The second release candidate of WiX v5 is now available. It contains a small number of (also small) bug fixes -- and includes fixes for the security vulnerabilities we announced today.
Read moreLate last week we were very happy to announce that WiX v5.0.0-rc.1 had been released -- and today, we triaged a handful of issues from users who jumped on it and are helping us prove that WiX v5 is, after some fixes, at least, is going to be a great release. To look at our release plan and peek at the issues so far uncovered, read on.
Read moreWiX v5.0.0-rc.1, the first release candidate of our first annual release cadence, is now available for your packaging pleasure. Download it, use it -- it's an easy job to switch from WiX v4 -- and report any bugs you discover.
Read moreToday is the day we'd scheduled to ship WiX v5.0.0-rc.1. That's not going to happen, unfortunately, but in what is probably a coincidence (but maybe isn't?!), 2024 gives us until the 29th to still ship in February.
Read moreWe delayed the meeting we were supposed to have on 30-Jan that was also supposed to be when we shipped WiX v5.0.0-rc.1. We did not delay the meeting because we're behind schedule on WiX v5.0.0-rc.1. Well, to clarify, we didn't delay the meeting only because we're behind schedule on WiX v5.0.0-rc.1. We also had a security issue reported against WiX and those delightful and dedicated folks at FireGiant were kind enough to sponsor Rob and me to mitigate the issue and prepare new releases. Read on for details.
Read moreThere is a Windows DLL redirection behavior that an attacker could use to escalate privileges using a Burn bundle. All versions of WiX are affected by this vulnerability. FireGiant has prepared mitigations for this behavior that we're releasing today in WiX v4.0.4 and WiX v3.14. We recommending upgrading to these versions as soon as possible.
Read more