Vulnerabilities in Notepad ++ (Sept. 2023)

[Gandalf_The_Grey]

Several vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) are believed to exist in the popular Notepad ++ editor and have been reported to the developer by a security researcher. The vulnerability ratings range from medium to high. Although this report was made several months ago, there is no security update for Notepad ++ yet, although several product updates have been made in the meantime. When an update will be available is currently open.

Although the developer released product updates, the vulnerabilities were not closed. In addition, the developer stated that Notepad v8.5.4 could not be compiled with AddressSanitizer (ASAN) as a security option. In July 2023, it was confirmed that v8.5.4 could be compiled with ASAN. However, the developer has released further Notepad++ updates without fixing the reported vulnerabilities.

After the problems were pointed out to the developer several times, he was sent a proof of concept in binary format (instead of as a Python script). There has been no reaction so far, although further updates of notepad ++ have been made. The security researcher then published his findings on August 21, 2023. When an update to fix the vulnerabilities will come is still unclear. However, there is this 2-day-old comment from the developer that he has accepted the request to fix the vulnerability – the publication of the vulnerabilities seems to have worked.

Vulnerabilities in Notepad ++ (Sept. 2023)

[German]Several vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) are believed to exist in the popular Notepad ++ editor and have been reported to the developer by a security researcher. The vulnerability ratings range from medium to high. Although this report was made

borncity.com

 

[Gandalf_The_Grey]

Notepad++ v8.5.7 Release (Vulnerability fixes)

Notepad++ v8.5.7 release: Vulnerability fixes | Notepad++

Notepad++ v8.5.7 Change log:

1. Fix 4 security issues CVE-2023-40031, CVE-2023-40036, CVE-2023-40164 & CVE-2023-40166. (Fix #14073 )
2. Security enhancement: Sign uninstall.exe. (Fix #14099 )
3. Change the slogan in installer. (Fix #14052 )
4. Fix eventual memory leak while reading Utf8-16 files. (Fix #4120 , #5806 , #4443 )
5. Fix dragging tab performance issue while Document List is displayed. (Fix #13479 , #12632 )
6. Add supperss 2GB file warning option for x64. (Fix #14055 )
7. Fix cloned document disassociated issue after Notepad++ being relaunched. (Fix #10266 )
8. Fix session file saving problem if it’s read-only. (Fix #14024 , #13894 , #13859 )
9. Fix activating wrong file(s) issue after loading session file. (Fix #14006 )
10. Fix product version value displayed in file’s properties. (Fix #14010 , #11886 , #11431 )

Please report here if you find any regression and critical bug. For other issues please post to General Discussion or other topics.

Notepad++ v8.5.7 Release (Vulnerability fixes)

Notepad++ v8.5.7 Release: https://notepad-plus-plus.org/news/v857-released-fix-security-issues/ Notepad++ v8.5.7 Change log: Fix 4 security issues CVE-2023-...

community.notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6: 20th-Year Anniversary

Notepad++ v8.6.0 release notes:

Today, Notepad++ celebrates its 20th anniversary, marking two decades of evolution from the inaugural v1.0 release on SourceForge in 2003 to the current v8.6, encompassing 238 official releases. Reflecting on the early days, Don Ho - the creator and lead developer - recalls the solitary journey of coding, web design, marketing, and more, likening open-source projects to a solo endeavor on a deserted island.

Notepad++ v8.6.0 changelog:

• Multi-edit is fully supported in Notepad++. (Fix #14266, #8203)
• Make multi-select background & caret colours customizable. (Fix #14302)
• Make session inaccessible files remembered (empty & read-only document as placeholder). (Fix #12079, #12744, #13696)
• Fix missing session invalid error for user session & enhance API NPPM_GETNBSESSIONFILES. (Fix #14228)
• Fix network shared files saving regression. (Fix #14300)
• Update Scintilla to v5.3.8 & Lexilla to v5.2.8. (Fix #13442, #14188, #14288)
• Fix docking panel crash due to messing up config.xml. (Fix bug report
• Fix invalid styler.xml making Notepad++ crash issue. (Fix #12101)
• Fix tab-closing crash by middle mouse button (unexpected mouse position). (Fix #14328)
• Fix 2 performance issues in Style Configurator. (Fix #14321)
• Add 3 line operation (delete, copy & cut) shortcuts. (Fix #14296)
• Display extra info in the status bar of Find/Replace dialog to avoid PEBKAC. (Fix #14307)
• Fix “Hide lines” command hiding unselected lines issue. (Fix #14166)
• Fix silent installer mode when Notepad++ is running issue. (Fix #10189, #10277, #22514, #14236, fix partially #8514)
• Fix Updater’s vulnerability (update cURL in WinGUp for fixing CVE-2023-38545). (Fix WinGUp issue #50)
• Fix incoherent behaviour of “Duplicate Current Line” menu command. (Fix #5298)
• Fix JSON5 not using JSON keywords. (Fix #14205)
• Fix empty message showing while cancelling session file saving dialog. (Fix #14235)

Notepad++ v8.6: 20th-Year Anniversary | Notepad++

notepad-plus-plus.org

Download Notepad++ v8.6: 20th-Year Anniversary | Notepad++

notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.5 release

2024-03-30

To address a performance issue of “Replace All” in previous version 8.6.4, Notepad++ no longer triggers SCN_MODIFIED and other Scintilla notifications during the “Replace All” action. Consequently, some plugins that rely on Scintilla’s notifications may malfunction after a “Replace All” operation. To rectify this regression, a new notification called NPPN_GLOBALMODIFIED has been implemented in Notepad++ v8.6.5. Plugin developers should monitor NPPN_GLOBALMODIFIED alongside SCN_MODIFIED, if SCN_MODIFIED is already monitored in the plugin. For additional information about NPPN_GLOBALMODIFIED, please refer to this link: New NPPN_GLOBALMODIFIED notification

The session loss problem and the data loss due to the power outages issue are also addressed in this release.

There are more enhancements & bug-fixes. Get more info about this release or download v8.6.5 here: Download Notepad++ v8.6.5 | Notepad++

Notepad++ v8.6.5 release | Notepad++

notepad-plus-plus.org