Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
- Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
- From: Roland King <email@hidden>
- Date: Fri, 12 Feb 2016 17:28:19 +0800
> On 12 Feb 2016, at 17:14, sqwarqDev <email@hidden> wrote:
>
> What I “think” (...read: “hope", cos I really need to be getting on with other stuff, like updating the Sparkle version in my own apps…) is my final version of the script to check for vulnerable Sparkle frameworks and prefPanes (system wide, including backups if connected):
>
> Script version 1.6:
>
> http://applehelpwriter.com/2016/02/10/how-to-check-for-sparkle-vulnerability/
>
> A great deal of excellent contributions have been made by folks over on the AppleScript Users list and it is by no means solely my own work.
>
>
>
> Best
That script reports things which use HTTP even if they are using a version of Sparkle > 1.13, even though that is one of the requirements in your list at the top. eg I’ve updated Hopper and VLC
> pwd
/Applications/Hopper Disassembler v3.app/Contents/Frameworks/Sparkle.framework/Resources
> less Info.plist
…
<key>CFBundleVersion</key>
<string>1.13.1</string>
…
So Hopper according to me should be fine - but it shows in the list.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden