2.6.4

Changes:

• Fix app modification prompt from appearing when downloaded update overrides NSUpdateSecurityPolicy (#2593)

If your app overrides NSUpdateSecurityPolicy and doesn't require a custom policy, please consider removing it.

Please also check 2.6.3, 2.6.2 - Important security fix, and 2.6.0 Further Sonoma Improvements for previous changes.

2.6.3

Changes:

• Guard update timer update check against sessionInProgress to fix rare crash when checking for updates (#2561) (Zorg)
• Remove extra writeData: call when unarchiving disk images (#2562) (Zorg)
• Ignore crashes due to SIGPIPE in generate_appcast when failing to extract zip files (#2563) (Zorg)

Please also see 2.6.2 - Important security fix and 2.6.0 Further Sonoma Improvements for previous changes.

Sparkle 1.27.3 - Important security fix

Changes:

• Create and use temp extraction directory in generate_appcast again (#2556) (Zorg)

This release contains a security fix backported from 2.6.2. This is the same as 1.27.2 except it contains a bug-fix to generate_appcast.

The minimum system requirements for this release is still macOS 10.9.

2.6.2 - Important security fix + generate_appcast fix

This is the same as 2.6.1 - Important security fix except it includes a bug fix for generate_appcast (#2555) where archives may have not been able to unarchive.

2.6.1 - Important security fix

This update fixes a vulnerability that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle’s (Ed)DSA signing checks (#2550). Apps that serve updates over HTTPS (most if not all apps) are not immediately impacted because the server hosting the update (or a CA) needs to first be compromised for an attacker to exploit this issue. Updating Sparkle with this fix ASAP is still strongly recommended however because an important security layer can be bypassed.

All older versions of Sparkle are affected by this bug. This fix is back ported to 1.27.3 for Sparkle 1. For older versions of Sparkle 2, a 2.2.x branch is available which is based on 2.2.2.

Please check the Discussions topic for this release for more details or follow up.

Update: generate_appcast may not work for certain archive types (#2554) in 2.6.1. This is fixed in 2.6.2.

Overall changes in 2.6.1:

• Extract archives in a separate directory from the input archive and fixes a security vulnerability (#2550) (Zorg)
• Fix the release notes WebKit view not updating background when transitioning from light to dark mode (#2542) (Zorg)
• Add NN (Norwegian Nynorsk) locale (#2532) (Sjur N Moshagen, Zorg)
• Create tar.xz files with built-in tar and remove bzip2 fallback for creating a release distribution (#2535) (Zorg)
• Add fallback in case SULocalizedStringFromTableInBundle() fails (#2533) (Zorg)
• Remove assert on download response being available fixing rare crash (#2547) (Zorg)
• Clarify when authoriation prompt may show in SPUUserDriver documentation (#2531, #2534) (Zorg)
• Fix typos in codebase (#2537) (Viktor Szépe)

1.27.2 - Important security fix

Changes:

• Extract archives in a separate directory from the input archive and fixes a security vulnerability (#2552) (Zorg)
• Fix incorrect xz log warning in make release (#2044) (trss)

This release contains a security fix backported from 2.6.1.

The minimum system requirements for this release is still macOS 10.9.

Note: this release is not available for CocoaPods yet (because I need to first fetch an old macOS/Xcode setup).

2.6.0 Further Sonoma Improvements

Changes:

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings about “Downloader” differing from previously opened versions (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers if they serve the wrong update file (#2471) (Zorg)
• Prevent app modification warnings from external updaters (like sparkli-cli) by improving installation (#2516) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Eitot)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

This update is recommended for sandboxed apps that enable Sparkle's Downloader XPC Service because it fixes a bug where an app may show a "Downloader" differing from previously opened versions prompt warning. The sandboxing guide for the Downloader Service and Code Signing has been updated.

For users running macOS 14.4 or later, a Gatekeeper scan is performed on the new update before installing it, which may skip a "Verifying.." dialog when relaunching the app.

Discussion

2.6.0-beta.2

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers if they serve the wrong update file (#2471) (Zorg)
• Prevent app modification warnings from external updaters (like sparkli-cli) by improving installation (#2516) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Eitot)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

The Downloader XPC Service is no longer sandboxed by default. If you use this service, please check the updated sandboxing guide.

For users running macOS 14.4 (beta) or later, a Gatekeeper scan is performed on the new update before installing it.

Discussion.

2.6.0-beta.1

Changes:

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers (#2471) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Zorg)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

The Downloader XPC Service is no longer sandboxed by default. If you use this service, please check the updated sandboxing guide.

For users running macOS 14.4 (beta) or later, a Gatekeeper scan is performed on the new update before installing it.

2.5.2 Release Notes + Sonoma Improvements

Changes:

• Don't clean up update directory when Autoupdate receives SIGTERM to fix a rare corruption issue where the installed bundle could be missing files (#2479) (Zorg)
• Update Japanese localization (#2475) (1024jp)
• Improve Turkish translations (#2464) (Emir SARI)
• Update Spanish translation for 'You are currently running version %@.' and 'Version History' (#2463) (Billy Gray)