We delayed the meeting we were supposed to have on 30-Jan that was also supposed to be when we shipped WiX v5.0.0-rc.1. We did not delay the meeting because we're behind schedule on WiX v5.0.0-rc.1. Well, to clarify, we didn't delay the meeting only because we're behind schedule on WiX v5.0.0-rc.1. We also had a security issue reported against WiX and those delightful and dedicated folks at FireGiant were kind enough to sponsor Rob and me to mitigate the issue and prepare new releases. Read on for details.

WiX v4.0.4 and v3.14 security releases

An attacker could use Windows DLL redirection behavior to escalate privileges using a Burn bundle. All versions of WiX are affected and we recommending upgrading to WiX v4.0.4 or v3.14 as soon as possible. For details, see the security release blog post.

WiX v5 release plan

Because Rob and I were tied up most of last week on this issue, progress on WiX v5 naturally trended downward toward zero. Therefore, we're readjusting the WiX v5 schedule (again). Given the nature of the changes, we decided we're comfortable skipping the last scheduled release candidate and moving everything else out. That means the WiX v5 release dates are now:

  • v5.0.0-rc.1 on 27-Feb-2024
  • v5.0.0-rc.2 on 26-Mar-2024
  • v5.0.0 on 5-Apr-2024

Issue triage