The Mobile & Digital Assistant Blog covers the latest in mobile and conversational AI development and engagement

Cordova updates in MAF 2.3

Graeme Mawson
Senior Principal Product Manager

MAF 2.3 introduced a number of new & exciting features, as described in this blog post

In addition to these, the embedded Cordova engines for each platform were upgraded to the following versions: 

  • Android: 4.1.1
  • iOS: 4.0.1
  • Windows: 4.0.0

So what does this mean for you, the MAF app developer? 

Plugin updates

These are significant upgrades for both Android and iOS, with a number of deprecated APIs being removed.

The core plugins contained with the MAF 2.3 release have been updated accordingly, but if you are using any 3rd party plugins, you should verify that they are compatible with each of the Cordova platform versions listed above. You may need to update to a later version of some 3rd party plugins.

If you have developed your own Cordova plugin for use in your MAF apps, you should ensure that it is compatible with these Cordova platform versions. A list of API changes in v4.0.0 of Cordova for iOS can be found here.

Android security

The Cordova for Android update contains a number of security fixes.

When uploading your MAF 2.2.2 app to the Google Play Developer Console, you may have received emails with the subject “Google Play warning: You are using a vulnerable version of Apache Cordova” that state the following:

Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK.

Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.

The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.

This has been addressed in MAF 2.3 with the upgrade to Cordova for Android. If you migrate your app to MAF 2.3 and upload it to the Google Developer Console, you should not longer receive such emails.

Windows Universal Platform support

MAF 2.3 now supports deployment to Intel-based Windows 10 tablets, laptops and desktops. In this release, MAF apps must be side loaded onto Windows 10 devices, or deployed to the Windows 10 machine on which the MAF app is being developed.

Setup instructions can be found in the MAF 2.3 Installation Guide.

Deployment instructions can be found in the MAF 2.3 Developer Guide.


These versions of Cordova use a new whitelisting mechanism. For iOS and Windows this is built in, but for Android you must include the cordova-plugin-whitelist plugin if you wish to maintain a whitelist.

The Cordova Whitelist Guide provides more information on the details of whitelist configuration and management.

MAF 2.3 no longer provides direct support for whitelisting, but if your MAF app makes use of a Remote URL that allows access to device services and you would like to use a whitelist, please refer to the MAF 2.3 Developer Guide for information on how to include and configure the required plugins.

Join the discussion

Comments ( 4 )
  • Siva Saturday, April 23, 2016

    What to be done if we use the api AdfmfJavaUtilities.addWhiteListEntry in the code for both iOS and Android.

  • Graeme Mawson Monday, April 25, 2016

    Hi Siva, AdfmfJavaUtilities.addWhiteListEntry is now a NOP and your app should continue to work as expected since there will be no active whitelisting. If you have further questions about this, please contact Oracle Support or ask the Oracle MAF community - https://community.oracle.com/community/oracle-mobile/oraclemaf.

  • maria Thursday, July 21, 2016

    Hi.. I need to disable default whitelisting so that the remote url opens up in default browser of the device. I got to know at design time, the remote url is by default whitelisted. How can I disable it?

  • Graeme Mawson Friday, July 22, 2016

    Hi Maria, there is no whitelisting by default in MAF 2.3 and above. MAF's Remote URL content is designed to display the remote website in situ. If you want to display a link to a remote URL that opens in the system browser when tapped, you should make use of a plugin, such as cordova-plugin-inappbrowser. If you have further queries about how to make this work, please discuss them in the Oracle MAF Community - https://community.oracle.com/community/oracle-mobile/oraclemaf.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content