Setup Matters

WiX v5.0.0-rc.1, the first release candidate of our first annual release cadence, is now available for your packaging pleasure. Download it, use it -- it's an easy job to switch from WiX v4 -- and report any bugs you discover.

Today is the day we'd scheduled to ship WiX v5.0.0-rc.1. That's not going to happen, unfortunately, but in what is probably a coincidence (but maybe isn't?!), 2024 gives us until the 29th to still ship in February.

There is a Windows DLL redirection behavior that an attacker could use to escalate privileges using a Burn bundle. All versions of WiX are affected by this vulnerability. FireGiant has prepared mitigations for this behavior that we're releasing today in WiX v4.0.4 and WiX v3.14. We recommending upgrading to these versions as soon as possible.

We delayed the meeting we were supposed to have on 30-Jan that was also supposed to be when we shipped WiX v5.0.0-rc.1. We did not delay the meeting because we're behind schedule on WiX v5.0.0-rc.1. Well, to clarify, we didn't delay the meeting only because we're behind schedule on WiX v5.0.0-rc.1. We also had a security issue reported against WiX and those delightful and dedicated folks at FireGiant were kind enough to sponsor Rob and me to mitigate the issue and prepare new releases. Read on for details.

Day six under winter weather watches, warnings, and advisories. Temperatures hover in single digits (°F) and wind chills fall below zero (°F). Reaching toward the back of the pantry for crumbs. On the upside: Plenty of time to work on WiX v5 features because who wants to go outside?!

Welcome to the first WiX Online Meeting of 2024! If years follow the "Star Trek Even-Numbered Movies Are Good" rule, we can expect 2024 to be great, just like other even-numbered years like 2020...oh no.