WiX Online Meeting #95 Highlights

Well, the wish for a boring week didn't quite come true. In addition to the nicely normal triage, we talked a bit about the WiX v3.10.2 security update and the (unfortunate) need for a WiX v3.10.3 soon.

WiX v3.10.2 update

We released WiX v3.10.2 as planned on 20-January. You can read the announcement and details on Setup Matters and download the release.

Unfortunately, users have reported two bugs since the release: managed-code bootstrapper applications that use WinForms crash and the /layout switch without an explicit destination directory downloads files to the clean room directory instead of the original bundle directory.

@jchoover helpfully provided a fix for the /layout bug. The WinForms issue, we’re told by Microsoft, is a bug in GDI+ when using SetDefaultDllDirectories, an important mitigation of the Windows vulnerability WiX v3.10.2 provides. WinForms and, likely, a native bootstrapper application that uses GDI+ to manage fonts expose this GDI+ bug. (WixStdBA uses old-school GDI for font management, so isn’t affected by this bug.)

Both bugs are serious enough that we agreed a new release is necessary. However, we don’t currently have enough information to know how (or even whether) it’s possible for Burn to work around the GDI+ bug. Until we know more, we agreed to wait in the hopes we can quickly provide a workaround and package it and the /layout bug fix in a WiX v3.10.3.

We’ll provide updates as we learn more.

Issue triage

We closed a few issues that we’d kept open for the reporter to provide needed information. Reporter can reopen issues but after a few weeks, we move issues out of the triage bucket if we can’t make any headway on them.

warning MSB3277: Found conflicts between different versions of the same dependent assembly #5186 reports a set of build-time warnings in WiX itself. @BMurri reported the issue and provided pull requests to fix it in both WiX v3.11 and WiX v4.0 which we merged.
Property related crash when loading WiX project in Visual Studio #5187 is a Votive bug similar to Votive thinks BindInputPaths are content #4493 in Votive’s support for non-relative item groups. We took it in WiX v3.x.
Unable to cast object of type ‘Microsoft.Tools.WindowsInstallerXml.VisualStudio.WixFileNode’ to type ‘Microsoft.VisualStudio.Package.FolderNode’. #5188 is another Votive bug. We asked for a bit more information but took the bug in WiX v3.x in the meantime.
Add a MultiInstance attribute to the MajorUpgrade element #5189 requests support for multi-instance major upgrades. Because of the breadth of the likely change, we took this as a request for WiX v4.0.
Problem with VS2013 and WiX 3.8 #5190 reported a change in behavior when converting from WiX v3.5 to v3.8. The change is at runtime, so we suggested the user send mail to wix-users.
layout: Default directory broken with clean room implementation. #5193 is the bug mentioned above about the Burn engine /layout switch.