Columns++ recommended update to 1.0.2
If you are using any version of Columns++ from 0.8 to 1.0.1, I recommend updating to 1.0.2 as soon as possible.
There is a fault in the Search | Replace All/Before/After logic in 0.8-1.0.1 which can cause a hang, necessitating force-closing Notepad++ and hence losing unsaved changes in all open documents.
I apologize for the error.
If anyone knows if there is a way I can make sure the pull request for this update gets merged into the plugins list that will be shipped with the next Notepad++ release, I would appreciate being told how to do it. I hate to see it go out (as it happens, the first release of Notepad++ that will have Columns++ in Plugins Admin) with a known fault that can cause data loss.
@Coises said in [Columns++ recommended update to 1.0.2]
If anyone knows if there is a way I can make sure the pull request for this update gets merged into the plugins list that will be shipped with the next Notepad++ release, I would appreciate being told how to do it.
The next release has already been published, and I don’t think a last-minute rebuild has ever been done for a third-party plugin.
“Use at your own risk” is pretty much the accepted general policy of open source software; that’s why the license includes a liability disclaimer in all capital letters.
For future reference, there’s a self-described “not OFFICIAL” merge window policy on GitHub: Question about Plugin updates and new releases
I recommend updating to 1.0.2 as soon as possible.
Thanks for your work on this useful-sounding plugin. This was my first time downloading it (I tried downloading both “ColumnsPlusPlus-1.0.2.exe” and “ColumnsPlusPlus-1.0.2-x86.zip”), but Windows Defender immediately identified each file as containing Trojan:Win32/Wacatac.B!ml war and blocked them.
VirusTotal appears to confirm the presence of one or more threats:
SHA-256 checksum for my downloaded copy of “ColumnsPlusPlus-1.0.2-x86.zip” matches what you have posted at GitHub. I don’t see an SHA-256 for “ColumnsPlusPlus-1.0.2.exe” posted there, but my downloaded copy of that, according to PowerShell/Get-FileHash, calculates as:
VirusTotal appears to confirm the presence of one or more threats
This is a frustrating situation for me, and I don’t know that there is much I can do about it.
I can promise you that there is no malware in the releases I’ve posted on GitHub, but you don’t know me.
The just-released version of Notepad++ includes Columns++ in Plugins Admin, but I fixed a serious error after the version that will be included, so the fix won’t be included until the next time Notepad++ is updated.
I suspect the Quick Installer gets flagged because I used a very simple method to package a script to update the plugin files — something that’s probably done by malware more often than legitimate software. I might be able to fix that, but it will take time.
I’m not sure why the x86.zip file is flagged. I see just 2 of 61 vendors flagging it. (The x64 file contains exactly the same code, compiled for 64-bit execution, and 1 of 61 vendors flags it.) There is no way for an independent developer to find out why it is flagged. (Understandably, telling programmers how malware is detected would be telling malware authors how to avoid detection.)
The situation may have gotten worse because I included logic to check for new versions, out of concern for exactly the situation that has occurred — finding a serious error too late to have the version with the fix included in the next Notepad++ plugins admin.
I’m sorry that I have no better advice than this to give:
You can trust me and bypass the malware warnings (if your system isn’t configured to deny you that option).
You can compile from source. (Not likely to be practical unless you are a developer yourself and already have Visual Studio set up on your computer.)
You can use the version available through the Plugins Admin in Notepad 8.6.1 and be careful not to use Replace All/Before/After if you have any unsaved data in any tabs, because there is a condition in which it will hang and necessitate force-closing Notepad++.
You can wait until some future version of Notepad++ happens to release with the Plugins Admin containing version of Columns++ in which I haven’t made a serious blunder.
I truly hate this. I’m already disgusted with myself for having made such a serious error, but that I can’t fix it without telling people to ignore their malware scanners and just install anyway is maddening.