova-libare now live!To update your tools:
npm install -g cordova npm install -g plugmanMost notable changes are:
- Support for splash screens
- Drop wp7 as platform
- An experimental feature that allows to persist the currently added plugins to config.xml. Try it out as:
cordova save plugins --experimental- and later when you check out the project without a plugins folder:
cordova restore plugins --experimental- Read Gorkem Ercan's post for details.
- We are experimenting with using
browserifyto package ourcordova.jsbuild artifact. This is an internal change to our tooling, and is currently still off-by-default. We would appreciate feedback since we hope to switch to on-by-default in a future release. Try it using plugman as:plugman (un)install --browserify --project [PROJECT] --plugin [PLUGIN] --platform [ios|android]
Other changes include:
-
Plugins Release: July 8, 2014
The following plugins were updated today:
- cordova-plugin-contacts: 0.2.11
- cordova-plugin-network-information: 0.2.10
Notable changes include:
- The network-information plugin no longer crashes immediately if no network is available
navigator.contacts.pickContactAPI has been added for Android, iOS, Windows Phone 8 and Windows 8 platformsnavigator.contacts.findAPI on Android, iOS and Windows Phone 8 now supportsdesiredFieldswhich specifies contact fields to be returned- Contacts on Firefox OS no longer requires manual change of the application permissions
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then re-adding it. E.g. To update your contacts plugin:
cordova plugin rm org.apache.cordova.contacts cordova plugin add org.apache.cordova.contactsOther changes include:
-
Plugins Release: June 12, 2014
The following plugins were updated today:
- cordova-plugin-camera: 0.3.0
- cordova-plugin-console: 0.2.9
- cordova-plugin-device: 0.2.10
- cordova-plugin-device-motion: 0.2.8
- cordova-plugin-device-orientation: 0.3.7
- cordova-plugin-dialogs: 0.2.8
- cordova-plugin-file: 1.2.0
- cordova-plugin-file-transfer: 0.4.4
- cordova-plugin-geolocation: 0.3.8
- cordova-plugin-globalization: 0.2.8
- cordova-plugin-inappbrowser: 0.5.0
- cordova-plugin-media: 0.2.11
- cordova-plugin-media-capture: 0.3.1
- cordova-plugin-network-information: 0.2.9
- cordova-plugin-splashscreen: 0.3.1
- cordova-plugin-statusbar: 0.1.6
- cordova-plugin-vibration: 0.3.9
Notable changes include:
- Several File plugin changes:
- Initial implementation for Firefox OS
- Important platform-specific paths now exposed as properties on
cordova.file.*(iOS & Android, refer to docs) - Several bug fixes (across most platforms)
- Updated support for BlackBerry 10, Ubuntu & Windows 8
- Every plugin now has its own license file and how to contribute document (
CONTRIBUTING.md)
The plugins have been updated on our registry at plugins.cordova.io.
You can update any plugin by removing it, and then readding it. E.g. To update your file plugin:
cordova plugin rm org.apache.cordova.file cordova plugin add org.apache.cordova.fileOther changes include:
-
Apache Cordova 3.5.0
We are happy to announce that
Apache Cordova 3.5has been released!Most notable changes include:
- Common code between
cordova-cli&cordova-plugmanhas been moved into its own repo namedcordova-lib. - Each platform now has a
package.jsonfile and has been uploaded tonpm. Future updates to thecordova-cliwill make use ofnpminstead ofgitfor loading platforms. - CB-4863 - Drop iOS 5.0 support, and support
arm64. New projects are built as a universal binary (64 and 32-bit), and require a minimum deployment target of iOS 6.0. - This is the last release with support for WP7
- Added Chrome devtools support for debug builds for amazon-fireos
To upgrade: (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
Other changes include:
- Common code between
-
Plugins Release: April 23, 2014
The following plugins were updated today:
- org.cordova.battery-status@0.2.8
- org.cordova.camera@0.2.9
- org.cordova.console@0.2.8
- org.cordova.contacts@0.2.10
- org.cordova.device@0.2.9
- org.cordova.device-motion@0.2.7
- org.cordova.device-orientation@0.3.6
- org.cordova.dialogs@0.2.7
- org.cordova.file@1.1.0
- org.cordova.file-transfer@0.4.3
- org.cordova.geolocation@0.3.7
- org.cordova.globalization@0.2.7
- org.cordova.inappbrowser@0.4.0
- org.cordova.media@0.2.10
- org.cordova.media-capture@0.3.0
- org.cordova.network-information@0.2.8
- org.cordova.splashscreen@0.3.0
- org.cordova.statusbar@0.1.5
- org.cordova.vibration@0.3.8
Many of these are minor, or only relevant to a couple of platforms. However, some notable changes include:
statusbaris now a core Cordova plugin, and now includes support for Windows Phonesplashscreennow includes support for Tizenfilenow produces webview-compatible URLs (file:///) URLs by default when calling.toURLfileincludes much of the functionality of thefile-system-rootsplugin, and allows access to all files on the device (except those blocked by the OS)- iOS In-App-Browser now supports
clearcacheandclearsessioncachelike Android - Fixed several issues in
media-capturewhich prevented it from being used with thefileplugin - iOS warnings have been fixed when compiling for 64-bit ARM
- Windows8 uses the built-in cordova exec proxy for all plugins, rather than a custom proxy.
The plugins have been updated on our registry at plugins.cordova.io.
E.g. To update your file plugin:
cordova plugin rm org.apache.cordova.file cordova plugin add org.apache.cordova.fileOther changes include:
-
Tools Release: April 9, 2014
New versions of
plugman,cordovaandcordova-iosare now live!To update your tools:
npm update -g cordova npm update -g plugmanCordova iOS 3.4.1 is included with the latest update of
cordova.Most notable changes include:
- Update Xcode
.pbxprojfiles according to Xcode 5.1 recommendations - CB-4863 Drop iOS 5.0 support
- CB-4863 supporting iOS
arm64by default - CB-6160 Fix
plugin addfor FirefoxOS. - Fix to never remove top-level plugins that are dependencies + tests.
- CB-6211
cordova infocommand fixed for Windows platform
Other changes include:
- Update Xcode
-
Tools Release: March 5, 2014
New versions of
plugmanandcordovaare now live!To update your tools:
npm update -g cordova npm update -g plugmanMost notable changes include:
- New command
plugman createfor generating a plugin template (CB-4886) - No longer necessary to run
cordova prepareafter installing a plugin (CB-5647) cordovanow shows output of builds and hook scripts- Installing multiple plugins at once is now faster (CB-5885)
Other changes include:
- New command
-
Plugins Release: March 3, 2014
The following plugins were updated today:
- org.apache.cordova.camera@0.2.8
- org.apache.cordova.contacts@0.2.9
- org.apache.cordova.file@1.0.1
- org.apache.cordova.file-transfer@0.4.2
- org.apache.cordova.inappbrowser@0.3.2
- org.apache.cordova.media@0.2.9
- org.apache.cordova.media-capture@0.2.8
Notable changes include:
- Several bugfixes to the recently overhauled
fileplugin - Fixed the default value of
file-transfertrustAllHosts on iOS (was true, is now false) - Prevent malicious code within an
inappbrowseron iOS being able to run code within the host UIWebView
The plugins have been updated on our registry at plugins.cordova.io.
E.g. To update your file plugin:
cordova plugin rm org.apache.cordova.file cordova plugin add org.apache.cordova.fileOther changes include:
-
Apache Cordova 3.4.0
We are happy to announce that
Cordova 3.4has been released!This release has various bug fixes for all of our supported platforms.
Our friends at Mozilla have put together a blog post about getting started with Cordova Firefox OS. Check it out at https://hacks.mozilla.org/2014/02/building-cordova-apps-for-firefox-os/.
To upgrade: (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Plugins Release: Feb 10, 2014
The following plugins were updated today:
- org.apache.cordova.battery-status@0.2.7
- org.apache.cordova.camera@0.2.7
- org.apache.cordova.console@0.2.7
- org.apache.cordova.contacts@0.2.8
- org.apache.cordova.device@0.2.8
- org.apache.cordova.device-motion@0.2.6
- org.apache.cordova.device-orientation@0.3.5
- org.apache.cordova.dialogs@0.2.6
- org.apache.cordova.file@1.0.0
- org.apache.cordova.file-transfer@0.4.1
- org.apache.cordova.geolocation@0.3.6
- org.apache.cordova.globalization@0.2.6
- org.apache.cordova.inappbrowser@0.3.1
- org.apache.cordova.media@0.2.8
- org.apache.cordova.media-capture@0.2.7
- org.apache.cordova.network-information@0.2.7
- org.apache.cordova.vibration@0.3.7
The most noticeable changes in this release are to the File plugin. It has been revamped to use a new URL scheme
cdvfile://localhost/<filesystemType>/<path to file>. These URLs are generated by all file operations, and are passed over the bridge to native code. (This is in contrast to the previous version, which passed around absolute paths on the device filesystem).Most of these changes are to bring us more in line with the HTML Filesystem standard, although they will also allow us to extend the filesystem abstraction to cover new kinds of storage, both internal and external to devices.
Other changes include:
-
Tools Release: Jan 31, 2014
It's been a long time since our last tools release, but it's certainly no sign of stagnation. Today's release is action packed!
- plugman@0.19.0
- cordova@3.3.1-0.3.1
To update your tools:
npm update -g cordova npm update -g plugmanThis release brings with it a plethora of bug fixes as well as some new features! Notably:
config.xmlnow lives at the project root by default (instead of withinwww/)hooksnow lives at the project root by default (instead of within.cordova)- Specify a
www/to use when creating a new project with--link-toor--copy-from - When installing by plugin ID, tell
cordovaandplugmanto search for plugins locally using--searchpath
Full list of release notes:
-
Plugins Release: Jan 2, 2014
The following plugins were updated today:
- org.apache.cordova.battery-status@0.2.6
- org.apache.cordova.camera@0.2.6
- org.apache.cordova.console@0.2.6
- org.apache.cordova.contacts@0.2.7
- org.apache.cordova.device-motion@0.2.5
- org.apache.cordova.device-orientation@0.3.4
- org.apache.cordova.device@0.2.6
- org.apache.cordova.dialogs@0.2.5
- org.apache.cordova.geolocation@0.3.5
- org.apache.cordova.globalization@0.2.5
- org.apache.cordova.inappbrowser@0.3.0
- org.apache.cordova.media@0.2.7
- org.apache.cordova.media-capture@0.2.6
- org.apache.cordova.network-information@0.2.6
- org.apache.cordova.splashscreen@0.2.6
- org.apache.cordova.vibration@0.3.6
With this release, documentation for plugins have moved from http://cordova.apache.org/docs to the
doc/directory within plugins themselves. Eventually, docs will be available online through plugins.cordova.io. Until then, they will be viewable online via github.Aside from documentation, changes include:
-
Apache Cordova 3.3.0
On Friday,
Cordova 3.3went live on npm. Woohoo!This release brings with it initial support for Ubuntu Touch as well as Amazon Fire OS!
To upgrade: (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Apache Cordova 3.3.0 RC1
The Apache Cordova team has just released the first release candidate for Cordova 3.3.0! We will be aiming to release the final version near the end of next week! Just in time for some holiday hacking!
Now we ask you, our community, to please download and help us test!
Installing cordova for the first time:
npm install -g cordova@3.3.0-rc.1Updating your current version of cordova:
npm update -g cordova@3.3.0-rc.1Example of updating your current cordova android project to the latest version:
cd cordovaApp cordova platform update androidIssues can be reported at https://issues.apache.org/jira/browse/CB
We will release a changelog with the offical 3.3.0 release when it ships!
-
Plugins Release: Dec 4, 2013
Today we are doing a plugins release in preparation for Cordova 3.3.0. Most plugins now have support for our upcoming platform additions, Amazon Fire OS & Ubuntu! Most notable changes include:
- Ubuntu support for most plugins
- Amazon Fire OS support for most plugins
- WP8 add support for battery-level
- Camera Plugin now supports Firefox OS
- Geolocation Plugin now supports Firefox OS
- CB-3420 WP feature hidden=yes implemented for inappbrowser
- CB-4724 WP8 - Fixed UriFormatException for inappbrowser
- CB-5291 iOS - Media Capture Audio - status bar issues under iOS 7
- CB-5275 Fixed media-capture's ability to select images & videos on Android
- CB-4747 Fixed BlackBerry background vibrate
The plugins have been updated on our registry at plugins.cordova.io.
The new & improved file plugin did not get released with todays release. It requires more work & testing. We hope to have it out before 3.3.0 lands next week.
-
Apache Cordova 3.2.0
The Apache Cordova team has just released Cordova 3.2.0. Woo Hoo! This release has various bug fixes and enhancements for all of the platforms.
To upgrade to a 3.2 project (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
We are in the process of fixing Android 4.4 (KitKat) related bugs. If you want to develop for KitKat, please read our KitKat blog post.
Two known issues can be found at CB-5398 and CB-5294.
Please report any bugs on our issue tracker.
-
Action Required: Android KitKat Compatibility
Android KitKat brings a massive update to the system WebView. This is terrific news for Cordova developers, as initial reviews give it a big thumbs up.
Update: The following is not actually true. It was an issue with a release candidate, but does not manifest in the final version of the WebView.
However, the update introduced a bug in Cordova applications that were built with Cordova versions prior to
3.1.0, or2.9.1which can cause native bridge callbacks to not be received until another one is made (e.g. by switching in & out of the app). We strongly encourage all apps to update their Cordova version, or to directly apply the fix to cordova-android and cordova-js. -
Apache Cordova 3.2.0 RC1
The Apache Cordova team has just released the first release candidate for Cordova 3.2.0! Barring no hiccups, we will be aiming to release the final version later this week. Now we ask you, our community, to please download and help us test! We want this to be the most solid release yet!
Installing cordova for the first time:
npm install -g cordova@3.2.0-rc.1Updating your current version of cordova:
npm update -g cordova@3.2.0-rc.1Example of updating your current cordova android project to the latest version:
cd cordovaApp cordova platform update androidIssues can be reported at https://issues.apache.org/jira/browse/CB
We will release a changelog with the offical 3.2.0 release when it ships!
-
Apache Cordova 2.9.1
The Apache Cordova team has just released Cordova 2.9.1. Wait what?! You read right! We have backported some bug fixes to the Cordova 2 series for all of you that haven't upgraded to the Cordova 3 series yet. Hurray! Among other fixes, this release backports iOS 7 support.
Users can download the source zip from https://www.apache.org/dist/cordova/cordova-2.9.1-src.zip
We will continue to backport fixes for a few more months, but we highly suggest upgrading to the Cordova 3 series.
-
CLI, Plugman & Plugins Release: Oct 28, 2013
Today we are doing a plugins and tooling release in preparation for Cordova 3.2.0. Most notable changes include:
- Cordova CLI & Plugman have been refactored to use promises instead of callbacks
- CB-5125 Replace shell.exec with child process spawn
- CB-2234 Added cordova info command
- CB-5128 Repo & Issue tags have been added to all of our core plugins plugin.xml file. This will allow us to display issue tracker and repo information on our registry.
- CB-5184 Fix uninstall logic being too aggressive (plugman)
- Overhauled dependency uninstallation in regards to plugins (plugman)
- FirefoxOS support for device-motion, device-orientation and dialogs plugins.
The plugins have been updated on our registry at plugins.cordova.io.
-
Cordova's Plugin Registry
Cordova 3.0 saw a major shift towards plugins. As part of this shift, we're focusing on making plugins easy to use and, equally importantly, easy to discover. App developers want to know what plugins are available to them, and plugin developers want their plugins to be visible to the community.
Our solution, which has been alluded to in previous posts, is the Cordova plugin registry. Using the Cordova CLI, app developers can add plugins to their projects with a single command.
-
Plugins Release: October 10th, 2013
Today we are doing a release for the plugins that have been updated since our last release. We are also excited to announce three new plugins that have recently been added to our registry.
The new plugins include:
- websql for Android
- keyboard for iOS
- statusbar for iOS
The following plugins have been updated for this release:
- cordova-plugin-contacts
- cordova-plugin-file
- cordova-plugin-file-transfer
- cordova-plugin-inappbrowser
- cordova-plugin-media
- cordova-plugin-media-capture
- cordova-plugin-splashscreen
- cordova-plugin-vibration
These plugins have been updated on our registry at plugins.cordova.io.
-
Apache Cordova 3.1
The Apache Cordova team has just released Cordova 3.1.0. Hurray! Most notable changes include:
- Initial (alpha) support for Firefox OS.
- Windows 8 support for CLI project.
- Unified whitelist syntax on iOS and Android
- Documentation translated into several languages (fr zh de it ja ko ru es)
To upgrade a 3.0 project (replace
androidwith the platform you want to update):npm install -g cordova cd my_project cordova platform update androidFor non-CLI projects or for pre-3.0 projects, refer to the upgrade guides.
-
Plugins Release: October 1st, 2013
Today we are doing a plugin release in preparation for Apache Cordova 3.1.0, which is scheduled to be released later this week.
The main change for this release is removing 'core' from the plugin ID fields. This was done to make installing plugins simpler in 3.1.0. We are switching over to using plugin IDs and our plugin registry for plugin installation instead of directly installing from the plugin git urls.
These plugins are compatible with Cordova 3.0.0. Feel free to upgrade your current plugins if you can't wait for 3.1.0 next week. Keep in mind that after you install these updated plugins, if you decide to remove these plugins from your project, you will have to reference the new IDs instead of the old ones that our docs show.
E.g. To update your camera plugin:
cordova plugin rm org.apache.cordova.core.camera cordova plugin add org.apache.cordova.camera -
Last Week in Cordova: FirefoxOS, Translations, bug fixes
Last week Cordova saw 83 commits come in from 24 different authors. No releases were made, but attention was spent on adding Firefox OS support, translating docs, and fixing bugs.
-
Last Week in Cordova
Last week Cordova saw 39 commits come in,
plugmanreached version0.11.0, andCLIreached3.0.9.plugmannow has initial support for Windows Phone, plugin URLs can now specify a git hash and subdirectory, and<engine>tags are now enforced. There was also good progress made towards launching our Plugin Registry. -
Apache Cordova Is Looking for a Few Good Translators
Apache Cordova is going global! Apache Cordova is already being used by developers all over the world and now, we are proud to announce, the Apache Cordova documentation will be translated into a number of languages. But we need your help! With the support of Crowdin, a translation and localization management platform, translators can login to the easy-to-use tooling and provide as much or as little translation assistance as they would like. If you know another language please support Cordova and contribute.
http://crowdin.net/project/cordova
Email ldeluca@apache.org for more information.
-
Apache Cordova 3.0
It went live on Friday! Snapshot available on our download page but before downloading please read on to find out whats new including for more ways to work with Cordova!
Light Weight Core
Cordova 3 introduces a new unified project structure and ships with a very limited API surface. Developers can now compose a version of Cordova with only the APIs they need. In the past, Cordova shipped with the entire kitchen sink of APIs that most applications only needed a small subset of. This lead to messy, and often not even necessary, upgrading for our community. With the release of Cordova 3 you start with a very light weight core and only add the API surface your application requires. Obviously, this means a performance improvement but the real win here is maintenance and upgrading. We'll continue to maintain "core" APIs which are the same device APIs you've come to know and love.
New Command Line Tooling
We're very excited to share two new command line tools: Cordova and Plugman. Both are implemented using
NodeJSand thusly distributed vianpm. Thecordovacommand line tool has been a long time coming. It unifies all platforms into a single project structure, making it easy to maintain a single codebase for multiple platforms. Thecordovatool builds off of our other new tool:plugman, which provides automated discovery, installation, and removal of both core and custom plugins.We've been testing for months but keep in mind both tools are new. Bugs happen, so you if you find one or even just have an idea for a new feature please visit our issue tracker.
-
Apache Cordova Gets an Official Blog
Cordova now has a Blog! Look here to stay up-to-date with what's happening with the project. There is a major release 3.0 just around the corner (July 19, 2013), and we are really excited about it!
Be sure to subscribe using RSS