Security

• 

  Notepad++ on HackerOne
  • donho  

  1
  5
  Votes
  1
  Posts
  2832
  Views

  No one has replied

• 

  How to NOT show STX code on text page ?
  contro characte stx • • vmars vernon  

  4
  0
  Votes
  4
  Posts
  24
  Views

  

  @PeterJones or by using the newer way (which is so much easier) of just having the image in your copy buffer and pasting it in your reply, which will host the image on our server, so IT departments will be less likely to block it – and that way it would still be a valid image Thanks Peter
• 

  Checksums
  • Michael L.E.  

  2
  0
  Votes
  2
  Posts
  16
  Views

  

  @Michael-L-E said in Checksums: Can anybody tell me why the SHA1, SHA256, and MD5 checksums aren’t available to compare with the downloads? There does appear to be SHA256 info available for the 8.1.3 version. Look here, about half way down the site’s page. Titled Integrity & Authenticity validation. Terry
• 

  Prevent access to local drives or command prompt
  • Mike Geubel  

  2
  0
  Votes
  2
  Posts
  19
  Views

  

  @Mike-Geubel Not 100% sure of what you’re asking, but it sounds like you want Notepad++ to be the shepherd of access to other things on the PC it is installed upon? If so, it is not reasonable. That’s the operating system’s job. You should look into setting that up via the OS.
• 

  Need someone to validate 2 files from notepad ++ updater
  • Jnoel111  

  2
  0
  Votes
  2
  Posts
  27
  Views

  

  @Jnoel111 , Last-modified dates can be changed for reasons that don’t seem like the file being “modified” to mere mortals. I found no documentation on this change The executables and DLLs that ship with Notepad++ (including the updater and the plugin list) generally get updated with every release. v7.8.7 was released June 8, 2020 . The zipfile version of the v7.8.7 downloads shows dates of 6/4/2020 for those files. But, like I said, the install process itself, or otherwise touching the files even if they weren’t modified, may have changed the dates. If you’re worried that your files have been changed from the official distribution, you could download the zipfile version (make sure to grab the correct 32bit or 64bit, depending on your current installation) from the official download page, and do a comparison of the “modified” files vs the files in the zipfile – or just overwrite the files in your installation with the files from the zipfile to be sure. Or just grab the most recent v7.9.5 download and install the newest version to get the most recent enhancements and bug fixes.
• 

  VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe
  • Aleksandr Baghramyan  

  9
  4
  Votes
  9
  Posts
  72
  Views

  

  I just told https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection to re-scan, and this time it came up clean, but the Zillya scanner is no longer listed… so presumably sites that still use the zillya scanner will continue to get false positives. @b00kgrrl , I don’t know if it’s possible to update your Windows Security / Windows Defender / whatever’s doing the scan, but maybe you could scan the installer again, and see if you can make it work without triggering Windows Security alert.
• 

  !!! Release key expires tomorrow !!!
  • TomyLobo  

  3
  0
  Votes
  3
  Posts
  24
  Views

  

  Thanks for the info. That explains why the code signing cert date does not align with the gpg key date. I guess I’ll remove all the exclamation marks since it doesn’t seem that urgent… or I would, if I could.
• ?

  This topic is deleted!
  • A Former User  

  1
  0
  Votes
  1
  Posts
  1
  Views

  No one has replied

• 

  This topic is deleted!
  • Alex Connor  

  1
  -7
  Votes
  1
  Posts
  14
  Views

  No one has replied

• 

  Virus Total False Positive
  • E R  

  7
  0
  Votes
  7
  Posts
  7349
  Views

  

  Vpn can help to protect online privacy during web surfing. I have experience with using VeePN VPN during remote working and unblocking new websites without problems.
• 

  Wrong cert on download pages
  • Szelzz  

  4
  2
  Votes
  4
  Posts
  434
  Views

  

  @oneday-oneyear ?? - What are you trying to tell us ??
• 

  Trojan:Trojan.GenericKD.3016333 - Ransomware
  • twgiu  

  2
  0
  Votes
  2
  Posts
  33
  Views

  L

  Hi @twgiu I just downloaded the 32-bit version of Notepad++ from the official website (https://notepad-plus-plus.org/downloads/v7.9.1/) and sent notepad++.exe to virustotal. One of the 72 engines detected malware (Trojan.Generic.giteg). I also uploaded the 64-bit version and it was clean. Being only one engine, named Jiangmin, that detected the virus I’d would be inclined to say that it is a false positive. If possible you can test the 64-bit version and if it results clean, then use that version? For peace of mind you can also post an issue in github (https://github.com/notepad-plus-plus/notepad-plus-plus) where notepad++ developers could confirm whether the downloads are legit or not.
• ?

  user manual outdated.
  • A Former User  

  3
  0
  Votes
  3
  Posts
  25
  Views

  L

  @A-Former-User said in user manual outdated.: it also doesn’t work when I click proceed to npp-user-manual.org(unsafe) I could open that link without problems in Google Chrome, it seems the certificate is valid since October. However, www.npp-user-manual.org was giving the same warning you saw… I cleared my browsing data, including ‘Passwords and other sign-in data’, restarted the browser and now it working proeprly. It happened the same with Firefox and I ‘fixed’ the issue by clearing all my browsing data and restarting… I guess there must be some place in the network and/or in our browsers that is keeping our local certificates from updating?
• 

  Administrator Mode
  • Alan Robinsin  

  2
  0
  Votes
  2
  Posts
  23
  Views

  

  @Alan-Robinsin , In general, to edit a file in administrator mode, the Notepad++ application has to be run in administrator mode. That is accomplished the same as any other Windows application, and is not unique to Notepad++. An example sequence that worked for me Exit all instances of Notepad++. Run one instance as administrator (you may have to browse to the notepad++.exe and right click, run as administrator). it should say [Administrator] at the end of the window title File > Open, and browse to the file you want to edit. You should be able to save, if it was really an administrator-mode issue.
• 

  Check HackerOne Please :)
  • ICEB3AR  

  1
  0
  Votes
  1
  Posts
  20
  Views

  No one has replied

• 

  This topic is deleted!
  • Ashwani Priyadarshi  

  2
  -1
  Votes
  2
  Posts
  15
  Views
• 

  Uninstall.exe not Digitally Signed
  • jmooves  

  2
  1
  Votes
  2
  Posts
  524
  Views

  

  I came across this today also. Very annoying to have exe and dll files not digitally signed. It really puts some doubt into the integrity of the files of the assembly. Please digitally sign on next release please.
• 

  Submit notepad-plus-plus.org for HSTS preloading
  • Kenneth Barber  

  1
  1
  Votes
  1
  Posts
  84
  Views

  No one has replied

• 

  Drop support for TLS 1.0 and TLS 1.1 on notepad-plus-plus.org
  • Kenneth Barber  

  1
  0
  Votes
  1
  Posts
  75
  Views

  No one has replied

• 

  Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”
  • Phil Randal  

  2
  0
  Votes
  2
  Posts
  284
  Views

  

  @Phil-Randal see here.