Sparkle Framework vulnerability - does it affect Sequel pro?

[Jean-Yves]

According to Vulnsec, Sequel Pro is listed as one of the apps using the Sparkle framework: a man in the middle attack vector has been identified with this, so I was just wondering whether the SP devs could shed some light on the status of the app? If it's vulnerable, will an interim security fix version of SP be released that uses the patched version of Sparkle?

https://vulnsec.com/2016/osx-apps-vulnerabilities/

In the meantime, I've switched off the auto-update checking.

[Rowan Beentje]

Hi Jean-Yves,

If you’ve disabled auto-update it might be good to run an update manually then (if you didn’t already get the fix):

http://www.sequelpro.com/blog/2016.01/security-update-1-1-0-1/

Rowan

> --
> You received this message because you are subscribed to the Google Groups "Sequel Pro" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sequel-pro+...@googlegroups.com.
> To post to this group, send email to seque...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sequel-pro.
> For more options, visit https://groups.google.com/d/optout.

[Jean-Yves]

Ah, I didn't realise that patch was for that - I should have done. Many thanks for the clarification Rowan :)