Security

• 

  Notepad++ on HackerOne
  • donho  

  1
  5
  Votes
  1
  Posts
  2800
  Views

  No one has replied

• 

  This topic is deleted!
  • Ashwani Priyadarshi  

  2
  -1
  Votes
  2
  Posts
  14
  Views
• 

  Uninstall.exe not Digitally Signed
  • jmooves  

  2
  1
  Votes
  2
  Posts
  514
  Views

  

  I came across this today also. Very annoying to have exe and dll files not digitally signed. It really puts some doubt into the integrity of the files of the assembly. Please digitally sign on next release please.
• 

  Submit notepad-plus-plus.org for HSTS preloading
  • Kenneth Barber  

  1
  1
  Votes
  1
  Posts
  82
  Views

  No one has replied

• 

  Drop support for TLS 1.0 and TLS 1.1 on notepad-plus-plus.org
  • Kenneth Barber  

  1
  0
  Votes
  1
  Posts
  70
  Views

  No one has replied

• 

  Wrong cert on download pages
  • Szelzz  

  2
  2
  Votes
  2
  Posts
  417
  Views

  

  @Szelzz Could be the reason why the download links on the official download site are http links. This should be changed, it makes no sense to provide a web site with an https address and the download links of the software are http.
• 

  Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”
  • Phil Randal  

  2
  0
  Votes
  2
  Posts
  275
  Views

  

  @Phil-Randal see here.
• 

  Why is it a security issue to load Notepad++ plugins from %APPDATA% folder?
  • Prahlad-Makwana4145  

  3
  0
  Votes
  3
  Posts
  5224
  Views

  

  I really hope, that you are just “playin” a security analyst. Access via network sharing requiers administrative rights so the person could copy the directly to ProgramFiles folder and the user is helpless.
• 

  Virus Total False Positive
  • E R  

  4
  0
  Votes
  4
  Posts
  7281
  Views

  

  welcome to the notepad++ community, @Jason-Watts please only download notepad++ from the official source: https://notepad-plus-plus.org/download/ . there is also no legit release, which you could download via play store, as notepad++ is a windows/wine application only, and not available for android devices. please also be aware of many other scam application that exist on insecure mobile platforms, on cellulars and tablets without a sandbox capable operating system. note: on your pc, you can scan your download sources beforehand, without downloading it, by submitting the download link to www.virustotal.com as it will there be scanned by appx. 70 different antivirus and anti-malware engines at once. example: https://notepad-plus-plus.org/repository/7.x/7.7/npp.7.7.Installer.exe will give you zero virus and malware detections. virus total scan result page: https://www.virustotal.com/gui/url/143f5732a19edc34ecc3ee8dfdeae4c33a5eb6e0ad48ca4ce08832ab43a09856/detection best regards and good luck cleaning your device.
• 

  Notepad++ not Digitaly signed
  • Mina Etterstad  

  1
  0
  Votes
  1
  Posts
  1803
  Views

  No one has replied

• 

  Plugin Manager site unreachable - SSL Certificate Expired
  • RichDempsey  

  4
  0
  Votes
  4
  Posts
  3861
  Views

  

  @dinkumoil Thanks for catching that issue. The above posts have been edited and now point to the .org domain to keep users from mis-clicking.