Today, as we bid an indifferent farewell to the 12-month period known as 2017, we shipped WiX v3.10.4 and WiX v3.11.1 to mitigate a vulnerability in Burn. The vulnerability is a little tougher to exploit than the one fixed in WiX v3.10.2; this one requires already-running malicious code that’s specially-crafted to look for bundles that are running with elevated privileges.
As always, we recommend updating to the latest and greatest as soon as possible. Your users won’t thank you but they will yell if you left them vulnerable when you could’ve easily prevented it. The only change is this one small fix, so upgrade with a clear conscience.
Download WiX v3.10.4 here.
Download WiX v3.11.1 here.
On Cinco de Mayo 2017, we released WiX v3.11. WiX v3.11 RTM is v184.108.40.2061.
You can download the WiX Toolset v3.11 build tools and Visual Studio extensions here.
The primary goal of the WiX v3.11 development cycle was to support Visual Studio 2017. We met that goal, with more than the usual number of challenges, due to the scope of changes in Visual Studio 2017.
In previous versions of WiX v3.x, Votive, the Visual Studio extension for WiX, was part of the WiX installer. Due to Visual Studio 2017’s changes to support multiple instances, WiX v3.11 now comes in two parts:
- The WiX build tools, MSBuild support, extensions, and SDKs. These are delivered in the WiX v3.11 bundle.
- The Visual Studio extension, one for each supported version of Visual Studio (2010, 2012, 2013, 2015, and 2017). These are available from the Visual Studio Marketplace.
Plenty of other stuff happened in the WiX v3.11 cycle, too. For details on bug fixes, new features, and other changes, please see the release notes on GitHub.
Rob also wrote about the WiX v3.11 release, if you’d like other words on the topic.