I don’t think you’ll need to uninstall. If I’m reading the article correctly, it looks like they plugged the hole in their update process by switching hosting providers to one that’s even more hardened and secure. So requests from the updater should go to the correct place now and not the state-sponsored hacker.
Then in about a month, the next version of notepad++ that is released will also properly validate/verify any downloaded update files from the server.
You could also just disable the checks for updates from within the application too. Or better yet, use something like winget to handle the updates instead of the built-in updater.
The article literally states that should you download the latest version from their site directly and then use the installer to update manually. Who knows if those who were effected already could have something else compromising the update/install process. I wouldnt update from the built in updater until the new fix with certificate and signature verification is released.
I don’t think you’ll need to uninstall. If I’m reading the article correctly, it looks like they plugged the hole in their update process by switching hosting providers to one that’s even more hardened and secure. So requests from the updater should go to the correct place now and not the state-sponsored hacker.
Then in about a month, the next version of notepad++ that is released will also properly validate/verify any downloaded update files from the server.
You could also just disable the checks for updates from within the application too. Or better yet, use something like winget to handle the updates instead of the built-in updater.
The article literally states that should you download the latest version from their site directly and then use the installer to update manually. Who knows if those who were effected already could have something else compromising the update/install process. I wouldnt update from the built in updater until the new fix with certificate and signature verification is released.