06 Mar 2019 14:33:00
When you install Notepad++ version 7.6.4, You might notice there's no more blue-trusted UAC popup. Here's the explanation for the reason that we remove code signing from Notepad++ :
3 years ago DigiCert donated a 3 years code signing certificate to the project, and every good thing has its end, the certificate has been expired since the beginning of this year.
I was trying to purchase another certificate with reasonable price. However I cannot use "Notepad++" as CN to sign because Notepad++ doesn’t exist as company or organization. I wasted hours and hours for getting one suitable certificate instead of working on essential thing - Notepad++ project. I realize that code signing certificate is just an overpriced masturbating toy of FOSS authors - Notepad++ has done without certificate for more than 10 years, I don’t see why I should add the dependency now (and be an accomplice of this overpricing industry). I decide to do without it.
It doesn’t mean there’s no more security in Notepad++, but it will be less flexible for sure:
- SHA256 hash of Installer and other packages will be provided for every release as usual. Too bad for ugly yellow-orange UAC popup while installation.
- Notepad++ will check the SHA256 of all the components (SciLexer.dll, GUP.exe and nppPluginList.dll) used by the program.
Markdown is supposed to work in v7.6.3, but the needed file isn't deployed correctly by the installer. The bug is fixed in this version. Additionally Markdown is available in every package from this release.
European Commission's Free and Open Source Software Auditing Bug Bounty program is still in progress, few vulnerable issues and some crash bugs are identified and fixed in this release thanks to HackerOne team's help.
Download 7.6.4 here:
Auto-updater will be triggered in few days if there's no critical issue found.
If you find any regression or critical bug, please report here: