Validating Downloaded Updates with Update.exe (Squirrel Updater) #3740

maoryadin · 2024-10-20T14:33:11Z

Pre-flight checklist

I have read the contribution documentation for this project.
I agree to follow the code of conduct that this project uses.
I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

7.4.0

Electron version

v30.1.2

Operating system

Windows

Last known working Electron Forge version

No response

Expected behavior

The downloaded update should be validated (e.g., by checksum or signature verification) to prevent untrusted or corrupted files from being executed.

Actual behavior

using update.exe from Squirrel to download updates for my application. However, I’ve noticed that update.exe accepts any server URL, and my application will proceed with launching the downloaded update without any validation.

Steps to reproduce

Any guidance on how to set up this validation mechanism would be appreciated.

Additional information

No response

maoryadin changed the title ~~Validating Downloaded Updates with Update.exe (Squirrel Updater) #160~~ Validating Downloaded Updates with Update.exe (Squirrel Updater) Oct 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validating Downloaded Updates with Update.exe (Squirrel Updater) #3740

Validating Downloaded Updates with Update.exe (Squirrel Updater) #3740

maoryadin commented Oct 20, 2024 •

edited

Loading

Validating Downloaded Updates with Update.exe (Squirrel Updater) #3740

Validating Downloaded Updates with Update.exe (Squirrel Updater) #3740

Comments

maoryadin commented Oct 20, 2024 • edited Loading

Pre-flight checklist

Electron Forge version

Electron version

Operating system

Last known working Electron Forge version

Expected behavior

Actual behavior

Steps to reproduce

Additional information

maoryadin commented Oct 20, 2024 •

edited

Loading