w0lfschild
commented
8 years ago Apps that use a vulnerable version of Sparkle and an unencrypted HTTP channel for server updates are at risk of being hijacked to transmit malicious code to end users.
It's not vulnerable as GitHub is https and Github is where all the update stuff happens. Regardless I'll be keeping sparkle up to date.
I found out that apps which use the Sparkle updater have a security flaw which allows them to be hijacked. Has cDock been updated to fix this vulnerability?