Page 1 of 1

Please comment on recent Sparkle vulnerability

Posted: Wed Feb 03, 2016 5:37 am
by yargevad
I'm curious whether an update is necessary to fix any security holes related to this issue. Tunnelblick needed one, so if you guys don't, that's a good differentiator.

Re: Please comment on recent Sparkle vulnerability

Posted: Wed Feb 03, 2016 11:58 am
by James
Hi yargevad,

Viscosity is not affected. It uses HTTPS for all aspects of update checking and downloading.

Only applications using HTTP for update feeds are affected. Nevertheless the latest beta version includes an updated version of the Sparkle framework just to be safe.

Cheers,
James