Notepad++ has adopted a “double-lock” design for its replace mechanism to handle just lately exploited safety gaps that resulted in a supply-chain compromise.
The brand new mechanism landed in Notepad++ model 8.9.2, introduced yesterday, though work on it started in model 8.8.9 with implementing the verification of the signed installer from GitHub.
The second a part of the double-lock system is checking the signed XML from the notepad-plus-plus.org area. In observe, which means that the XML file returned from the replace service is digitally signed (XMLDSig).
The mixture of the 2 verification mechanisms provides to a extra sturdy “and successfully unexploitable” replace course of, says the workforce behind the massively common open-source textual content and supply code editor.
Further security-oriented adjustments utilized to the auto-updater embody:
- Elimination of libcurl.dll to remove DLL side-loading threat
- Elimination of two unsecured cURL SSL choices: CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE
- Restriction of plugin administration execution to packages signed with the identical certificates as WinGUp
The brand new announcement additionally notes that customers can exclude the auto-updater throughout UI set up or deploy the MSI package deal with: msiexec /i npp.8.9.2.Installer.x64.msi NOUPDATER=1
.jpg)
Supply: Notepad++
Earlier this month, Notepad++ and Rapid7 researchers disclosed that the replace infrastructure was compromised in a six-month-long marketing campaign attributed to Lotus Blossom, a menace group linked to China.
Beginning in June 2025, the dangerous actor compromised the internet hosting supplier that ran the Notepad++ updater and selectively redirected replace requests from particular customers to malicious servers.
The assaults exploited weak replace verification controls utilized in older variations of the software program, and continued till their discovery on December 2, 2025.
Rapid7’s evaluation revealed that the Chinese language hackers used a customized backdoor referred to as “Chrysalis” as a part of the assault chain.
Aside from the newly launched safety measures, the undertaking instantly switched to a distinct internet hosting supplier, rotated credentials, and glued flaws exploited within the found assaults.
The advisable motion for all Notepad++ customers is to improve to model 8.9.2, and make sure that installers are all the time downloaded from the official area, notepad-plus-plus.org.
Fashionable IT infrastructure strikes quicker than handbook workflows can deal with.
On this new Tines information, learn the way your workforce can scale back hidden handbook delays, enhance reliability via automated response, and construct and scale clever workflows on prime of instruments you already use.
