Notepad++ v8.8.3 Release Candidate

donho

@xomx

The important is, you left the code-signing one “Issued to” to be the Notepad++, so the possible future UAC pop-ups can say “Notepad++” as the “Verified publisher” (with the N++ cert in the Trusted Root CA) as it was before, right?

Yes, exactly - if the root certificate is installed on users’ machine.

@PeterJones

I confirm the above information.

BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt

You might consider to include Notepad++ root certificate (nppRoot.crt) in npp-user-manual.org and also the following information:

Name: Notepad++ Root Certificate
Serial Number: 7A137FBEA48E8D469D2B43D49EBBCB21
Thumbprint: C80539FF7076D22E73A01F164108DAFBF06E45E4
SHA256: 443B4543C3A682804540849793556FFD3A6CE5D4721C9ADFDA6450223DDD54D7
Created: 2025-07-09
Expires: 2055-07-09

so users could have 3 sources to download the root certificate and do the croiss-verification.
It’s totally up to you. But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page.

PGomersall

@donho said in Notepad++ v8.8.3 Release Candidate:

BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt

@donho nppRoot.crt is not found at that location

PeterJones

@PGomersall said in Notepad++ v8.8.3 Release Candidate:

nppRoot.crt is not found at that location

I think you missed two of Don’s words from his sentence: “the root certificate will be available” – “will be” implies future tense, so not yet.

–
update: an hour later, that file does exist at https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt … so no more waiting

PeterJones

@donho said in Notepad++ v8.8.3 Release Candidate:

But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page.

Sorry if I wasn’t fast enough for the Release Notes…

https://npp-user-manual.org/docs/certs/nppRoot.crt

donho

@PeterJones said in Notepad++ v8.8.3 Release Candidate:

Considering @donho said above, “BTW, I should make https work, I know - it’s on my TODO list.”, I can confidentally conclude that the goal is to get it renewed. ;-)

FYI,
It’s done with let’s Encrypt:
https://download.notepad-plus-plus.org/repository/

Ben H

@donho VirusTotal is flagging v8.8.3 with the following:

Is this a concern or a false positive?

Thanks.

donho

@Ben-H
False positive.
Because if I put malware into Notepad++, I would not tell you.

Ben H

@donho
Thanks. Is there a way to check with BKav Pro security vendor to see why it is a false positive? We just needed some explanation or confirmation that we are in the clear in order to satisfy the audit requirement by our company. Appreciate the Notepad++ team as always.

datatraveller1

@Ben-H I have just written to BKAV customer services and asked them to disable the false positive. I’ve had a good experience with this company and I’m sure it will disappear soon.

Ben H

@datatraveller1
Great. Thanks much!

datatraveller1

This post is deleted!