2.7.0-beta.1

Changes:

• Unarchiver / validation improvements (Zorg)
  • Remove old checksum verification checks for dmg archives to improve extraction speed (#2568) (Zorg)
  • Skip extracting auxiliary files and improve extraction progress for disk images (#2569) (Zorg)
  • Improve robustness around extracting dmg's with passwords (#2627, #2571) (Zorg)
  • Randomize the download archive name the installer extracts/executes (#2584) (Zorg)
  • Retry extracting zip file without piping if extraction fails to workaround bug prior to macOS 15 (#2616) (Zorg)
  • Add opt-in SUVerifyUpdateBeforeExtraction option to force verification of updates before extraction (#2667) (Zorg)
  • Add support for extracting Apple Archives (.aar files; requires SUVerifyUpdateBeforeExtraction, macOS 10.15+) (#2586, #2588, #2590) (Zorg)
  • Don't allow removal of signing keys more strictly (#2647) (Zorg)
• Add new BinaryDelta format (version 4) (Zorg)
  • Preserve bundle creation date when creating and applying delta updates (#2583) (Zorg)
  • Use faster crc32 hashes for binary delta version 4 (#2638) (Zorg)
  • Make binary delta version 4 the default (#2668) (Zorg)
• Language / layout improvements
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Add baseline alignment to status text in SUStatus dialog (#2587) (Eitot)
  • Make horizontal hugging priority required for status text field (#2614) (Zorg)
  • Adjust the layout of anonymous system profile info to align better with the rest of the panel's UI (#2564) (Daniel Jalkut)
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Internationalize system profile display keys (#2577) (Zorg)
  • Update hebrew locale and add right-to-left characters (#2573, #2576, #2578, #2579) (Shlomo)
  • Update localisations for Dutch and German (#2582) (Eitot)
  • Add unlocalized strings in Japanese (#2589) (1024jp)
  • Fix typo in LICENSE (#2648) (fujisoft)
• Deprecate custom version comparators (#2639) (Zorg)
• Skip preflight update check in sparkle-cli if user is root (#2645) (Zorg)
• Avoid assert/crash when app is moved before update alert shows (#2658) (Zorg)
• Use default NSURLRequest timeoutInterval for the downloader (currently 60s) (#2673) (Zorg)
• Fix process substitution failing to work for providing the private key as file argument (#2615) (Zorg)
• Improve unable decode private key error messages in generate_appcast (#2675) (Zorg)
• Clarify that default channel must be in allowed channels set in API documentation (#2676) (Zorg)
• Call update permission prompt delegate method only when needed (#2622) (Zorg)
• Resolve duplicate class definitions from BinaryDelta, Sparkle Test App, and unit tests (#2570, #2629) (Zorg)

This release includes unarchiver/validation and localization/layout improvements.

This update also introduces a new format for delta updates. If you don’t use generate_appcast, please check the compatibility notes for creating delta updates.

2.6.4

Changes:

• Fix app modification prompt from appearing when downloaded update overrides NSUpdateSecurityPolicy (#2593)

If your app overrides NSUpdateSecurityPolicy and doesn't require a custom policy, please consider removing it.

Please also check 2.6.3, 2.6.2 - Important security fix, and 2.6.0 Further Sonoma Improvements for previous changes.

2.6.3

Changes:

• Guard update timer update check against sessionInProgress to fix rare crash when checking for updates (#2561) (Zorg)
• Remove extra writeData: call when unarchiving disk images (#2562) (Zorg)
• Ignore crashes due to SIGPIPE in generate_appcast when failing to extract zip files (#2563) (Zorg)

Please also see 2.6.2 - Important security fix and 2.6.0 Further Sonoma Improvements for previous changes.

Sparkle 1.27.3 - Important security fix

Changes:

• Create and use temp extraction directory in generate_appcast again (#2556) (Zorg)

This release contains a security fix backported from 2.6.2. This is the same as 1.27.2 except it contains a bug-fix to generate_appcast.

The minimum system requirements for this release is still macOS 10.9.

2.6.2 - Important security fix + generate_appcast fix

This is the same as 2.6.1 - Important security fix except it includes a bug fix for generate_appcast (#2555) where archives may have not been able to unarchive.

2.6.1 - Important security fix

This update fixes a vulnerability that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle’s (Ed)DSA signing checks (#2550). Apps that serve updates over HTTPS (most if not all apps) are not immediately impacted because the server hosting the update (or a CA) needs to first be compromised for an attacker to exploit this issue. Updating Sparkle with this fix ASAP is still strongly recommended however because an important security layer can be bypassed.

All older versions of Sparkle are affected by this bug. This fix is back ported to 1.27.3 for Sparkle 1. For older versions of Sparkle 2, a 2.2.x branch is available which is based on 2.2.2.

Please check the Discussions topic for this release for more details or follow up.

Update: generate_appcast may not work for certain archive types (#2554) in 2.6.1. This is fixed in 2.6.2.

Overall changes in 2.6.1:

• Extract archives in a separate directory from the input archive and fixes a security vulnerability (#2550) (Zorg)
• Fix the release notes WebKit view not updating background when transitioning from light to dark mode (#2542) (Zorg)
• Add NN (Norwegian Nynorsk) locale (#2532) (Sjur N Moshagen, Zorg)
• Create tar.xz files with built-in tar and remove bzip2 fallback for creating a release distribution (#2535) (Zorg)
• Add fallback in case SULocalizedStringFromTableInBundle() fails (#2533) (Zorg)
• Remove assert on download response being available fixing rare crash (#2547) (Zorg)
• Clarify when authoriation prompt may show in SPUUserDriver documentation (#2531, #2534) (Zorg)
• Fix typos in codebase (#2537) (Viktor Szépe)

1.27.2 - Important security fix

Changes:

• Extract archives in a separate directory from the input archive and fixes a security vulnerability (#2552) (Zorg)
• Fix incorrect xz log warning in make release (#2044) (trss)

This release contains a security fix backported from 2.6.1.

The minimum system requirements for this release is still macOS 10.9.

Note: this release is not available for CocoaPods yet (because I need to first fetch an old macOS/Xcode setup).

2.6.0 Further Sonoma Improvements

Changes:

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings about “Downloader” differing from previously opened versions (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers if they serve the wrong update file (#2471) (Zorg)
• Prevent app modification warnings from external updaters (like sparkli-cli) by improving installation (#2516) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Eitot)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

This update is recommended for sandboxed apps that enable Sparkle's Downloader XPC Service because it fixes a bug where an app may show a "Downloader" differing from previously opened versions prompt warning. The sandboxing guide for the Downloader Service and Code Signing has been updated.

For users running macOS 14.4 or later, a Gatekeeper scan is performed on the new update before installing it, which may skip a "Verifying.." dialog when relaunching the app.

Discussion

2.6.0-beta.2

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers if they serve the wrong update file (#2471) (Zorg)
• Prevent app modification warnings from external updaters (like sparkli-cli) by improving installation (#2516) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Eitot)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

The Downloader XPC Service is no longer sandboxed by default. If you use this service, please check the updated sandboxing guide.

For users running macOS 14.4 (beta) or later, a Gatekeeper scan is performed on the new update before installing it.

Discussion.

2.6.0-beta.1

Changes:

• Perform Gatekeeper scan to pre-warm app launch (#2505) (Zorg)
• Disable sandboxing for the Downloader XPC service by default to fix downloader prompt warnings (#2511) (Zorg)
• Store private seed as the secret for newly generated keys (#2472) (Zorg)
• Improve signing error message to developers (#2471) (Zorg)
• Update Korean localization (#2504) (CheolHyun Mun)
• Use $PROJECT_DIR instead of $SRCROOT (#2489) (Zorg)
• Set Package.swift minimum deployment to macOS 10.13 (#2481) (Zorg)
• Fix false positive analyzer warning about resumableUpdate type (#2454) (Zorg)

The Downloader XPC Service is no longer sandboxed by default. If you use this service, please check the updated sandboxing guide.

For users running macOS 14.4 (beta) or later, a Gatekeeper scan is performed on the new update before installing it.