Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
3.4.9, 3.4.10
-
None
-
Severity 2 - Major
Description
The certificate used to sign executables for Sourcetree has expired:
Thumbprint: f87e1c76e95f759b4747d0b92bd2a7caecc3c45e
The executables do not appear to have a Timestamp associated. As a result, the signing has now expired.
My organisation uses application restriction policy whitelisting - only allowing specific executables to launch; a common configuration in enterprise environments. We are in the process of having to create individual hash-based rules to allow the executables to run in the short-term.
Can the next release of Sourcetree please be signed with a renewed certificate, and have the files include a timestamp.