Bump Sparkle version to 2.6.4 in security & reliability

sparkle-project · Jul 1, 2024 · 0c5a92b · 0c5a92b
1 parent 3dc83d0
commit 0c5a92b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/documentation/security-and-reliability/index.md b/documentation/security-and-reliability/index.md
@@ -9,7 +9,7 @@ These are a list of *major* security and reliability improvements in Sparkle, or
 
 | Version         | Changes                                                                                                                                  |
 | --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
-| 2.6.3           | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
+| 2.6.4           | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
 | 2.5.2           | Fixes a rare corruption issue resulting in missing files in the installed bundle, which Gatekeeper may reject ([#2479](https://github.com/sparkle-project/Sparkle/pull/2479)). Adopts macOS 14 Sonoma's cooperative app activation APIs instead of using `-[NSApplication activateIgnoringOtherApps:]` which was deprecated in macOS 14 (mainly impacts background/dockless running apps) ([#2409](https://github.com/sparkle-project/Sparkle/pull/2409)). Fixes updates not installing when executed from a Sparkle CLI utility as root (sudo) user on macOS 14 Sonoma (impacts few out-of-app updaters) ([#2432](https://github.com/sparkle-project/Sparkle/pull/2432)).  |
 | 2.4.2           | Fixes `NSKeyedUnarchiver` decoding warning of appcast item that contains delta updates ([#2383](https://github.com/sparkle-project/Sparkle/pull/2383)). Hardens verification of passing the update's download to Sparkle's Autoupdate helper ([#2392](https://github.com/sparkle-project/Sparkle/pull/2392)). |
 | 2.2.2           | Deprecates the `-s` flag to `generate_appcast` and `sign_update` for passing the private EdDSA key as a command line argument which is insecure ([#2170](https://github.com/sparkle-project/Sparkle/pull/2170)). Please use the Keychain, or pass the key as standard input in CI environments when using `--ed-key-file -` instead. Run these tools with `-h` for further information. |