Skip to content

Application calls unsafe http URLs #2167

New issue
New issue
Closed
Closed
Application calls unsafe http URLs#2167
Labels
enhancementEnhances an existing featuresecurityVulnerability that hackers can use to do damage to systems or data
Milestone
v12.12 Windows
@phantasie-schmiede

Description

@phantasie-schmiede
phantasie-schmiede
opened on May 13, 2025

Description

When checking for updates or attempt to download a new build from update dialog, HeidiSQL calls the URLs with the unsafe http protocol (http://www.heidisql.com/...).

All URLs should be prefixed with https.

HeidiSQL version

12.10.0.7000

Database server version

Reproduction recipe

  • open HeidiSQL
  • Click "More" and "Check for updates"

Error/Backtrace

Metadata
Metadata
Assignees
No one assigned
    Labels
    enhancementEnhances an existing featuresecurityVulnerability that hackers can use to do damage to systems or data
    Type
    No type
    Projects
    No projects
    Milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions