“`html
Notepad++ has officially unveiled version 8.9.3, providing essential security fixes, performance improvements, and solutions for ongoing crash challenges.
This upgrade completes the text editor’s shift to a highly efficient XML parser, rectifying several recent regressions while enhancing the application’s auto-update functionality against known security threats.
Notepad++ v8.9.3 Launch
The standout security enhancement in version 8.9.3 is the correction of a vulnerability in the application’s auto-updater system.
The development team has upgraded the cURL library in WinGUp to version 8.19.0, addressing a particular security flaw, CVE-2025-14819.
Moreover, this version resolves an unintended elevation of privileges bug that was introduced in earlier releases. Previously, the installation or removal of a plugin led Notepad++ to inadvertently restart with enduring administrative rights. This regression has been effectively remedied, ensuring that the application complies with standard user privilege levels during normal plugin operations.
| Vulnerability / Issue | Component Affected | Resolution |
|---|---|---|
| CVE-2025-14819 | WinGUp Auto-Updater | Updated embedded cURL to v8.19.0 |
| Admin Privilege Bug | Plugin Manager | Prevented permanent admin rights upon N++ restart |
| MITM Update Failure | Network / Updater | Fixed plugin and update downloads behind corporate proxies |
Core Enhancements and Crash Issues
To improve the efficiency of reading and writing configuration files, Notepad++ has been progressively transitioning from TinyXML to the newer pugixml parser in recent updates. Version 8.9.3 signifies the culmination of this structural transition.
In addition to the performance enhancement, developers have resolved various regressions resulting from this migration, including localized Workspace text issues and incorrect text presentations for non-UTF8 files.
The core components powering the text editor’s interface have also undergone significant updates, with Scintilla upgrading to version 5.6.0 and Lexilla progressing to version 5.4.7.
System stability remains a focal point of this release. The engineering team has successfully identified and rectified an enduring flaw where initiating a print job would crash the entire application.
Similar critical issues related to User Defined Languages (UDL) have been fixed. Furthermore, a memory leak that occurred during application exit has been addressed, preventing resource deterioration during lengthy development sessions.
System administrators overseeing enterprise rollouts gain beneficial new controls in this release. The introduction of the disableNppAutoUpdate.xml file empowers IT teams to explicitly disable auto-updates, even when the WinGUp executable is available.
An additional security enhancement prevents XML configuration files from being inadvertently overwritten when updating portable packages through standard copy-and-paste procedures.
Other significant corrections include resolving an issue where “Find in Files” failed to locate file content on disk, preventing Notepad++ from launching unnecessary Windows Explorer processes in Task Manager, and adding native Autocompletion and Function List support for the D programming language.
“`