Community
    • Login

    Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?

    Scheduled Pinned Locked Moved Security
    3 Posts 2 Posters 618 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Naveen RathnamN Offline
      Naveen Rathnam
      last edited by

      Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?

      kindly provide confirmation.

      PeterJonesP 1 Reply Last reply Reply Quote 1
      • PeterJonesP Online
        PeterJones @Naveen Rathnam
        last edited by PeterJones

        @Naveen-Rathnam said in Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?:

        Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?

        Those that are worried “am I vulnerable” should really read the official announcement and this existing post rather than ask a new question.

        No official binaries were affected by this issue. It was a website issue – the hack allowed them to send false responses when the Notepad++ updater (called “wingup” or “gup.exe”) asked the website where the download file was – it is the response from the website to this query from wingup that was affected (*), not the links on the HTML pages of the website, and not the files on the GitHub servers.

        But the files on GitHub are all 100% what was intentended to be posted and published, and if you downloaded from there, there is no difficulty.

        kindly provide confirmation.

        Considering that the official announcement said, and I quote, “the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself”, that information was already provided. But I’ve said it in a different way here, in hopes that you will be able to understand what has already been said.

        –
        *: update: and that was only for a limited number of users – it was a targeted attack; the vast majority of update requests, even using the wingup updater, were not affected.

        1 Reply Last reply Reply Quote 2
        • PeterJonesP Online
          PeterJones
          last edited by

          See the FAQ, which has the best summary I can make, as of 2026-Feb-04; if new information is available, the FAQ will be updated. ALL followups/discussions must go in Topic: autoupdater and connection to temp.sh. This tangent is LOCKED.

          1 Reply Last reply Reply Quote 0
          • PeterJonesP PeterJones locked this topic on

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          • First post
            Last post
          The Community of users of the Notepad++ text editor.
          Powered by NodeBB | Contributors