[Cyberduck-trac] [Cyberduck] #9395: Sparkle autoupdate fails due to insecure SUFeedURL value

Cyberduck trac at trac.cyberduck.io
Fri Apr 1 07:08:54 UTC 2016

#9395: Sparkle autoupdate fails due to insecure SUFeedURL value
    Reporter:  pypt    |      Owner:
        Type:  defect  |     Status:  new
    Priority:  low     |  Milestone:
   Component:  core    |    Version:  4.8.4
    Severity:  minor   |   Keywords:  sparke autoupdate
Architecture:  Intel   |   Platform:  Mac OS X 10.11
 When trying to update Cyberduck from an older version, Sparkle fails with:

 2016-04-01 09:56:36,249 Cyberduck[28746]: Sparkle: Error: An error
 occurred in retrieving update information. Please try again
 later. The resource could not be loaded because the App Transport Security
 policy requires the use of a secure connection. (URL

 I think this is because the old, pre-App Transport Security updates RSS
 URL got stuck in `~/Library/Preferences/ch.sudo.cyberduck.plist`. Upon
 going to ''Preferences'' -> ''Update'' and setting the update branch
 again, problem fixes itself.

 I was concerned that for some users the autoupdate might be broken thanks
 to an old URL in `SUFeedURL` so that's why I'm reporting this bug
 nevertheless. I suppose a quick fix would be to replace `http://` to
 `https://` in `SUFeedURL` independently from what's being set there.

Ticket URL: <https://trac.cyberduck.io/ticket/9395>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list