It’s a bit concerning that neither the article or Notepad++s blog post say what the affected version is, or what the minimum safe version is.
I’m assuming the minimum version is 8.8.7 since that’s when they moved away from self signed certs, but it would be nice to hear it from the horse’s mouth.
8.8.9 is the fully hardened version, but the 8.8.7 update should have fixed the vulnerability since from what I can tell the publicly available self signed cert was being used for the exploit.
It’s a bit concerning that neither the article or Notepad++s blog post say what the affected version is, or what the minimum safe version is.
I’m assuming the minimum version is 8.8.7 since that’s when they moved away from self signed certs, but it would be nice to hear it from the horse’s mouth.
Did you read it? https://notepad-plus-plus.org/news/v889-released/
Yes, I did.
8.8.9 is the fully hardened version, but the 8.8.7 update should have fixed the vulnerability since from what I can tell the publicly available self signed cert was being used for the exploit.