Notepad++ Update to clean up self-signed certificate remnants

The powerful and popular open-source text editor Notepad++ made headlines in early December, as attackers in Southeast Asia were specifically injecting malware to victims, partly due to the use of self-signed certificates. The programmer quickly released an update to fix vulnerabilities in the updater. Now, another update is tackling the last remnants of the errors.

In the version announcement, Notepad++ developer Don Ho writes that despite the larger version jump to 8.9, it is not a major update. However, it addresses regressions in development and adds improvements. With this version, the self-signed certificate is finally no longer used; Notepad++ now only uses the official GlobalSign certificate to sign release binaries. He advises users who have installed the self-signed certificate in the past to definitely remove it now.

Security messages in log files

If Notepad++ detects security errors during the update process, it now creates a log file for them. For example, if the automatic updater aborts due to a signature or certificate check error, affected users can find details in "%LOCALAPPDATA%\Notepad++\log\securityError.log". They can report encountered errors in the Notepad++ Issue Tracker and receive assistance if necessary, Ho writes.

In addition to this security improvement and regression fixes, Ho has added several other minor corrections in version 8.9. Don Ho has listed them on the download page for Notepad++. Currently, interested parties must download and install the update manually. If no critical errors occur in the coming days, Ho intends to release the new version for the automatic updater, he adds in the version post in the Notepad++ community – users should report any errors there if necessary.

(dmk)