Release of Notepad++ v8.9.2 With the release of version v8.9.2, the popular open-source text and code editor has added a significant security feature called the "Double-Lock" update mechanism This article explores signature notepad update. . This update fixes flaws in the application's update infrastructure that were recently the target of a state-sponsored attack.

The official Notepad++ website verified last month that hackers had effectively taken over the program's update channel, enabling the spread of a malicious update. The development team pledged to strengthen the update verification procedure after the incident. The v8.9.2 release has now delivered on that promise. Enhancing the Update Procedure The most recent version adds the ability to verify update files using XMLDSig (XML Digital Signature).

Notepad++'s update server has now cryptographically signed the XML it returned, and before any updates are applied, the signature and certificate will be checked. Notepad++ v8.9.2 has been fixed (source: notepad-plus-plus.org). This implies that all upcoming updates will only be approved after v8.9.2 if they are validated against reliable Notepad++ certificates.

Notepad++ now conducts two separate verifications in addition to this measure, creating what the developers refer to as a "Double-Lock" update system: Verification Layer Source Version Goal Verification of XML Signatures Notepad++ v8.9.2 official website Verifies signed update metadata (XML) to guard against fake or altered update information. Verification of Installer Signatures GitHub version 8.8.9. verifies the digital signature of the installer in order to prevent malicious or altered binaries.

When combined, these safeguards produce a robust security model that guards against malicious interception or update file manipulation. According to the development team, this design successfully renders the update procedure "robust and unexploitable." Improvements to WinGUp Auto-Updater A major security update has also been made to the WinGUp auto-updater, which controls update downloads and installations.

Important enhancements consist of: Enhancement of the Category An explanation Update the security XMLDSig signing To ensure integrity, XML files from the Notepad++ server are digitally signed. Verification twice Validation of two updates signed installer from GitHub plus signed XML from the official website. Enforcement of Certificates Strict verification of signatures Before installing updates, certificates are verified. The risk of DLL side-loading is eliminated by Auto-Updater Hardening Removed libcurl.dll.

More robust SSL Weak cURL options were disabled. enforces more stringent TLS/SSL validation.

Control of Plugins Only signed plugins Only officially certified plugins are permitted. Transparency and Stability Fixes for bugs plus public reaction enhances stability and keeps lines of communication open after an incident. Additionally, users who prefer manual update control can use the MSI parameter: msiexec /i npp.8.9.2.Installer.x64.msi NOUPDATER=1, LinkedIn, and X for daily cybersecurity updates, or they can disable the auto-updater during installation.

To have your stories featured, get in touch with us.