chrisbra
commented
1 day ago Each change in the Vim C source code increments the patch number and so we have a new version. And the patchlevel is already part inside the Registry:
Open hexcoder- opened 1 day ago
chrisbra
commented
1 day ago Each change in the Vim C source code increments the patch number and so we have a new version. And the patchlevel is already part inside the Registry:
hexcoder-
commented
1 hour ago Thanks, but on my laptop it looks like this:
hexcoder-
commented
1 hour ago this is from inside vim:
I wonder if this 9.1 version got stuck because i upgraded to 9.1.0 before going to 9.1.733...
chrisbra
commented
35 minutes ago That is strange , it should have been installed in c:\Program Files and not under c:\Program Files(x86) Can you please uninstall and make sure you have no other version installed in c:\Program Files or c:\Program Files (x86)? And then try again?
Also see the twin issue in https://github.com/vim/vim/issues/15990
Problem In my company installed software (eg vim) is scanned regularly. For the installed version of each software component a lookup with known vulnerabilities is done, and in case of any findings the user is urged to update.
For version 9.1.0000 there were 4 known CVEs, that were fixed soon afterwards (thanks!). When I upgraded to the latest vim version the following scans kept reporting those 4 CVEs, since the windows registry only names 9.1 as the vim version, but not eg 9.1.0837. So the scanner is not able to differentiate between the fixed and the vulnerable version. Of course the scanning is automated and will mercilessly escalate this (informing my boss about it).
Describe the solution you'd like If the release policy could be changed to increase the minor version after fixing of CVEs, that would very certainly help.
Alternative If the installer could be changed to put the patchlevel part also in the version as seen in the registry, that maybe might help.
Thanks!