[Security] Squirrel.Windows-1.9.1 #36
Conversation
|
Hi, I think it won't work because electron-builder is actually using a forked modified version of So, in order to get it working, https://github.com/develar/Squirrel.Windows needs to be forked, the fix should be pulled from upstream and these binaries need to be rebuilt. Alternatively, electron-builder needs to be change to get it working with the "normal" non-hacked version of Squirrel.Windows. TBH, it really sucks that electron-builder uses a forked modified version of |
|
That's unfortunate. We forked this repo and electron builder and so that we could use the 1.9.1 release directly from squirrel.windows and haven't run into any issues yet. It would be nice to know why the squirrel fork was needed in the first place. I'll look into updating the squirrel fork this week. |
|
@nick-invision I have been trying to solve a similar problem, Squirrel.Windows 1.9.0 stopped generating deltas on large files. I ended up forking https://github.com/develar/Squirrel.Windows, setting up CD on github actions and pulling some of fixes from upstream. If you need some inspiration, here's the repo https://github.com/AurorNZ/Squirrel.Windows/tree/v1.x. I am keen to contribute to make it some of the works official and, perhaps, help maintaining Squirrel.Windows for electron. @develar what do you think? |
Squirrel.Windows-1.9.0 and older has a DLL hijacking vulnerability that was fixed here and published as 1.9.1. I understand that electron-builder-squirrel-windows is deprecated as of 1.9.0, but this security fix should at least be resolved in case people have no other reason to migrate off of squirrel.
Files copied directly from Squirrel.Windows.
This will also resolve issue #33