Cyberduck Mountain Duck CLI

#9395 closed defect (fixed)

Sparkle autoupdate fails due to insecure SUFeedURL saved in preferences

Reported by: pypt Owned by:
Priority: low Milestone: 4.9
Component: core Version: 4.8.4
Severity: minor Keywords: sparke autoupdate
Cc: Architecture: Intel
Platform: Mac OS X 10.11

Description

When trying to update Cyberduck from an older version, Sparkle fails with:

2016-04-01 09:56:36,249 Cyberduck[28746]: Sparkle: Error: An error occurred in retrieving update information. Please try again
later. The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (URL
http://version.cyberduck.ch/nightly/changelog.rss)

I think this is because the old, pre-App Transport Security updates RSS URL got stuck in ~/Library/Preferences/ch.sudo.cyberduck.plist. Upon going to Preferences -> Update and setting the update branch again, problem fixes itself.

I was concerned that for some users the autoupdate might be broken thanks to an old URL in SUFeedURL so that's why I'm reporting this bug nevertheless. I suppose a quick fix would be to replace http:// to https:// in SUFeedURL independently from what's being set there.

Change History (2)

comment:1 Changed on Apr 5, 2016 at 9:27:15 AM by dkocher

  • Summary changed from Sparkle autoupdate fails due to insecure SUFeedURL value to Sparkle autoupdate fails due to insecure SUFeedURL saved in preferences

comment:2 Changed on Apr 5, 2016 at 9:34:02 AM by dkocher

  • Milestone set to 4.9
  • Resolution set to fixed
  • Status changed from new to closed

In r20034.

Note: See TracTickets for help on using tickets.
swiss made software