From 339d7c0c9f10f7c65cd17e1f29611222a945b9da Mon Sep 17 00:00:00 2001 From: Bob Arnson Date: Fri, 22 Mar 2024 20:05:07 -0400 Subject: [PATCH] Notes for 5.0.0-rc.2, v4.0.5, and v3.14.1. --- src/Docusaurus/docs/releasenotes.md | 17 ++++++++++++++--- src/Docusaurus/docs/tools/wixext/index.md | 4 ++-- ...024-03-08-wix-security-releases-available.md | 3 +++ 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 src/Docusaurus/news/2024-03-08-wix-security-releases-available.md diff --git a/src/Docusaurus/docs/releasenotes.md b/src/Docusaurus/docs/releasenotes.md index aaa252c6..b39e8d73 100644 --- a/src/Docusaurus/docs/releasenotes.md +++ b/src/Docusaurus/docs/releasenotes.md @@ -21,7 +21,14 @@ WiX v5 marks the first of our annual releases. We intentionally made WiX v5 high [Read more about them in `WiX v5 for WiX v4 users`.](fivefour/index.md) -WiX v5.0.0-rc.1 was released on 8-March-2024. WiX v5.0.0 is scheduled for release on 5-April-2024, the 20th anniversary of the first open-source release of WiX. + +### WiX v5 releases + +WiX v5.0.0 is scheduled for release on 5-April-2024, the 20th anniversary of the first open-source release of WiX. + +- WiX v5.0.0-rc.2 was released on 22-March-2024. It contains [fixes for a small number of bugs](https://github.com/wixtoolset/issues/milestone/24?closed=1) and for security vulnerabilities that FireGiant also fixed in WiX v3.14.1 and WiX v4.0.5. For details, see [the FireGiant blog post](https://www.firegiant.com/blog/2024/3/22/wix-security-releases-available-redux/), [the first security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg), and [the second security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r). +- WiX v5.0.0-rc.1 was released on 8-March-2024. + ### Contributors @@ -44,9 +51,9 @@ Here are the people who contributed to WiX v5: - [@mwileczka](https://github.com/wixtoolset/Harvesters/commits?author=mwileczka) -## WiX v4.0.4 {#v4} +## WiX v4.0.5 {#v4} -WiX v4.0.4 mitigates a Windows DLL redirection vulnerability in Burn. All versions of WiX are affected by this vulnerability. We recommending upgrading to this version as soon as possible. +WiX v4.0.5, released on Friday, 22-Mar-2024, contains fixes for two security vulnerabilities. All versions of WiX are affected by this vulnerability. We recommending upgrading to this version as soon as possible. For details, see [the FireGiant blog post](https://www.firegiant.com/blog/2024/3/22/wix-security-releases-available-redux/), [the first security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg), and [the second security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r). ### Platforms @@ -139,6 +146,10 @@ wix --version ## Previous WiX v4 releases +> WiX v4.0.4 was released Tuesday, 6-Feb-2024 + +WiX v4.0.4 mitigates a Windows DLL redirection vulnerability in Burn. All versions of WiX are affected by this vulnerability. We recommending upgrading to this (or a later) version as soon as possible. + > WiX v4.0.3 was released Monday, 13-Nov-2023 WiX v4.0.3 is a maintenance release of WiX v4 that [fixes a small number of even smaller bugs](https://github.com/wixtoolset/issues/milestone/23?closed=1). diff --git a/src/Docusaurus/docs/tools/wixext/index.md b/src/Docusaurus/docs/tools/wixext/index.md index 20fc0a70..a193e669 100644 --- a/src/Docusaurus/docs/tools/wixext/index.md +++ b/src/Docusaurus/docs/tools/wixext/index.md @@ -63,8 +63,8 @@ You might need to specify a version for WiX extension packages (such as when the ```xml - - + + ``` diff --git a/src/Docusaurus/news/2024-03-08-wix-security-releases-available.md b/src/Docusaurus/news/2024-03-08-wix-security-releases-available.md new file mode 100644 index 00000000..15c3b8d7 --- /dev/null +++ b/src/Docusaurus/news/2024-03-08-wix-security-releases-available.md @@ -0,0 +1,3 @@ +# WiX Toolset security releases available + +FireGiant has fixed two security vulnerabilities in WiX v3.14.1, WiX v4.0.5, and WiX v5.0.0-rc.2. For details, see [the FireGiant blog post](https://www.firegiant.com/blog/2024/3/22/wix-security-releases-available-redux/), [the first security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg), and [the second security advisory](https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r).