2026-01-26Several regressions were fixed in release 8.9.1: playback of macros that dulicated EOL, no matches found when pasting from Excel into the Find what field, and a regression in the customized context menu where the separator (id=“0”) escapes FolderName submenu. A long-standing bug was also fixed in this version: a single undo reverted multiple changes after macro execution.In addition to the fixed issues mentioned above, this release includes various bug-fixes & a few additional enhancements. Continue reading at the publisher's website.
2025-12-09Some security experts recently reported incidents of traffic hijacking affecting Notepad++. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables.The review of the reports led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary). Continue reading at the publisher's website.
2025-10-07CVE-2025-56383 is one of the most absurd entries we’ve ever seen in the National Vulnerability Database.It’s misclassified under CWE-427: Uncontrolled Search Path Element. Yet the provided POC shows no connection to CWE-427.Notepad++ & its plugins are installed by default in the protected “Program Files” directory, requiring administrator privileges to modify. If an attacker already has those rights, they could replace any system file - so targeting a plugin is pointless. Continue reading at the publisher's website.
2025-08-12There is a critical regression in release v8.8.4. Please use v8.8.5 instead. Continue reading at the publisher's website.
2025-07-09“Sometimes, when one door closes (lack of code signing) in life, another one opens (vulnerability) .” The sentence sumarizes well the situation in the previous version, 8.8.2.There were - and still are - many false-positives reported in the previous version v8.8.2, by the antivirus software due to the absence of Windows code signing certificate.To prevent this issue from recurring in future releases, from this version the Notepad++ release is signed with a certificate issued by a self-signed Certificate Authority (CA). Continue reading at the publisher's website.