Hello, thank you kindly for letting people post issues here, and this great app. I understand there haven't been new releases recently, but the sparkle framework version being used (and appcast feed being http://) is currently exploitable. Information here: https://vulnsec.com/2016/osx-apps-vulnerabilities/
If we had instructions to build a new version from source to include that newer framework that's fine, but it would be best if you could please put out a new release with a Sparkle version 1.13.1 or higher (if not also changing the app cast feed to only use https:// for BOTH downloads AND release notes, in case you were thinking of separating them). Thanks again.
Hello, thank you kindly for letting people post issues here, and this great app. I understand there haven't been new releases recently, but the sparkle framework version being used (and appcast feed being http://) is currently exploitable. Information here: https://vulnsec.com/2016/osx-apps-vulnerabilities/ If we had instructions to build a new version from source to include that newer framework that's fine, but it would be best if you could please put out a new release with a Sparkle version 1.13.1 or higher (if not also changing the app cast feed to only use https:// for BOTH downloads AND release notes, in case you were thinking of separating them). Thanks again.