https://notepad-plus-plus.org/ Recent content in What is Notepad++ on Notepad++ Hugo -- gohugo.io en-us Sat, 21 Mar 2026 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.9.3/ Sat, 21 Mar 2026 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.9.3/ https://notepad-plus-plus.org/news/v893-released/ Sat, 21 Mar 2026 00:00:00 +0000 https://notepad-plus-plus.org/news/v893-released/ 2026-03-26 In order to improve the performance of reading & writing Notepad++ configuration files, the migration of a new XML parser (pugixml) has been carried out over several versions, and it is now completed in this release. Several regressions detected in previous versions, caused by the XML parser migration, have also been fixed. Some bugs have been resolved and a few new improvements have been added in the 8.9.3 release. https://notepad-plus-plus.org/news/v892-released/ Sun, 15 Feb 2026 00:00:00 +0000 https://notepad-plus-plus.org/news/v892-released/ 2026-02-16 “the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.“ As promised in the announcement Notepad++ Hijacked by State-Sponsored Hackers, this release strengthens the weakest links in Notepad++ update process. Below is an illustration of how the Notepad++ update mechanism was previously hijacked: With security enhancements introduced in v8. https://notepad-plus-plus.org/downloads/v8.9.2/ Sat, 14 Feb 2026 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.9.2/ https://notepad-plus-plus.org/news/clarification-security-incident/ Thu, 05 Feb 2026 00:00:00 +0000 https://notepad-plus-plus.org/news/clarification-security-incident/ 2026-02-05 After the publication of Notepad++ Hijacked by State-Sponsored Hackers, we’ve received many questions from concerned users. Here’s what you need to know: What Was Actually Compromised? Notepad++ itself was NOT hacked. The issue was with the auto-updater component (WinGup), which was exploited through a compromise of our former hosting provider’s infrastructure. The Notepad++ application you’ve been using remains safe and secure. Who Was Targeted? This was a highly selective attack by a state-sponsored group targeting specific high-value organizations. https://notepad-plus-plus.org/news/hijacked-incident-info-update/ Sat, 31 Jan 2026 00:00:00 +0000 https://notepad-plus-plus.org/news/hijacked-incident-info-update/ 2026-02-02 Following the security disclosure published in the v8.8.9 announcement https://notepad-plus-plus.org/news/v889-released/ the investigation has continued in collaboration with external experts and with the full involvement of my (now former) shared hosting provider. According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. https://notepad-plus-plus.org/downloads/v8.9.1/ Mon, 26 Jan 2026 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.9.1/ https://notepad-plus-plus.org/news/v891-released/ Mon, 26 Jan 2026 00:00:00 +0000 https://notepad-plus-plus.org/news/v891-released/ 2026-01-26 Several regressions were fixed in release 8.9.1: playback of macros that dulicated EOL, no matches found when pasting from Excel into the Find what field, and a regression in the customized context menu where the separator (id=“0”) escapes FolderName submenu. A long-standing bug was also fixed in this version: a single undo reverted multiple changes after macro execution. In addition to the fixed issues mentioned above, this release includes various bug-fixes & a few additional enhancements. https://notepad-plus-plus.org/downloads/v8.9/ Sat, 27 Dec 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.9/ https://notepad-plus-plus.org/news/v89-released/ Sat, 27 Dec 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v89-released/ 2025-12-27 Though the version number is major, this release itself is not a major update, and it contains regression-fix & enhancements. The self-signed certificate is no longer used as of this release. Only the legitimate certificate issued by GlobalSign is now used to sign Notepad++ release binaries. We strongly recommend that users who previously installed the self-signed root certificate remove it. A log of security errors encountered during Notepad++ updates is now generated automatically. https://notepad-plus-plus.org/downloads/v8.8.9/ Mon, 08 Dec 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.8.9/ https://notepad-plus-plus.org/news/v889-released/ Mon, 08 Dec 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v889-released/ 2025-12-09 Some security experts recently reported incidents of traffic hijacking affecting Notepad++. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables. The review of the reports led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary). https://notepad-plus-plus.org/downloads/v8.8.8/ Tue, 18 Nov 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.8.8/ https://notepad-plus-plus.org/news/v888-released/ Tue, 18 Nov 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v888-released/ 2025-11-18 I have been in contact with some security experts over the past 2 weeks and have identified a potential hijacking issue in WinGUp, the auto-updater developed for and used by Notepad++. This issue has been addressed in the latest release. Users are encouraged to manually download & upgrade Notepad++ using the official installer. One of most wanted features - the MSI installer - is now available. It is intended for enterprise IT deployment only and may require iterative refinement to be fully usfull. https://notepad-plus-plus.org/downloads/v8.8.7/ Sat, 18 Oct 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.8.7/ https://notepad-plus-plus.org/news/v887-released/ Sat, 18 Oct 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v887-released/ 2025-10-20 With this release v8.8.7 Notepad++ is now signed by a legitimate certificate issued by GlobalSign. This is a major security milestone, and it should permanently resolve all concerns regarding the authenticity and integrity of Notepad++ releases (which were present since v8.8.2, when the previous certificate expired). It’s been a challenging few months, struggling with administrative hurdles and dealing with certificate authorities to make this happen. Essentially, for an open-source project to obtain a certificate under its name, it must be recognized as a business entity. https://notepad-plus-plus.org/downloads/v8.8.6/ Thu, 02 Oct 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.8.6/ https://notepad-plus-plus.org/news/v886-released/ Thu, 02 Oct 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v886-released/ 2025-10-07 CVE-2025-56383 is one of the most absurd entries we’ve ever seen in the National Vulnerability Database. It’s misclassified under CWE-427: Uncontrolled Search Path Element. Yet the provided POC shows no connection to CWE-427. Notepad++ & its plugins are installed by default in the protected “Program Files” directory, requiring administrator privileges to modify. If an attacker already has those rights, they could replace any system file - so targeting a plugin is pointless. https://notepad-plus-plus.org/downloads/v8.8.5/ Wed, 13 Aug 2025 00:00:00 +0000 https://notepad-plus-plus.org/downloads/v8.8.5/ https://notepad-plus-plus.org/news/v885-released/ Wed, 13 Aug 2025 00:00:00 +0000 https://notepad-plus-plus.org/news/v885-released/ 2025-08-14 This release, like the previous version v8.8.3, is signed with the self-signed certificate. If your antivirus complains that the 8.8.5 version you downloaded here contains a virus or malware, this is likely a false positive. Please report it to the antivirus company. The release contains several bug fixes & enhancements. You can check the full list of improvements for version 8.8.5 and download it here: Regression and critical bug report here: https://community.