In the new version of the free text editor for Windows, the developer has fixed several security problems and Notepad++ is now protected against malicious code attacks.

Attackers can attack Windows systems on which the open source text editor Notepad++ is installed and, in the worst case, execute malicious code. A version that is protected against this, among other things, is now available for download.

As can be seen from a post by the developer, the current version 8.5.7 has fixed four vulnerabilities (CVE-2023-40031 high, CVE-2023-40036 medium, CVE-2023-40164 medium, CVE-2023 -40166 medium).

The conversion from UTF16 to UTF8 can cause memory errors, allowing malicious code to reach systems. To do this, a victim must open a crafted file.

Notepad++ v8.5.7 Change log

• Fixed 4 security issues CVE-2023-40031, CVE-2023-40036, CVE-2023-40164 & CVE-2023-40166.
• Security enhancement: Signed uninstall.exe.
• Changed the slogan in installer.
• Fixed eventual memory leak while reading Utf8-16 files.
• Fixed dragging tab performance issue while Document List is displayed.
• Added 2GB file warning option for x64.
• Fixed cloned document disassociated issue after Notepad++ being relaunched.
• Fixed session file saving problem if it is read-only.
• Fixed activating wrong file(s) issue after loading session file.
• Fixed product version value displayed in file's properties.