Closed xomx closed 8 months ago
@donho,
Users are starting to ask about this. https://community.notepad-plus-plus.org/topic/25136/libcurl-cve-2023-38545-in-updater
The CVE is critical and on our servers with external exposure, we can't downgrade it, which means it's getting management eyeballs over here.
Since it's just a copy of libcurl.dll in the installed Notepad++\updater\
directory, could you just try getting a newer libcurl.dll from somewhere else and overwriting the one in the updater directory? That might at least be a short-term workaround. (I cannot guarantee it will work, but it would be worth trying, if you know another source for the DLL.)
https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/ https://curl.se/docs/CVE-2023-38545.html
Fixable by curl-8.4.0