<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>News on Notepad&#43;&#43;</title>
    <link>https://notepadorg.com/news/</link>
    <description>Recent content in News on Notepad&#43;&#43;</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en-us</language>
    <lastBuildDate>Wed, 03 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://notepadorg.com/news/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Notepad&#43;&#43; v8.9 . 6.4 Tiananmen Massacre Commemoration</title>
      <link>https://notepadorg.com/news/v8964-released/</link>
      <pubDate>Wed, 03 Jun 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v8964-released/</guid>
	  
        <description>2026-06-04
台灣繁體
The &amp;ldquo;Tank Man&amp;rdquo; in the picture above is known world-wide - except in China, where 1.4 billion people have been prevented from learning about him. The image was also censored by Microsoft&amp;rsquo;s search engin Bing on June 4, 2021, the anniversary of the Tiananmen Square crackdown.
37 years later, the same government resposible for the killings still dominates the country, controling information, suppressing dissent, and keeping the population under strict political oversight.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.6.2 release</title>
      <link>https://notepadorg.com/news/v8962-released/</link>
      <pubDate>Sat, 30 May 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v8962-released/</guid>
	  
        <description>2026-05-31
The v8.9.6.2 release fixes a bypass scenario in the previously addressed vulnerability (CVE-2026-48800) that was not fully resolved. The updated implementation ensures the ingredity of shortcuts.xml, while reducing user disruption.
The full list of improvements from v8.9.4 to v8.9.6.2, along with the v8.9.6.2 download links, is available here: 
 Regression and critical bug report here: https://notepadorg.com/
Do more to stop war - keep helping Ukraine Donate to Ukraine</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.6.1 release</title>
      <link>https://notepadorg.com/news/v8961-released/</link>
      <pubDate>Tue, 26 May 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v8961-released/</guid>
	  
        <description>2026-05-26
The v8.9.6.1 release fixes 3 vulnerabilites:
 A crash caused by any malformed structure (CVE-2026-48770) An arbitrary code execution issue via config.xml files (CVE-2026-48778) An arbitrary code execution issue via shortcuts.xml files (CVE-2026-48800).  The full list of improvements from v8.9.4 to v8.9.6.1, along with the v8.8.6.1 download links, is available here: 
 Regression and critical bug report here: https://notepadorg.com/
Do more to stop war - keep helping Ukraine Donate to Ukraine</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.6 release</title>
      <link>https://notepadorg.com/news/v896-released/</link>
      <pubDate>Wed, 20 May 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v896-released/</guid>
	  
        <description>2026-05-21
The installer vulnerability affecting v8.9.4 &amp;amp; v8.9.5 (CVE-2026-46710) is fixed in this release. Several other installer-related regressions have also been addressed in version 8.9.5.
The full list of improvements for version 8.9.6, along with the download link, is available here: 
 Regression and critical bug report here: https://notepadorg.com/
Do more to stop war - keep helping Ukraine Donate to Ukraine</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.5 release</title>
      <link>https://notepadorg.com/news/v895-released/</link>
      <pubDate>Sat, 09 May 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v895-released/</guid>
	  
        <description>2026-05-11
2 installer regressions were fixed in this releaase:
 Fix updating issue where using v8.9.4 32-bits installer creates duplicate &amp;ldquo;Uninstall a program&amp;rdquo; entries. Fix v8.9.4 64-bits installer error message caused by MSIX on Win10.  More bugs have been resolved and a few new improvements have been added in the 8.9.5 release.
The full list of improvements for version 8.9.5, along with the download link, is available here:</description>
      
    </item>
    
    <item>
      <title>Clarification on the Notepad&#43;&#43; Trademark Issue</title>
      <link>https://notepadorg.com/news/clarify-npp-trademark-infringement/</link>
      <pubDate>Tue, 05 May 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/clarify-npp-trademark-infringement/</guid>
	  
        <description>2026-05-05
The trademark infringement issue has now been resolved. The author of the website and project in question has removed all uses of the Notepad++ trademark from his product, website, and related materials. The unauthorized references have been taken down, and the trademark infringement is no longer ongoing.
Here is an example of the kind of emails I&amp;rsquo;ve being recieving from some users over the past 3 days:
I think some points need to be clarified.</description>
      
    </item>
    
    <item>
      <title>Trademark Violation: Fake Notepad&#43;&#43; for Mac</title>
      <link>https://notepadorg.com/news/npp-trademark-infringement/</link>
      <pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/npp-trademark-infringement/</guid>
	  
        <description>2026-05-01
Several users have recently reported a website pretending to offer an official macOS version of Notepad++: notepad-plus-plus-mac.org
Let me be blunt: This site has absolutely nothing to do with Notepad++. It&amp;rsquo;s not authorized, not endorsed, and not affiliated with the project in any way.
The owner is using the Notepad++ trademark (the name) without permission;    and even goes as far as placing my name and biography on the site to make it look legitimate.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.4 release</title>
      <link>https://notepadorg.com/news/v894-released/</link>
      <pubDate>Tue, 21 Apr 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v894-released/</guid>
	  
        <description>2026-04-26
3 crash issues were fixed in this releaase:
 Fix crashes in FindInFiles when nativeLang.xml&amp;rsquo;s &amp;ldquo;find-result-hits&amp;rdquo; contains &amp;ldquo;%s&amp;rdquo;. (CVE-2026-3008 &amp;amp; CVE-2026-6539) Fix drop-file crash when file path length reaches 259 characters. Fix crash caused by undoing column editor bad input in virtual space.  More bugs have been resolved and a few new improvements have been added in the 8.9.4 release.
The full list of improvements for version 8.9.4, along with the download link, is available here:</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.3 release</title>
      <link>https://notepadorg.com/news/v893-released/</link>
      <pubDate>Sat, 21 Mar 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v893-released/</guid>
	  
        <description>2026-03-26
In order to improve the performance of reading &amp;amp; writing Notepad++ configuration files, the migration of a new XML parser (pugixml) has been carried out over several versions, and it is now completed in this release. Several regressions detected in previous versions, caused by the XML parser migration, have also been fixed.
A security issue CVE-2025-14819 has been fixed in the release.
Some bugs have been resolved and a few new improvements have been added in the 8.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.2 release - Double‑Lock Update Security</title>
      <link>https://notepadorg.com/news/v892-released/</link>
      <pubDate>Sun, 15 Feb 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v892-released/</guid>
	  
        <description>2026-02-16
&amp;ldquo;the XML returned by the update server is now signed (XMLDSig), and the certificate &amp;amp; signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.&amp;ldquo; As promised in the announcement Notepad++ Hijacked by State-Sponsored Hackers, this release strengthens the weakest links in Notepad++ update process.
Below is an illustration of how the Notepad++ update mechanism was previously hijacked:
  
With security enhancements introduced in v8.</description>
      
    </item>
    
    <item>
      <title>Important Clarification: Notepad&#43;&#43; Security Incident</title>
      <link>https://notepadorg.com/news/clarification-security-incident/</link>
      <pubDate>Thu, 05 Feb 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/clarification-security-incident/</guid>
	  
        <description>2026-02-05
After the publication of Notepad++ Hijacked by State-Sponsored Hackers, we&amp;rsquo;ve received many questions from concerned users. Here&amp;rsquo;s what you need to know:
What Was Actually Compromised? Notepad++ itself was NOT hacked. The issue was with the auto-updater component (WinGup), which was exploited through a compromise of our former hosting provider&amp;rsquo;s infrastructure. The Notepad++ application you&amp;rsquo;ve been using remains safe and secure.
Who Was Targeted? This was a highly selective attack by a state-sponsored group targeting specific high-value organizations.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; Hijacked by State-Sponsored Hackers</title>
      <link>https://notepadorg.com/news/hijacked-incident-info-update/</link>
      <pubDate>Sat, 31 Jan 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/hijacked-incident-info-update/</guid>
	  
        <description>2026-02-02
Following the security disclosure published in the v8.8.9 announcement https://notepadorg.com/news/v889-released/ the investigation has continued in collaboration with external experts and with the full involvement of my (now former) shared hosting provider.
According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9.1 release</title>
      <link>https://notepadorg.com/news/v891-released/</link>
      <pubDate>Mon, 26 Jan 2026 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v891-released/</guid>
	  
        <description>2026-01-26
Several regressions were fixed in release 8.9.1: playback of macros that dulicated EOL, no matches found when pasting from Excel into the Find what field, and a regression in the customized context menu where the separator (id=&amp;ldquo;0&amp;rdquo;) escapes FolderName submenu. A long-standing bug was also fixed in this version: a single undo reverted multiple changes after macro execution.
In addition to the fixed issues mentioned above, this release includes various bug-fixes &amp;amp; a few additional enhancements.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.9 release: security enhancements</title>
      <link>https://notepadorg.com/news/v89-released/</link>
      <pubDate>Sat, 27 Dec 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v89-released/</guid>
	  
        <description>2025-12-27
Though the version number is major, this release itself is not a major update, and it contains regression-fix &amp;amp; enhancements.
The self-signed certificate is no longer used as of this release. Only the legitimate certificate issued by GlobalSign is now used to sign Notepad++ release binaries. We strongly recommend that users who previously installed the self-signed root certificate remove it.
A log of security errors encountered during Notepad++ updates is now generated automatically.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.8.9 release: Vulnerability-fix</title>
      <link>https://notepadorg.com/news/v889-released/</link>
      <pubDate>Mon, 08 Dec 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v889-released/</guid>
	  
        <description>2025-12-09
Some security experts recently reported incidents of traffic hijacking affecting Notepad++. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables.
The review of the reports led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary).</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.8.8 release</title>
      <link>https://notepadorg.com/news/v888-released/</link>
      <pubDate>Tue, 18 Nov 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v888-released/</guid>
	  
        <description>2025-11-18
I have been in contact with some security experts over the past 2 weeks and have identified a potential hijacking issue in WinGUp, the auto-updater developed for and used by Notepad++. This issue has been addressed in the latest release. Users are encouraged to manually download &amp;amp; upgrade Notepad++ using the official installer.
One of most wanted features - the MSI installer - is now available. It is intended for enterprise IT deployment only and may require iterative refinement to be fully usfull.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.8.7: Authenticity Guaranteed</title>
      <link>https://notepadorg.com/news/v887-released/</link>
      <pubDate>Sat, 18 Oct 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v887-released/</guid>
	  
        <description>2025-10-20
With this release v8.8.7 Notepad++ is now signed by a legitimate certificate issued by GlobalSign. This is a major security milestone, and it should permanently resolve all concerns regarding the authenticity and integrity of Notepad++ releases (which were present since v8.8.2, when the previous certificate expired).
It&amp;rsquo;s been a challenging few months, struggling with administrative hurdles and dealing with certificate authorities to make this happen. Essentially, for an open-source project to obtain a certificate under its name, it must be recognized as a business entity.</description>
      
    </item>
    
    <item>
      <title>v8.8.6 release: Clarifying the CVE-2025-56383 Non-Issue</title>
      <link>https://notepadorg.com/news/v886-released/</link>
      <pubDate>Thu, 02 Oct 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v886-released/</guid>
	  
        <description>2025-10-07
CVE-2025-56383 is one of the most absurd entries we&amp;rsquo;ve ever seen in the National Vulnerability Database.
It&amp;rsquo;s misclassified under CWE-427: Uncontrolled Search Path Element. Yet the provided POC shows no connection to CWE-427.
Notepad++ &amp;amp; its plugins are installed by default in the protected &amp;ldquo;Program Files&amp;rdquo; directory, requiring administrator privileges to modify. If an attacker already has those rights, they could replace any system file - so targeting a plugin is pointless.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.8.5 release</title>
      <link>https://notepadorg.com/news/v885-released/</link>
      <pubDate>Wed, 13 Aug 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v885-released/</guid>
	  
        <description>2025-08-14
This release, like the previous version v8.8.3, is signed with the self-signed certificate. If your antivirus complains that the 8.8.5 version you downloaded here contains a virus or malware, this is likely a false positive. Please report it to the antivirus company.
The release contains several bug fixes &amp;amp; enhancements. You can check the full list of improvements for version 8.8.5 and download it here:  
 Regression and critical bug report here: https://community.</description>
      
    </item>
    
    <item>
      <title>Notepad&#43;&#43; v8.8.4 release</title>
      <link>https://notepadorg.com/news/v884-released/</link>
      <pubDate>Sat, 09 Aug 2025 00:00:00 +0000</pubDate>
      
      <guid>https://notepadorg.com/news/v884-released/</guid>
	  
        <description>2025-08-12
There is a critical regression in release v8.8.4. Please use v8.8.5 instead.</description>
      
    </item>
    
  </channel>
</rss>
