This isn't a "year in review" or "New Year's Resolutions" blog post. If you've followed my blog for the last few years you know I write that sort of blog entry on my birthday. No. Tonight I'm closing out 2017 in a way that feels simply apropos for this year. Tonight I'm talking about the WiX Toolset security release made official earlier today.
The FireGiant blog has the simple facts so I won't go over those again. Instead, I'll cover a couple other items of interest in no particular order.
First of all, there are two releases today: WiX v3.10.4 and WiX v3.11.1. Normally we'd only release a security fix on the latest release, in this case WiX v3.11. But Bob suggested a fix for WiX v3.10 and after some discussion we agreed. That discussion is actually interesting. Take a listen.
Third, the vulnerability was first reported to FireGiant by one of their customers. They were good enough to provide FireGiant a program that demonstrated the attack vectory. As you might guess, that was very helpful in tracking down the root issue.
Finally, 2017 regularly found a way to suck us back into WiX v3.x work when I'd rather we were moving forward in WiX v4.0 So here's to the end of 2017 and WiX v3.x and to 2018, the year of WiX v4.
Keep coding, you know I am!