Sparkle Auto Updater has a vulnerability

dustinrue / ControlPlane

ControlPlane - context-sensitive computing for OS X

http://www.controlplaneapp.com

BSD 3-Clause "New" or "Revised" License

1.76k stars 180 forks source link

Sparkle Auto Updater has a vulnerability #450

Closed abc2mit closed 8 years ago

abc2mit commented 8 years ago

The current implementation of Sparkle has a vulnerability that got flagged by my company's scanning software. It's now blocked and I can't use or promote ControlPlane within the company. Can we update Sparkle to the latest version?

abc2mit commented 8 years ago

https://sparkle-project.org/documentation/security/

dustinrue commented 8 years ago

You can download the latest version at http://controlplaneapp.com/download/1.6.4 which has the updated Sparkle client.

abc2mit commented 8 years ago

perfect. thank you!