New Update Vulnerabilities in Notepad++ (Updates Thread)

[Gandalf_The_Grey]

Several vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) are believed to exist in the popular Notepad ++ editor and have been reported to the developer by a security researcher. The vulnerability ratings range from medium to high. Although this report was made several months ago, there is no security update for Notepad ++ yet, although several product updates have been made in the meantime. When an update will be available is currently open.

Although the developer released product updates, the vulnerabilities were not closed. In addition, the developer stated that Notepad v8.5.4 could not be compiled with AddressSanitizer (ASAN) as a security option. In July 2023, it was confirmed that v8.5.4 could be compiled with ASAN. However, the developer has released further Notepad++ updates without fixing the reported vulnerabilities.

After the problems were pointed out to the developer several times, he was sent a proof of concept in binary format (instead of as a Python script). There has been no reaction so far, although further updates of notepad ++ have been made. The security researcher then published his findings on August 21, 2023. When an update to fix the vulnerabilities will come is still unclear. However, there is this 2-day-old comment from the developer that he has accepted the request to fix the vulnerability – the publication of the vulnerabilities seems to have worked.

Vulnerabilities in Notepad ++ (Sept. 2023)

[German]Several vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) are believed to exist in the popular Notepad ++ editor and have been reported to the developer by a security researcher. The vulnerability ratings range from medium to high. Although this report was made

borncity.com

 

[Gandalf_The_Grey]

Notepad++ v8.5.7 Release (Vulnerability fixes)

Notepad++ v8.5.7 release: Vulnerability fixes | Notepad++

Notepad++ v8.5.7 Change log:

1. Fix 4 security issues CVE-2023-40031, CVE-2023-40036, CVE-2023-40164 & CVE-2023-40166. (Fix #14073 )
2. Security enhancement: Sign uninstall.exe. (Fix #14099 )
3. Change the slogan in installer. (Fix #14052 )
4. Fix eventual memory leak while reading Utf8-16 files. (Fix #4120 , #5806 , #4443 )
5. Fix dragging tab performance issue while Document List is displayed. (Fix #13479 , #12632 )
6. Add supperss 2GB file warning option for x64. (Fix #14055 )
7. Fix cloned document disassociated issue after Notepad++ being relaunched. (Fix #10266 )
8. Fix session file saving problem if it’s read-only. (Fix #14024 , #13894 , #13859 )
9. Fix activating wrong file(s) issue after loading session file. (Fix #14006 )
10. Fix product version value displayed in file’s properties. (Fix #14010 , #11886 , #11431 )

Please report here if you find any regression and critical bug. For other issues please post to General Discussion or other topics.

Notepad++ v8.5.7 Release (Vulnerability fixes)

Notepad++ v8.5.7 Release: https://notepad-plus-plus.org/news/v857-released-fix-security-issues/ Notepad++ v8.5.7 Change log: Fix 4 security issues CVE-2023-...

community.notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6: 20th-Year Anniversary

Notepad++ v8.6.0 release notes:

Today, Notepad++ celebrates its 20th anniversary, marking two decades of evolution from the inaugural v1.0 release on SourceForge in 2003 to the current v8.6, encompassing 238 official releases. Reflecting on the early days, Don Ho - the creator and lead developer - recalls the solitary journey of coding, web design, marketing, and more, likening open-source projects to a solo endeavor on a deserted island.

Notepad++ v8.6.0 changelog:

• Multi-edit is fully supported in Notepad++. (Fix #14266, #8203)
• Make multi-select background & caret colours customizable. (Fix #14302)
• Make session inaccessible files remembered (empty & read-only document as placeholder). (Fix #12079, #12744, #13696)
• Fix missing session invalid error for user session & enhance API NPPM_GETNBSESSIONFILES. (Fix #14228)
• Fix network shared files saving regression. (Fix #14300)
• Update Scintilla to v5.3.8 & Lexilla to v5.2.8. (Fix #13442, #14188, #14288)
• Fix docking panel crash due to messing up config.xml. (Fix bug report
• Fix invalid styler.xml making Notepad++ crash issue. (Fix #12101)
• Fix tab-closing crash by middle mouse button (unexpected mouse position). (Fix #14328)
• Fix 2 performance issues in Style Configurator. (Fix #14321)
• Add 3 line operation (delete, copy & cut) shortcuts. (Fix #14296)
• Display extra info in the status bar of Find/Replace dialog to avoid PEBKAC. (Fix #14307)
• Fix “Hide lines” command hiding unselected lines issue. (Fix #14166)
• Fix silent installer mode when Notepad++ is running issue. (Fix #10189, #10277, #22514, #14236, fix partially #8514)
• Fix Updater’s vulnerability (update cURL in WinGUp for fixing CVE-2023-38545). (Fix WinGUp issue #50)
• Fix incoherent behaviour of “Duplicate Current Line” menu command. (Fix #5298)
• Fix JSON5 not using JSON keywords. (Fix #14205)
• Fix empty message showing while cancelling session file saving dialog. (Fix #14235)

Notepad++ v8.6: 20th-Year Anniversary | Notepad++

notepad-plus-plus.org

Download Notepad++ v8.6: 20th-Year Anniversary | Notepad++

notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.5 release

2024-03-30

To address a performance issue of “Replace All” in previous version 8.6.4, Notepad++ no longer triggers SCN_MODIFIED and other Scintilla notifications during the “Replace All” action. Consequently, some plugins that rely on Scintilla’s notifications may malfunction after a “Replace All” operation. To rectify this regression, a new notification called NPPN_GLOBALMODIFIED has been implemented in Notepad++ v8.6.5. Plugin developers should monitor NPPN_GLOBALMODIFIED alongside SCN_MODIFIED, if SCN_MODIFIED is already monitored in the plugin. For additional information about NPPN_GLOBALMODIFIED, please refer to this link: New NPPN_GLOBALMODIFIED notification

The session loss problem and the data loss due to the power outages issue are also addressed in this release.

There are more enhancements & bug-fixes. Get more info about this release or download v8.6.5 here: Download Notepad++ v8.6.5 | Notepad++

Notepad++ v8.6.5 release | Notepad++

notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.6 release

Notepad++ release 8.6.6 change log:

1. Update to scintilla 5.5.0 & Lexilla 5.3.2. (Merge #15042 )
2. Fix crash when crossing the 2GB file size threshold. (Fix #14944 , #14981 )
3. Fix a performance issue due to URL recognition. (Fix #13916 )
4. Update to nlohman json 3.11.3. (Merge #15041 )
5. Fix multi-edit resists escape after typing issue. (Fix #14649 )
6. Make F3 & Shift-F3 work in Find Replace dialog. (Fix #2138 )
7. Allow Ctrl-TAB to switch tabs in FindReplace, PluginAdmin and UDL dialogs. (Fix #7932 , #14975 )
8. Add programming language support for Go & Raku(Perl 6). (Fix #8090 , #4465 )
9. Fix user defined auto-insert not working issue. (Fix #3171 , #8063 , #12547 , #14831 )
10. Enhance GUI: resize checkboxes/radio buttons as text length needs. (Fix #15006 )
11. Enhance GUI: make sizing arrows more coherent in Find dialog. (Fix #15099 )
12. Fix URL enclosed in apostrophes or backtick not working issue. (Fix #14978 , #14323 , #14212 )
13. Fix wrong dropped file view issue. (Fix #14951 )
14. Fix Korean(한)/English(영) key not working regression. (Fix #14400 , #14973 )
15. Fix the tab labels of some dialogs being cut in Dark mode. (Fix #11012 )
16. Fix close button disappeared issue in Find Replace dialog. (Fix #14940 )
17. Apply dark theme to checkbox buttons on Windows 11. (Fix #14929 )
18. Fix menu bar cluttered in Dark Mode issue. (Fix #10130 )
19. Fix Debug Info minor display regression. (Fix #14921 )
20. Enhance Lua language syntax highlighting. (Fix #7615 , #15081 )
21. Improve the function list support for Ada. (Fix #14908 , #14687 , #14498 )

Auto-update will be triggered in one week if no critical issue found.

Notepad++ v8.6.6 release | Notepad++

notepad-plus-plus.org

Notepad++ v8.6.6 Release

Notepad++ release 8.6.6 is available here: https://notepad-plus-plus.org/news/v866-released/ Notepad++ release 8.6.6 change log: Update to scintilla 5.5.0 &...

community.notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.7 Release

Notepad++ release 8.6.7 change log:

1. Fix regression of multi-edit cursors placed wrongly issue. (Fix #15126 )
2. Fix multi-editing not showing multiple cursors in dark mode. (Fix #15075 )
3. Add auto-completion for Go & Raku, function list for Raku. (Implement #15128 )
4. Fix symbol ‘&’ not showing in Document Switcher. (Fix #15117 )
5. Allow syntax highlighting for custom tags in HTML. (Fix #15093 )
6. Fix dialogs out of screen problem. (Fix #11240 , #14913 )

Notepad++ v8.6.7 release | Notepad++

notepad-plus-plus.org

Notepad++ v8.6.7 Release

Notepad++ release 8.6.7 is available here: https://notepad-plus-plus.org/news/v867-released/ Notepad++ release 8.6.7 change log: Fix regression of multi-edi...

community.notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.8 released:

Notepad++ release 8.6.8 change log:

1. Fix a crash in Column Editor caused by an arithmetic overflow. (Fix #15144 )
2. Fix the issue where any negative repeat value in Column Editor causes a hang. (Fix #15153 )
3. Fix an extra space being inserted in HEX mode issue in Column Editor. (Fix #15168 )
4. Fix a visual glitch of the toolbar pressed buttons in dark mode. (Fix #15225 )
5. Add auto-indent feature for Python. (Fix #15122 )
6. Fix the issue where “show control characters” settings not remembered when switching to another tab. (Fix #13988 )
7. Fix the missing monitoring disabled state icon from the fluent icon set on the toolbar. (Fix #15217 )
8. Adjusted the inaccurate naming of indent settings in thee Preferences dialog. (Fix issue )
9. Fix the issue where the customized color of active tab in inactive view is missing. (Fix #15140 )
10. Introduce a new plugin command “NPPM_GETTABCOLORID” to retrieve the current tab color ID. (Fix #15115 )
11. Allow the tree view dark mode customization for plugins. (Fix #15077 )
12. Fix the popup dialog for updating not metioning ‘Notepad++’. (Fix #14668 )

Notepad++ v8.6.8: Support Taiwan's Sovereignty | Notepad++

notepad-plus-plus.org

 

[Gandalf_The_Grey]

Notepad++ v8.6.9 released:

1. Make installation and updates easy & quiet by adding “Yes (Silent)” button. (Fix #8514)
2. Add new options ‘/closeRunningNpp’ & ‘/runNppAfterSilentInstall’ in the installer. (Implement #15230, implement #15280)
3. Fix crash of “Next Search Result” command on the empty search result. (Fix #15247)
4. Fix the regression where the Find dialog size is not remembered across sessions. (Fix #15294)
5. Fix the regression of content lost by using Encoding “Convert to…” commands. (Fix #15324, #15271, #3054, possibly #9426)
6. Fix the regression of exception/crash on Windows Server Core 2022. (Fix #15313)
7. Prevent DirectWrite from being enabled under Windows Sever. (commit)
8. Enhance the quality of Fluent toolbar icon sets for different DPI settings. (Fix #15253)
9. Improve the look & feel of tabbar close button in dark mode. (Fix #15321, implement #15326)
10. Improve the dark mode tab bar icon in the search results panel. (Implement #15286)
11. Add ability to pre-populate the predefined color sets for custom tones. (Fix #15055)
12. Add “Show All Character” popup menu on toolbar button. (Fix #14832)
13. Fix the rectangular selection copy-paste bug. (Fix #15139, #15151)
14. Allow opening shortcut files (*.lnk) directly if the file extension is changed. (Fix #9643, #11089, #10139)
15. Fix the lost panels issue. (Fix #13084)
16. Add Backspace unindent option. (Fix #15180)
17. Fix CSS more indentation bug. (Fix #14962)
18. Include F13-F24 keys in Shortcut Mapper. (Fix #11975)
19. Fix the problem where the last empty clean untitled tab cannot be closed after renaming. (Fix #15306)
20. Add plugin a command (NPPM_SETUNTITLEDNAME) to rename untitled tab. (Fix #8916)
21. Display a message box with information about disabled backward regex searching. (Fix #15239)
22. Fix the display glitch for unsaved tabs containing tab characters. (Fix #15202)
23. Fix status bar and tab bar flicker during the GUI updated (fixed only for dark mode). (Fix #15260)
24. Fix the issue with “Begin/End Select” command after deletion. (Fix #15221)
25. Resolve the integer overflow problem in the Column Editor. (Fix #15167)
26. Adjust the position of hits text in the File Progress dialog. (Fix #13426, #15244)
27. Fix the deployment of other software blocked due to NppShell. (Fix #62)

Notepad++ release 8.6.9

Notepad++ v8.6.9 is released: https://notepad-plus-plus.org/news/v869-about-taiwan/ Change log: Make installation and updates easy & quiet by adding “Yes (S...

community.notepad-plus-plus.org

 

[lokamoka820]

Notepad++ 8.7.1
Nov 4, 2024

Notepad++ release 8.7.1 change log:

1. Update cURL in Notepad++ updater (WinGUp) for fixing cURL’s CVE-2024-7264 issue. (Fix #73 )
2. Fix opened network files hanging while the network disconnected. (Fix #4306 , #6178 , #8055 , #11388 , #12553 , #15540 )
3. Fix not being able to open folder via cammand argument regression. (Fix #15645 )
4. Update to Scintilla 5.5.3 & Lexilla 5.4.1. (Fix #15228 , #15368 , #15650 )
5. Fix modified Find dialog status msg colors not being remembered throu sessions. (Fix #15724 )
6. Fix hanging issue while hiding lines. (Fix #15630 )
7. Make left behide hide line close marker removable. (Fix #15713 )
8. Fix Find dialog status bar wrong messaging (regression). (Fix #15662 )
9. Fix URL parsing issue with ‘?’ after ‘#’. (Fix #13583 )
10. Add “Close to system tray” ability. (Fix #4075 , #11627 )
11. Add tab created time tooltip for new opened untitled tab. (Fix #15563 )
12. Improve GUI to avoid user confusion between Global override & Default Styles. (Fix #15640 )

Notepad++ v8.7.1 release | Notepad++

notepad-plus-plus.org