Cyberduck Mountain Duck CLI

#9255 closed defect (fixed)

Update Sparkle framework

Reported by: lighscan Owned by:
Priority: highest Milestone: 4.8
Component: core Version: 4.7.3
Severity: critical Keywords: sparkle, update
Cc: Architecture: Intel
Platform:

Description

Current version in use is v1.11.0 This is a problem, because a vulnerability has been found in all versions lower than v1.13.1

http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/

Change History (1)

comment:1 Changed on Feb 10, 2016 at 3:42:10 PM by dkocher

  • Milestone set to 4.8
  • Resolution set to fixed
  • Status changed from new to closed

We updated the dependency in r19310. Actually this is a non-issue here because we have always served the update feed and updates through HTTPS.

Note: See TracTickets for help on using tickets.
swiss made software