CVE-2018-18447: paint.net 4.1.2 is now available

NOTE: The deployment of this update has been paused due to an issue with pre-DirectX 10 GPUs (e.g. GeForce 6000 and 7000 series). A new update will be issued very soon! You can still download 4.1.2 from the website, but the built-in updater will not offer it to you.

This is a small update that improves startup performance, fixes some bugs, and addresses two security vulnerabilities. Administrators who manage deployments of Paint.NET are urged to begin updating immediately. Details of CVE-2018-18446 and CVE-2018-18447 are pending publication.

If you’re using the Windows Store release, you should get the update automatically within the next 24 hours. You can also force an update check by following these instructions.

For the Classic release, you can use the built-in updater by going to ⚙ Settings → Updates → Check Now. You can also download and install it directly from the website.

Changes:

• Improved startup performance if “a lot” of effect plugins are installed. More optimizations are coming in the next update.
• Fixed: Pixel grid no longer draws some dots darker than others at some zoom levels, as reported at https://forums.getpaint.net/topic/112794-pixel-grid-rendering-problems-when-zooming/
• Fixed: Radial Blur was not handling alpha correctly
• Fixed: IndirectUI ColorWheel swatch is now rendered correctly (without the fading alpha gradient)
• Fixed: The tooltip describing the shortcut key for tools now indicates how many times to press the key (e.g., press S four times for Magic Wand selection)
• Fixed: Pressing Escape to deselect now works with all tools (this bug was introduced in v4.0)
• Fixed: Images with variable alpha were not displaying correctly at some zoom levels. They were “too dark” in translucent regions. Reported here: https://forums.getpaint.net/topic/112184-some-zoom-levels-display-alpha-as-extra-opaque/
• Fixed: For the Store release, launching with the paintdotnet: protocol no longer shows an error if no parameters are provided (thanks @Bruce Bowyer-Smyth!)
• Fixed a crash for some effects that were rendering too quickly
• Fixed a bug in the Image->Resize dialog where the asterisk and the note about which resampling mode was being used, e.g. “* Bicubic will be used,” weren’t going away or updating correctly
• New: Added a /set:SETTING=VALUE command-line parameter. This is specifically useful for disabling hardware acceleration if the app won’t start or you can’t reach the Settings dialog. This is also necessary for the Store release whose virtualized registry cannot be edited. To launch the Store version with hardware acceleration disabled, go to Start -> Run and type in “paintdotnet:/set:UI/EnableHardwareAcceleration=false” (without quotes) and press OK
• New: Added detection for when “Diebold Warsaw” is causing Paint.NET to crash. The error message will indicate this cause.
• Fixed: Addressed CVE-2018-18446. Credit goes to Bruce Bowyer-Smyth.
• Fixed: Addressed CVE-2018-18447. Credit goes to Soroush Dalili from NCC Group.

Enjoy! 🙂