mkruntest identified libcurl version 7.79.1-DEV in the latest version of NP++ (v8.4.9)

per curls website (https://curl.se/) v7,88.0 is the latest available and should mitigate the vulnerabilities identified here (https://curl.se/docs/vuln-7.79.1.html)

Is it possible for development to upgrade and test libcurl to the latest verion within NP++ to mitigate all open vulnerabilities?

Thank you
Please have a great day

@donho, there's another user who just reported this in the Community, and included that it's specifically CVE-2023-32001 that is at issue.

So my reply here is a "ping" to remind you that it's still open. :-)

addendum: also, if this issue is fixed/closed, then the original notepad-plus-plus/notepad-plus-plus#13139 should also be closed

111f0de

@donho,

When I was looking into https://community.notepad-plus-plus.org/topic/25136/libcurl-cve-2023-38545-in-updater , I was surprised to see that the user still got libcurl 7.79.1, since this closed issue said that libcurl was updated to v8.2.1 months ago.

However, I just checked the Notepad++ v8.5.8 installer, and the updater\libcurl.dll that is in the most recent installer still says that it's 7.79.1.

Did this wingup commit not get propagated to the Notepad++ installer? Or something else?

@pryrt
You're right about it.
After checking the release process, I cannot find the the reason of this bad deployment.
Anyway, I will check it more carefully in the future.
Thank you for your heads up.

2dfffa9

And for the record, I have independently confirmed that the v8.6 RC does indeed correctly ship with libcurl 8.4, which thus fixes both this and #50. :-)

Again, thank you for the fix.

Thank you @pryrt for letting me know this issue!