Published May 7, 2021
| Version v1.8.8
Software
Open
Zettlr/Zettlr: Release v1.8.8
Authors/Creators
- Hendrik Erz1
- Tobias Diez
- Wieke
- actions-user2
- Matt Jolly
- Brli
- Gabor Nagy3
- Christian Davén4
- framatophe5
- Jory Schossau6
- A. Kaan7
- Ilya Zverev8
- Ryota Abe
- Asier Illarramendi9
- Matthew Jarvis
- Max Edmands10
- Alessio Montel
- Aidan Hobson Sayers
- Brad Erickson11
- Dilawar Singh
- Frederik Elwert12
- Gabe
- J Webb13
- Jeff George14
- kyaso15
- Ville Kukkonen
- xatier16
- yashha
- 1. @Zettlr
- 2. @actions
- 3. Skyscanner
- 4. Alfa eCare AB
- 5. Framasoft
- 6. Conducto. & Michigan State University
- 7. Main Sequence Technology
- 8. Lyft @lyft
- 9. Mobile Jazz
- 10. @honeycombio
- 11. @udacity
- 12. Ruhr-University Bochum
- 13. Acquia
- 14. SRE at @acquia
- 15. RWTH Aachen
- 16. random.choice('FLAG')
Description
HOTFIX FOR ELECTRON CVEs
This is a hotfix that updates a vulnerable Electron version to a safe one. This is in response to a row of CVEs that have been detected in the source code of Chromium in the past days. With an outdated Electron-version (<12.0.6), it was possible for an attacker to take over your computer via Zettlr using a crafted HTML webpage.
This release fixes Zettlr 1.8.7, which was vulnerable to this kind of attack. It upgrades Electron from a vulnerable 11.x.x-version to the safe version 12.0.6.
DO NO LONGER USE ZETTLR 1.8.7! RELEASES PRIOR TO 1.8.8 MUST BE REGARDED AS UNSAFE!
Files
Zettlr/Zettlr-v1.8.8.zip
Files
(25.4 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:9cc596a97adc763992dae9d8041b2f0f
|
25.4 MB | Preview Download |
Additional details
Related works
- Is supplement to
- https://github.com/Zettlr/Zettlr/tree/v1.8.8 (URL)