1. The web site uses SSL but the in-app updater uses unencrypted port 80 HTTP transfers, making updates subject to MITM attack by malicious public access point
2. Forum search feature seems broken:
"The following words in your search query were ignored because they are too common words: https update.
You must specify at least one word to search for. Each word must consist of at least 3 characters and must not contain more than 14 characters excluding wildcards."
We have discontinued this forum and moved support tickets to the GitHub issue tracker. More info
[BUG] [SECURITY] Update feature does not use HTTPS
Moderator: Steven
- Steven
- CrystalIDEA Developer
- Posts: 2294
- Joined: 21 Dec 2009, 11:48
- Location: CrystalIDEA headquarters
- Contact:
Re: [BUG] [SECURITY] Update feature does not use HTTPS
Will be fixed in the next update, thank you!