Skip to content

Commit 6052ae0

Browse files
zorgiepoozorgiepoo
authored
Update recommendation to use separate feeds instead of sparkle:os (#224)
Also bump latest version to 2.6.3 in security/reliability page.
1 parent 922a8f9 commit 6052ae0

File tree

2 files changed

+5
-9
lines changed

2 files changed

+5
-9
lines changed

documentation/publishing/index.md

+4-8
Original file line numberDiff line numberDiff line change
@@ -478,17 +478,13 @@ func updaterDidNotFindUpdate(_ updater: SPUUpdater, error: Error) {
478478
}
479479
```
480480

481-
## Alternate download locations for other operating systems
481+
## Support for other operating systems
482482

483-
Sparkle is available for [Windows](http://winsparkle.org).
483+
Sparkle is available for other platforms and operating systems. Check out [WinSparkle](https://winsparkle.org) and [NetSparkle](https://netsparkleupdater.github.io/NetSparkle/).
484484

485-
To keep the appcast file compatible with the standard Sparkle implementation, a new tag has to be used for cross platform support. It is suggested to use the following to specify downloads for non macOS systems:
485+
We recommend using separate appcast feeds for macOS and Windows versions of your app.
486486

487-
```xml
488-
<sparkle:enclosure sparkle:os="os_name" ... />
489-
```
490-
491-
Replace _os_name_ with either "windows" or "linux", respectively (mind the lower case!). Feel free to add other OS names as needed.
487+
While there is partial support for having macOS and non-macOS items in the same appcast feed (using a `sparkle:os` attribute in a `sparkle:enclosure` element), it is not recommended.
492488

493489
## API Specification
494490

documentation/security-and-reliability/index.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ These are a list of *major* security and reliability improvements in Sparkle, or
99

1010
| Version | Changes |
1111
| --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
12-
| 2.6.2 | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
12+
| 2.6.3 | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
1313
| 2.5.2 | Fixes a rare corruption issue resulting in missing files in the installed bundle, which Gatekeeper may reject ([#2479](https://github.com/sparkle-project/Sparkle/pull/2479)). Adopts macOS 14 Sonoma's cooperative app activation APIs instead of using `-[NSApplication activateIgnoringOtherApps:]` which was deprecated in macOS 14 (mainly impacts background/dockless running apps) ([#2409](https://github.com/sparkle-project/Sparkle/pull/2409)). Fixes updates not installing when executed from a Sparkle CLI utility as root (sudo) user on macOS 14 Sonoma (impacts few out-of-app updaters) ([#2432](https://github.com/sparkle-project/Sparkle/pull/2432)). |
1414
| 2.4.2 | Fixes `NSKeyedUnarchiver` decoding warning of appcast item that contains delta updates ([#2383](https://github.com/sparkle-project/Sparkle/pull/2383)). Hardens verification of passing the update's download to Sparkle's Autoupdate helper ([#2392](https://github.com/sparkle-project/Sparkle/pull/2392)). |
1515
| 2.2.2 | Deprecates the `-s` flag to `generate_appcast` and `sign_update` for passing the private EdDSA key as a command line argument which is insecure ([#2170](https://github.com/sparkle-project/Sparkle/pull/2170)). Please use the Keychain, or pass the key as standard input in CI environments when using `--ed-key-file -` instead. Run these tools with `-h` for further information. |

0 commit comments

Comments
 (0)