I submitted a Support ticket about this too, but we need an answer ASAP.
We received an email about a vulnerability in the Cordova version below 4.1.1.
There seems to be an issue with this in Telerik Appbuilder, because in our IDE, we only have options for 4.0 and 5.0 (Experimental). Nothing for 4.1.1 (See attached image). And we don't want to upgrade the Cordova version to 5.0 because it is in an "Experimental" state.
Please advise on how to remedy this issue ASAP.
We have many users using our app and we do not want a vulnerability jeopardizing our customer.
See below for the email we received from Google.
Hello Google Play Developer,
Your app(s) listed at the end of this email utilize a version of Apache
Cordova, an open-source mobile development framework, that contains one or more
security vulnerabilities. If you have more than 20 affected apps in your
account, please check the Developer
Console for a full list.
Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as
soon as possible and increment the version number of the upgraded APK. Beginning
May 9, 2016, Google Play will block publishing of any new apps or updates that
use pre-4.1.1 versions of Apache Cordova.
The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using
a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a
version that bundles Apache Cordova 4.1.1 or later.
To confirm you’ve upgraded correctly, submit the updated version to the
Developer Console and check back after five hours. If the app hasn’t been
correctly upgraded, we will display a warning.
For information about the vulnerabilities, please see this Google
Help Center article. For other technical questions, you can post to Stack
Overflow and use the tag “android-security.”
While these specific issues may not affect every app that uses Apache
Cordova, it’s best to stay up to date on all security patches. Apps with
vulnerabilities that expose users to risk of compromise may be considered Dangerous
Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer
Distribution Agreement and Content
Policy. If you feel we have sent this warning in error, contact our policy
support team through the Google
Play Developer Help Center.
The Google Play Team
©2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You have received this mandatory email service
announcement to update you about important changes to your Google Play