686bf4fba1
There's a security flaw for the un-installation of Notepad++ in Windows Register, the string without quotes: C:\Program Files\Notepad++\uninstall.exe, whereas it should be "C:\Program Files\Notepad++\uninstall.exe". The reason is, hacker can create a file called c:\program.exe, then Windows could interpret Files\Notepad++\uninstall.exe as the argument, so the system could run c:\program.exe. Ref: https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464 Fixed by @ozone10: Fix #10191, fix #6165, close #10369 |
||
---|---|---|
.. | ||
APIs | ||
bin | ||
filesForTesting | ||
functionList | ||
images | ||
nativeLang | ||
nsisInclude | ||
themes | ||
nppSetup.nsi | ||
packageAll.bat |