Vulnerability CVE-2024-7264 in `libcurl.dll` – When Will It Be Addressed in Notepad++?

Madhav Vasanth

Hi all,

I recently updated Notepad++ to the latest version, hoping it would resolve the vulnerability in libcurl.dll (CVE-2024-7264), which affects versions >= 7.32.0, < 8.9.1. However, after the update, I checked the libcurl.dll version in the C:\Program Files (x86)\Notepad++\updater\libcurl.dll path, and it still shows version 8.4.0, which remains vulnerable.

Is there any planned release that will include libcurl version 8.9.1 or higher to fix this vulnerability? Or should I manually update the libcurl.dll file? Any guidance would be appreciated.

Thanks!

Alan Kilborn

@Madhav-Vasanth

Do you think you get better answers if you post the same thing 3 times??

Madhav Vasanth

@Alan-Kilborn is it posted 3 times

Alan Kilborn

@Madhav-Vasanth said in Vulnerability CVE-2024-7264 in &#x60;libcurl.dll&#x60; – When Will It Be Addressed in Notepad++?:

@Alan-Kilborn is it posted 3 times

I’m sure that you know that it is, and you’re just acting ignorant of that fact.

xomx

https://github.com/notepad-plus-plus/wingup/issues/73#issuecomment-2362168716

Madhav Vasanth

@Alan-Kilborn Hehe… i thought i il get response from every side

Madhav Vasanth

@xomx Thanks for the info