winmerge icon indicating copy to clipboard operation
winmerge copied to clipboard

Published 20 hours ago verified publisher icon WinMerge

Does winmerge provide any updates of any security updates or security attacks

Open fernandes1021 opened this issue 3 years ago • 5 comments

I am planning to use WinMerge at my firm, the concern that our security team has of winmerge providing any security updates or security hacks.

fernandes1021 avatar May 16 '22 10:05 fernandes1021

WinMerge has never been released in the form of a security update. WinMerge is scheduled to be released on a three-month cycle. Unless there is a serious bug, it will be released in this cycle.

sdottaka avatar May 16 '22 11:05 sdottaka

Hi Takashi Sawanaka, If there are security vulnerabilities in the software, are the users of winmerge notified. Like the one we had for log4j

Thanks Hill

fernandes1021 avatar May 16 '22 14:05 fernandes1021

@fernandes1021

Hi Hill,

Please see https://github.com/WinMerge/winmerge/discussions/1083

Gitoffthelawn avatar May 16 '22 22:05 Gitoffthelawn

If there are security vulnerabilities in the software, are the users of winmerge notified.

The release notes state that vulnerabilities and bug fixes have been made. (https://github.com/WinMerge/winmerge/releases)

You can be notified that WinMerge has been released by clicking the Watch button at the top right of https://github.com/WinMerge/winmerge/.

image

sdottaka avatar May 17 '22 12:05 sdottaka

@sdottaka BTW, I haven't seen any repos actually use the functionality yet, but you can now issue specific security alerts that are automatically issued to everyone who checks that "Security alerts" checkbox.

Gitoffthelawn avatar May 18 '22 05:05 Gitoffthelawn