github
/
notepad-plus-plus
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
notepad-plus-plus/PowerEditor
History
Don Ho 686bf4fba1 Fix security flaw issue 
There's a security flaw for the un-installation of Notepad++ in Windows Register, the string without quotes:
C:\Program Files\Notepad++\uninstall.exe, whereas it should be "C:\Program Files\Notepad++\uninstall.exe".
The reason is, hacker can create a file called c:\program.exe, then Windows could interpret Files\Notepad++\uninstall.exe as the argument, so the system could run c:\program.exe. Ref:
https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464

Fixed by @ozone10:

Fix #10191, fix #6165, close #10369
 		2021-08-13 13:49:40 +02:00
..
Test Fix security flaw issue 2021-08-13 13:49:40 +02:00
bin Notepad++ 8.1.3 Release 2021-08-12 19:39:53 +02:00
gcc Fix GCC compiler warnings in Notepad++ 2021-06-23 12:49:06 +02:00
installer Fix security flaw issue 2021-08-13 13:49:40 +02:00
misc/chameleon
scintilla.original.forUpdating Upgrade Scintilla from v4.2.0 to v4.4.6 2021-02-21 19:14:40 +01:00
src Notepad++ 8.1.3 Release 2021-08-12 19:39:53 +02:00
visual.net Remove "Unicode" from build configuration names 2021-07-29 15:14:55 +02:00