Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow disabling of webinstaller files to avoid confusion with actual installers #6575

Merged
merged 4 commits into from
Jan 25, 2022
Merged

fix: Allow disabling of webinstaller files to avoid confusion with actual installers #6575

merged 4 commits into from
Jan 25, 2022

Conversation

devinbinnie
Copy link
Contributor

This PR allows the disabling of web installer files for electron-updater when it is only expected that a full installer should be downloaded.

This prevents a potential flaw in which an attacker using a webinstaller could serve a package not authorized by the developer to the end-user with malicious code inside.

@changeset-bot
Copy link

changeset-bot bot commented Jan 24, 2022
edited
Loading

🦋 Changeset detected

Latest commit: 233acfc

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
electron-updater Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify
Copy link

netlify bot commented Jan 24, 2022
edited
Loading

✔️ Deploy Preview for car-park-attendant-cleat-11576 ready!

🔨 Explore the source changes: 233acfc

🔍 Inspect the deploy log: https://app.netlify.com/sites/car-park-attendant-cleat-11576/deploys/61f02f866cebba0008d9dce9

😎 Browse the preview: https://deploy-preview-6575--car-park-attendant-cleat-11576.netlify.app

@mmaietta
Copy link
Collaborator

mmaietta commented Jan 24, 2022
edited
Loading

Please also add a .changeset file for this PR via pnpx changeset. Seems like it should be a major bump if we do default disableWebInstaller to true (completely fine since we're in a v23-alpha so we can include breaking changes)

@mmaietta mmaietta merged commit 5e381c5 into electron-userland:master Jan 25, 2022
@github-actions github-actions bot mentioned this pull request Jan 25, 2022
Merged
@github-actions github-actions bot mentioned this pull request Feb 18, 2022
Merged
@pecanoro pecanoro mentioned this pull request Oct 23, 2023
Merged
59 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmaietta mmaietta mmaietta approved these changes

Assignees
No one assigned
Labels
electron-updater
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@devinbinnie @mmaietta @Willyfrog