• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

  • Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • From: 2551phil <email@hidden>
  • Date: Thu, 11 Feb 2016 21:13:31 +0700

On 11 Feb 2016, at 20:21, Yvan KOENIG <email@hidden> wrote:

CopyPaste Pro.app : https://www.scriptsoftware.com/appcastSSL.php?pid=89 (use version 1.5 Beta 6)
Pacifist.app : https://www.charlessoft.com/cgi-bin/pacifist_sparkle.cgi (use version 1.5 Beta (bzr))



They use 1.5b and will continue to do so because they need to support Snow Leopard. Later versions of Sparkle require 10.7 or later. 

This is why the version of Sparkle is really quite irrelevant (at least concerning the vulnerability under discussion). What matters is whether the appcast and release notes are https or not. If they are, as I understand it, the Sparkle version is not vulnerable, no matter what version it is.

Again I’ve collated all this info in the blog post I linked to earlier.

Best


Phil
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
References: 
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Bill Cheeseman <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Shane Stanley <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Philip Stokes <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Shane Stanley <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Phil Stokes <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)

  • Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by Date: Re: Sparkle updater check vulnerability script
  • Previous by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by thread: AppleScript System Events help
  • Index(es):
    • Date
    • Thread