Continue reading at the publisher's website.

2026-06-04台灣繁體The “Tank Man” in the picture above is known world-wide - except in China, where 1.4 billion people have been prevented from learning about him. The image was also censored by Microsoft’s search engin Bing on June 4, 2021, the anniversary of the Tiananmen Square crackdown.37 years later, the same government resposible for the killings still dominates the country, controling information, suppressing dissent, and keeping the population under strict political oversight. Continue reading at the publisher's website.

2026-06-04English version上方照片中的「坦克人」在全球象徵著個體對抗暴政的勇氣—— 但在中國境內，十四億人卻被刻意剝奪了認識他的權利。 甚至在 2021 年 6 月 4 日，這張照片還曾被微軟的 Bing 搜尋引擎短暫審查屏蔽（來源）， 顯示出即使在國際網路空間，真相也可能被力量壓制。三十七年過去了。 當年在天安門向人民開槍的政權依然存在，依然掌握著國家機器，依然以資訊封鎖、思想審查與制度性恐懼來維持統治。 歷史沒有被平反，責任沒有被追究，真相沒有被允許流通。 唯一改變的，是壓制的技術更精密、監控的範圍更全面、人民的沉默更被制度化。「坦克人」之所以被抹去，不是因為他不重要，而是因為他太重要。 他象徵著一個政權最害怕的東西： 一個普通人願意站出來說「不」。當一張照片能讓政府恐懼到必須消失它， 那張照片所揭露的，不只是歷史， 更是今日仍然持續的現實。The v8.9.6.4 release addressed a TOCTOU (Time-of-check to time-of-use) issue in the HMAC implementation introduced in v8.9.6.2.The full list of improvements from v8.9.4 to v8.9.6.4, along with the v8.9.6.4 download links, is available here: Regression and critical bug report here: https://community.notepad-plus-plus.org/topic/27562/notepad-release-8.9.6.4Do more to stop war - keep helping Ukraine Donate to Ukraine Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-05-31The v8.9.6.2 release fixes a bypass scenario in the previously addressed vulnerability (CVE-2026-48800) that was not fully resolved. The updated implementation ensures the ingredity of shortcuts.xml, while reducing user disruption.The full list of improvements from v8.9.4 to v8.9.6.2, along with the v8.9.6.2 download links, is available here: Regression and critical bug report here: https://community.notepad-plus-plus.org/topic/27554/notepad-release-8.9.6.2Do more to stop war - keep helping Ukraine Donate to Ukraine Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-05-26The v8.9.6.1 release fixes 3 vulnerabilites: A crash caused by any malformed structure (CVE-2026-48770) An arbitrary code execution issue via config.xml files (CVE-2026-48778) An arbitrary code execution issue via shortcuts.xml files (CVE-2026-48800). The full list of improvements from v8.9.4 to v8.9.6.1, along with the v8.8.6.1 download links, is available here: Regression and critical bug report here: https://community.notepad-plus-plus.org/topic/27548/notepad-release-8.9.6.1Do more to stop war - keep helping Ukraine Donate to Ukraine Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-05-21The installer vulnerability affecting v8.9.4 & v8.9.5 (CVE-2026-46710) is fixed in this release. Several other installer-related regressions have also been addressed in version 8.9.5.The full list of improvements for version 8.9.6, along with the download link, is available here: Regression and critical bug report here: https://community.notepad-plus-plus.org/topic/27540/notepad-release-8.9.6Do more to stop war - keep helping Ukraine Donate to Ukraine Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-05-112 installer regressions were fixed in this releaase: Fix updating issue where using v8.9.4 32-bits installer creates duplicate “Uninstall a program” entries. Fix v8.9.4 64-bits installer error message caused by MSIX on Win10. More bugs have been resolved and a few new improvements have been added in the 8.9.5 release.The full list of improvements for version 8.9.5, along with the download link, is available here: Continue reading at the publisher's website.

2026-05-05The trademark infringement issue has now been resolved. The author of the website and project in question has removed all uses of the Notepad++ trademark from his product, website, and related materials. The unauthorized references have been taken down, and the trademark infringement is no longer ongoing.Here is an example of the kind of emails I’ve being recieving from some users over the past 3 days:I think some points need to be clarified. Continue reading at the publisher's website.

2026-05-01Several users have recently reported a website pretending to offer an official macOS version of Notepad++: notepad-plus-plus-mac.orgLet me be blunt: This site has absolutely nothing to do with Notepad++. It’s not authorized, not endorsed, and not affiliated with the project in any way.The owner is using the Notepad++ trademark (the name) without permission; and even goes as far as placing my name and biography on the site to make it look legitimate. Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-04-263 crash issues were fixed in this releaase: Fix crashes in FindInFiles when nativeLang.xml’s “find-result-hits” contains “%s”. (CVE-2026-3008 & CVE-2026-6539) Fix drop-file crash when file path length reaches 259 characters. Fix crash caused by undoing column editor bad input in virtual space. More bugs have been resolved and a few new improvements have been added in the 8.9.4 release.The full list of improvements for version 8.9.4, along with the download link, is available here: Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-03-26In order to improve the performance of reading & writing Notepad++ configuration files, the migration of a new XML parser (pugixml) has been carried out over several versions, and it is now completed in this release. Several regressions detected in previous versions, caused by the XML parser migration, have also been fixed.A security issue CVE-2025-14819 has been fixed in the release.Some bugs have been resolved and a few new improvements have been added in the 8. Continue reading at the publisher's website.

2026-02-16“the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.“ As promised in the announcement Notepad++ Hijacked by State-Sponsored Hackers, this release strengthens the weakest links in Notepad++ update process.Below is an illustration of how the Notepad++ update mechanism was previously hijacked: With security enhancements introduced in v8. Continue reading at the publisher's website.

Continue reading at the publisher's website.

2026-02-05After the publication of Notepad++ Hijacked by State-Sponsored Hackers, we’ve received many questions from concerned users. Here’s what you need to know:What Was Actually Compromised? Notepad++ itself was NOT hacked. The issue was with the auto-updater component (WinGup), which was exploited through a compromise of our former hosting provider’s infrastructure. The Notepad++ application you’ve been using remains safe and secure.Who Was Targeted? This was a highly selective attack by a state-sponsored group targeting specific high-value organizations. Continue reading at the publisher's website.