@Martin-1 said in autoupdater and connection temp.sh:

@PeterJones That is what i meant. I don’t understand what is being said in those links or what is being said above. hence the repeat of my questions.

Then ask for clarification, rather than ask the same thing over and over.

Besides, the https://notepad-plus-plus.org/news/clarification-security-incident/ link that @donho most recently posted seems pretty clear to me:

Who Was Targeted?

This was a highly selective attack by a state-sponsored group targeting specific high-value organizations. Security researchers confirmed that the vast majority of Notepad++ users were never affected - attackers filtered victims based on strategic value, not random distribution.

For most users: Simply updating to the latest version is sufficient.

If you are a member of a a high-value organization, then you need to find someone on your IT team who does understand all the technical details. (If you are unsure whether your organization would be considered “high value”, then it wouldn’t be.) If you are not, then you are part of the “for most users” group. And those instructions seem quite clear to me: manually update to v8.9.1.

@Ilhan-Yumer ,

The developer does not read most posts in this Forum. If you would like to suggest such a move to the developer, I would recommend creating a new Issue at GitHub requesting it (https://github.com/notepad-plus-plus/notepad-plus-plus/issues).

BTW:

5.1-if your home internet speed is fast enough, setup your own web server to your pc under virtualbox(in case of web server software cve’s/rce’s). I or anyone can help with that. Dont forget to hardening server for security.

IMO, this is BAD advice. To suggest to a non-security specialist who runs this as a hobby, that he should self-host, and try to keep up on all the security hardening, is asking him to get hacked even worse than the hack that already happened. He was literally paying a host to provide such services, and the professionals failed; he has now changed providers to a host who has better security procedures.

Believe me it’s not that hard to setup a webserver or harden it, especially while backed by a strong community. The risks are different when hosting at home between hosting remotely. The hosting firm may be offered money to hijack, or an out-of-date hosting management software had rce was waiting to be abused.

@Tavi ,

As far as I can tell, they were unrelated. Scanners such as VirusTotal look at the executable itself, and last year were being triggered by the lack of signing and the self-signing of the executable.

please confirm if this issue is related to the notepad++ hijack news dated 2nd Feb 2026?

The issue you are referring to, as linked here and described in detail here specifically said,

the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.

This was a website hack, and VirusTotal and other such AV scans do not detect website hacks, as far as I understand them.

See the FAQ, which has the best “table of contents” for the website hack. ALL related followups/discussions must go in Topic: autoupdater and connection to temp.sh.

@xomx said in Help needed - Forensic extractor result analyzing:

@donho

What is that for (is it for specific HW, OS or network analysis)?

Ubuntu on a VPS

Fullname of the forensic SW

“Forensic Extractor”

ballpoint.fr

It’s rather to analyze the results to make sure if anything is OK. Note the VPS is only for the wingup.org, whereas notepad-plus-plus.org is on a sharing hosting service.

Thank you for the ref
I will check this company.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

The above instructions are still appropriate for confirming the self-signed certificate, but with the GlobalSign-issued certificate, the procedure is not as critical.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

https://notepad-plus-plus.org/news/v886-released/

@Pulp-Sendo
Already fixed for the upcoming N++ v8.8.6.

@xomx Thanks for your input, the analysis does seem to be a bit on the… overly cautious or paranoid side.
maybe it’s time to find a new resource for risk analysis!

@podlipom51-podlipom51 said in File empty after opening it as Adminitrator:

I was unable to save file. Suggested to open as Administrator after accepting my file is empty. It is very important file for me what to do?

Where were you trying to save the file? To somewhere in c:\program files\ or c:\windows or similarly protected area? Or were you trying to save to a normal writeable directory on your machine’s local drive? Or a mounted network drive? Because it only suggests Administrator if it gets a “permission denied” error when you try to write the file.

after accepting my file is empty. It is very important file for me what to do?

Bummer. Unfortunately, if you already restarted Notepad++, and it didn’t have the Settings > Preferences > Backup set to take “session snapshots and periodic backups”, your unsaved changes were never written to disk anywhere. As soon as Notepad++ exited, those bits were removed from active memory, and were lost. Since the files were likely never written to disk, I doubt that an external file-recovery utility like Recuva would work for you, but you might try directing such at the `c:\users<username>\AppData\Roaming\Notepad++\backup

See our FAQ on backups for more details about how the Notepad++ backup settings work, how the AutoSave plugin can help improve things, and best-practice suggestions for avoiding data loss in the future.

Also, I think one of the frequent contributors is actively working on a solution to have Notepad++ be able to get UAC permission for a file-save without needing to restart the application – such a feature would definitely help in your case. Unfortunately, I’ve spent the last few minutes trying to find the Issue or PR where that was being discussed, and haven’t found it yet.

@Bhaalthazar said in Security of Legacy Notepad++ Versions (CVE-2025-49144):

patching older vulnerable versions

It could be fun, now without the public CA cert available…

Here’s my reply:
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/16638#issuecomment-2947240947