2.8.0 UI Refresh and Tahoe Improvements

Changes:

• UI modernization and macOS Tahoe support
  • Modernize update alert and release notes UI (#2737) (Zorg, Noah Nuebling, Cykelero, Daniel Jalkut, Peter Nowell)
  • Update retrieving app icon to work better in Tahoe (#2742) (Zorg)
  • Improve retrieval of main app icon for authorization dialog (#2743) (Zorg)
• Delta updates
  • Improve bsdiff performance by preventing excessive iterations when processing similar data blocks (#2693) (Will Fairclough)
  • Fix an issue while searching a cloneable file for delta updates (#2748, #2753) (Vincent Bénony, Zorg)
  • Add support for relative URLs for delta updates (#2741) (jj)
• Localization
  • Set STRINGS_FILE_OUTPUT_ENCODING build setting to "binary" (#2712) (Nicolas Kick)
  • Move all localizations to main Sparkle.strings (#2760) (Zorg)
• Synchronize updater settings with user defaults to fix out-of-sync UI state (#2728) (Zorg)
• Document and better enforce main thread only requirement for using Sparkle methods (#2746, #2754, #2768)) (Sebastien Marchand, Zorg)
• Make -[SPUUserDriver showUpdateInFocus] optional (#2717) (Zorg)
• Add private module map for framework (#2722) (Zorg)
• Workaround a corner case in which the bundle path of a running application contains Contents/MacOS/Executable (#2726, #2747) (Jeremy Huddleston Sequoia, Zorg)
• Disable false dependency scan analysis warnings when building Sparkle from source (#2762) (Daniel Jalkut)
• Refactor the logic for avoiding re-sending the system profile more frequently than once a week (#2720) (Daniel Jalkut)
• Remove deprecated interactive package installer type (#2767) (Zorg)

Sparkle 2.8 introduces a refreshed UI update to the software update window and includes compatibility improvements for macOS 26 Tahoe. Thanks to all of those that contributed to the design of the update window (#2737).

Discussion

2.8.0-beta.3

Changes:

• UI modernization and macOS Tahoe support
  • Modernize update alert and release notes UI (#2737) (Zorg, Noah Nuebling, Cykelero, Daniel Jalkut, Peter Nowell)
  • Update retrieving app icon to work better in Tahoe (#2742) (Zorg)
  • Improve retrieval of main app icon for authorization dialog (#2743) (Zorg)
• Delta updates
  • Improve bsdiff performance by preventing excessive iterations when processing similar data blocks (#2693) (Will Fairclough)
  • Fix an issue while searching a cloneable file for delta updates (#2748, #2753) (Vincent Bénony, Zorg)
  • Add support for relative URLs for delta updates (#2741) (jj)
• Localization
  • Set STRINGS_FILE_OUTPUT_ENCODING build setting to "binary" (#2712) (Nicolas Kick)
  • Move all localizations to main Sparkle.strings (#2760) (Zorg)
• Synchronize updater settings with user defaults to fix out-of-sync UI state (#2728) (Zorg)
• Document and better enforce main thread only requirement for using Sparkle methods (#2746, #2754) (Sebastien Marchand, Zorg)
• Make -[SPUUserDriver showUpdateInFocus] optional (#2717) (Zorg)
• Add private module map for framework (#2722) (Zorg)
• Workaround a corner case in which the bundle path of a running application contains Contents/MacOS/Executable (#2726, #2747) (Jeremy Huddleston Sequoia, Zorg)
• Disable false dependency scan analysis warnings when building Sparkle from source (#2762) (Daniel Jalkut)
• Refactor the logic for avoiding re-sending the system profile more frequently than once a week (#2720) (Daniel Jalkut)

2.8.0 beta 3 specifically includes a crash fix from 2.7.3 and important security fixes from 2.7.2.

Sparkle 2.8 includes a more modernized UI for the standard update alert and Tahoe compatibility support fixes. Feel free to head over to the discussions.

2.7.3 - Important security fixes for local exploits + crash fix

Changes for 2.7.3:

• Double quote team identifiers in requirement strings to fix crash if Team ID starts with number (#2766) (Zorg)

This fixes a potential crash that may occur for specific Team IDs, introduced in 2.7.2 which includes security fixes.

A release for 2.8.0 betas (aimed at revamped Tahoe support) with this fix will also been published soon.

--

Changes for 2.7.2:

This release contains security fixes for local exploits reported/reviewed by @Karmaz95 . More details can be found in this discussion.

For apps that install package updates, you may not be able to test Sparkle in a development environment easily where Sparkle's tools are often not specially signed. If this is the case, please try testing Sparkle either from a notarized version of your app, or from a version of your app that was installed by your package installer.

2.8.0-beta.2

Warning (EDIT): Don't use this build. Use 2.8.0-beta.3 or later which includes a potential crash fix introduced here.

Changes:

• UI modernization and macOS Tahoe support
  • Modernize update alert and release notes UI (#2737) (Zorg, Noah Nuebling, Cykelero, Daniel Jalkut, Peter Nowell)
  • Update retrieving app icon to work better in Tahoe (#2742) (Zorg)
  • Improve retrieval of main app icon for authorization dialog (#2743) (Zorg)
• Delta updates
  • Improve bsdiff performance by preventing excessive iterations when processing similar data blocks (#2693) (Will Fairclough)
  • Fix an issue while searching a cloneable file for delta updates (#2748, #2753) (Vincent Bénony, Zorg)
  • Add support for relative URLs for delta updates (#2741) (jj)
• Localization
  • Set STRINGS_FILE_OUTPUT_ENCODING build setting to "binary" (#2712) (Nicolas Kick)
  • Move all localizations to main Sparkle.strings (#2760) (Zorg)
• Synchronize updater settings with user defaults to fix out-of-sync UI state (#2728) (Zorg)
• Document and better enforce main thread only requirement for using Sparkle methods (#2746, #2754) (Sebastien Marchand, Zorg)
• Make -[SPUUserDriver showUpdateInFocus] optional (#2717) (Zorg)
• Add private module map for framework (#2722) (Zorg)
• Workaround a corner case in which the bundle path of a running application contains Contents/MacOS/Executable (#2726, #2747) (Jeremy Huddleston Sequoia, Zorg)
• Disable false dependency scan analysis warnings when building Sparkle from source (#2762) (Daniel Jalkut)
• Refactor the logic for avoiding re-sending the system profile more frequently than once a week (#2720) (Daniel Jalkut)

2.8 beta 2 specifically includes important security fixes from 2.7.2.

Sparkle 2.8 includes a more modernized UI for the standard update alert and Tahoe compatibility support fixes. Feel free to head over to the discussions.

2.7.2 - Important security fixes for local exploits

Warning (EDIT): Don't use this build. Use 2.7.3 or later which includes a potential crash fix introduced here.

Changes:

• Harden policy on what operations clients are allowed to take (#2763) (Zorg)

This release contains security fixes for local exploits reported/reviewed by @Karmaz95 . More details can be found in this discussion.

For apps that install package updates, you may not be able to test Sparkle in a development environment easily where Sparkle's tools are often not specially signed. If this is the case, please try testing Sparkle either from a notarized version of your app, or from a version of your app that was installed by your package installer.

A release for 2.8.0 betas (aimed at revamped Tahoe support) with these fixes has also been published.

2.8.0-beta.1

Changes:

• UI modernization and macOS Tahoe support
  • Modernize update alert and release notes UI (#2737) (Zorg, Noah Nuebling, Cykelero, Daniel Jalkut, Peter Nowell)
  • Update retrieving app icon to work better in Tahoe (#2742) (Zorg)
  • Improve retrieval of main app icon for authorization dialog (#2743) (Zorg)
• Delta updates
  • Improve bsdiff performance by preventing excessive iterations when processing similar data blocks (#2693) (Will Fairclough)
  • Fix an issue while searching a cloneable file for delta updates (#2748, #2753) (Vincent Bénony, Zorg)
  • Add support for relative URLs for delta updates (#2741) (jj)
• Localization
  • Set STRINGS_FILE_OUTPUT_ENCODING build setting to "binary" (#2712) (Nicolas Kick)
  • Move all localizations to main Sparkle.strings (#2760) (Zorg)
• Synchronize updater settings with user defaults to fix out-of-sync UI state (#2728) (Zorg)
• Document and better enforce main thread only requirement for using Sparkle methods (#2746, #2754) (Sebastien Marchand, Zorg)
• Make -[SPUUserDriver showUpdateInFocus] optional (#2717) (Zorg)
• Add private module map for framework (#2722) (Zorg)
• Workaround a corner case in which the bundle path of a running application contains Contents/MacOS/Executable (#2726, #2747) (Jeremy Huddleston Sequoia, Zorg)
• Refactor the logic for avoiding re-sending the system profile more frequently than once a week (#2720) (Daniel Jalkut)

This beta includes a more modernized UI for the standard update alert and Tahoe compatibility support fixes. More important bug fixes are anticipated before the final 2.8.0 version, however you may want to test your app with the new changes. Feel free to head over to the discussions.

2.7.1 Unarchiver and localization improvements

Changes:

• Fix typo in NN localisation (#2694) (Sjur N Moshagen)
• Fix compiler warnings for Xcode 16.3 (#2709) (Zorg)
• Fix Sparkle not building when SPARKLE_COPY_LOCALIZATIONS=0 (#2707) (Zorg)
• Fix release notes constraints when compiled with macOS 26 SDK (#2730) (Zorg)
• Fix reserved identifier warnings for Xcode 26 (#2729) (Zorg)

Please also check 2.7.0 for previous changes.

2.7.0 Unarchiver and localization improvements

Changes:

• Unarchiver / validation improvements (Zorg)
  • Remove old checksum verification checks for dmg archives to improve extraction speed (#2568) (Zorg)
  • Skip extracting auxiliary files and improve extraction progress for disk images (#2569) (Zorg)
  • Improve robustness around extracting dmg's with passwords (#2627, #2571) (Zorg)
  • Randomize the download archive name the installer extracts/executes (#2584) (Zorg)
  • Retry extracting zip file without piping if extraction fails to workaround bug prior to macOS 15 (#2616) (Zorg)
  • Add opt-in SUVerifyUpdateBeforeExtraction option to force verification of updates before extraction (#2667) (Zorg)
  • Add support for extracting Apple Archives (.aar files; requires SUVerifyUpdateBeforeExtraction, macOS 10.15+) (#2586, #2588, #2590) (Zorg)
  • Don't allow removal of signing keys more strictly (#2647) (Zorg)
  • Remove SPARKLE_BUILD_DMG_SUPPORT option (#2690) (Zorg)
• Add new BinaryDelta format (version 4) (Zorg)
  • Preserve bundle creation date when creating and applying delta updates (#2583) (Zorg)
  • Use faster crc32 hashes for binary delta version 4 (#2638) (Zorg)
  • Make binary delta version 4 the default (#2668) (Zorg)
• Language / layout improvements
  • Fix recovery error suggestion not shown when app is translocated or on read-only mount (#2689) (Zorg)
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Add baseline alignment to status text in SUStatus dialog (#2587) (Eitot)
  • Make horizontal hugging priority required for status text field (#2614) (Zorg)
  • Adjust the layout of anonymous system profile info to align better with the rest of the panel's UI (#2564) (Daniel Jalkut)
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Internationalize system profile display keys (#2577) (Zorg)
  • Update hebrew locale and add right-to-left characters (#2573, #2576, #2578, #2579) (Shlomo)
  • Update localisations for Dutch and German (#2582) (Eitot)
  • Add unlocalized strings in Japanese (#2589) (1024jp)
  • Fix typo in LICENSE (#2648) (fujisoft)
• Deprecate custom version comparators (#2639) (Zorg)
• Skip preflight update check in sparkle-cli if user is root (#2645) (Zorg)
• Avoid assert/crash when app is moved before update alert shows (#2658) (Zorg)
• Use default NSURLRequest timeoutInterval for the downloader (currently 60s) (#2673) (Zorg)
• Fix process substitution failing to work for providing the private key as file argument (#2615) (Zorg)
• Improve unable decode private key error messages in generate_appcast (#2675) (Zorg)
• Clarify that default channel must be in allowed channels set in API documentation (#2676) (Zorg)
• Call update permission prompt delegate method only when needed (#2622) (Zorg)
• Resolve duplicate class definitions from BinaryDelta, Sparkle Test App, and unit tests (#2570, #2629) (Zorg)

This release includes unarchiver/validation and localization/layout improvements.

This update also introduces a new format for delta updates. If you don’t use generate_appcast, please check the compatibility notes for creating delta updates.

2.7.0-beta.1

Changes:

• Unarchiver / validation improvements (Zorg)
  • Remove old checksum verification checks for dmg archives to improve extraction speed (#2568) (Zorg)
  • Skip extracting auxiliary files and improve extraction progress for disk images (#2569) (Zorg)
  • Improve robustness around extracting dmg's with passwords (#2627, #2571) (Zorg)
  • Randomize the download archive name the installer extracts/executes (#2584) (Zorg)
  • Retry extracting zip file without piping if extraction fails to workaround bug prior to macOS 15 (#2616) (Zorg)
  • Add opt-in SUVerifyUpdateBeforeExtraction option to force verification of updates before extraction (#2667) (Zorg)
  • Add support for extracting Apple Archives (.aar files; requires SUVerifyUpdateBeforeExtraction, macOS 10.15+) (#2586, #2588, #2590) (Zorg)
  • Don't allow removal of signing keys more strictly (#2647) (Zorg)
• Add new BinaryDelta format (version 4) (Zorg)
  • Preserve bundle creation date when creating and applying delta updates (#2583) (Zorg)
  • Use faster crc32 hashes for binary delta version 4 (#2638) (Zorg)
  • Make binary delta version 4 the default (#2668) (Zorg)
• Language / layout improvements
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Add baseline alignment to status text in SUStatus dialog (#2587) (Eitot)
  • Make horizontal hugging priority required for status text field (#2614) (Zorg)
  • Adjust the layout of anonymous system profile info to align better with the rest of the panel's UI (#2564) (Daniel Jalkut)
  • Fix typo in Dutch localisation (#2642) (Eitot)
  • Internationalize system profile display keys (#2577) (Zorg)
  • Update hebrew locale and add right-to-left characters (#2573, #2576, #2578, #2579) (Shlomo)
  • Update localisations for Dutch and German (#2582) (Eitot)
  • Add unlocalized strings in Japanese (#2589) (1024jp)
  • Fix typo in LICENSE (#2648) (fujisoft)
• Deprecate custom version comparators (#2639) (Zorg)
• Skip preflight update check in sparkle-cli if user is root (#2645) (Zorg)
• Avoid assert/crash when app is moved before update alert shows (#2658) (Zorg)
• Use default NSURLRequest timeoutInterval for the downloader (currently 60s) (#2673) (Zorg)
• Fix process substitution failing to work for providing the private key as file argument (#2615) (Zorg)
• Improve unable decode private key error messages in generate_appcast (#2675) (Zorg)
• Clarify that default channel must be in allowed channels set in API documentation (#2676) (Zorg)
• Call update permission prompt delegate method only when needed (#2622) (Zorg)
• Resolve duplicate class definitions from BinaryDelta, Sparkle Test App, and unit tests (#2570, #2629) (Zorg)

This release includes unarchiver/validation and localization/layout improvements.

This update also introduces a new format for delta updates. If you don’t use generate_appcast, please check the compatibility notes for creating delta updates.

2.6.4

Changes:

• Fix app modification prompt from appearing when downloaded update overrides NSUpdateSecurityPolicy (#2593)

If your app overrides NSUpdateSecurityPolicy and doesn't require a custom policy, please consider removing it.

Please also check 2.6.3, 2.6.2 - Important security fix, and 2.6.0 Further Sonoma Improvements for previous changes.