There have been a couple of posts (here and here) talking about alleged security vulnerabilities in NewsGator and other news aggregators. The first post supposedly describes a way to have a news post contain an Outlook “virus” that will send an email to people in your address book; the second shows a RSS file containing script which could be annoying or malicious to a user.

I have posted a response for our customers on the NewsGator News and Updates page; the gist of this is that for the first problem to actually be a problem, you would have to manually edit your Internet Explorer security settings to loosen the restrictions. 

For the second problem, OL2002 is not vulnerable at all by default. OL2000 will actually execute the script, just as with HTML email messages, but this is easy to disable (and should indeed be disabled in most cases).

Just a reminder…if you’re using a pre-release 0.x build of NewsGator (or even the old olnews.exe), today is the last day those builds will function. I encourage you to install version 1.0 and give it a try!

If you’re using version 0.7 or later, the NewsGator 1.0 installer will upgrade your installation, and your subscriptions will remain intact. If you’re using an earlier version (before 0.7), and I know there’s a few of you :-), you will need to uninstall first before installing 1.0.

If you have upgraded to NewsGator 1.0 from a previous version, then you probably aren’t subscribed to the NewsGator News and Updates feed (new users get this subscription by default). If you’re interested in the latest news about NewsGator, I recommend you subscribe!

NewsGator users, right-click here with IE to automatically subscribe. Not using IE? Go to NewsGator/Options, and add the subscription from there.

Some good comments on NewsGator 1.0’s first day in the wild:

Joe Friend: “The best aggregator for Windows has shipped.”

Don Park: “NewsGator 1.0 is released…Integration is really smooth without apparent seams.”

Sean Varley: “It’s revolutionized the way I look at staying on top of my news, and I wouldn’t want to do it any other way now.”

Brian Graf: “NewsGator has fundamentally changed the way I keep up with the latest technology news. I endorse and recommend NewsGator unconditionally and without hesitation.”

Wes Haggard: “This is a great product! It saves me lots of time.”

Steven Hatch: “My favorite feature has always been its tight integration with Outlook.”

Thanks for the kind words, guys!

I’m very pleased to announce the release of NewsGator 1.0!

At the same time comes the public debut of NewsGator’s new home, http://www.newsgator.com. There you’ll find lots of information about NewsGator, news, downloads, a RSS feed search system, support resources (including a knowledge base and discussion forums), and of course the NewsGator store.

This has been an interesting development cycle…all the way from the first concept screen shot right here on my weblog, to where we are today with version 1.0. I’d like to publicly thank all of those who have been working with the 0.x versions, and especially those folks who volunteered to thoroughly test the RC1 release. Thanks to all of your efforts, I think NewsGator 1.0 is a great product!

There are numerous changes since the last release. I encourage you to download version 1.0 and try it…and if you like it, spread the word!

Press release

The countdown continues!

3…2…1…

If you are interested in testing a NewsGator release candidate, please let me know. This will be a very limited release, and we will only be taking a limited number of requests.

When you respond, please include the following information:

• Operating System and SP
• .NET version and SP
• Outlook version
• Are you currently using NewsGator?
• Number of subscriptions in NewsGator

You will hear back from me within a couple of days if you are selected. Thanks!

UPDATE: wow, what a response. We have enough people now; if you responded, you should be hearing back soon.

NewsGator v0.9 is now available on the download site. A couple of items that have gotten a lot of attention lately have been changed – NewsGator no longer sends a referrer header, and it now correctly installs and operates for non-admin users. Other changes:

• Posts now marked as read after reading from NewsPage
• NewsGator can now be correctly loaded/unloaded from the Outlook Tools/Options/Other/Advanced/COM Add-ins dialog, including adding/removing all GUI elements. Solves problem of multiple NewsGator menus in certain circumstances.
• Added link for post comments
• Fixed bug on NewsPage when a feed title had an embedded ‘/’ character
• Fixed problem where if logged in twice via terminal services, would get two copies of each post
• When trigger a manual retrieve, reschedule auto retrieve time
• Added keyboard shortcuts
• IE context menu can now be switched on and off from NewsGator Options, rather than being an install-time selection.
• Added start menu folder
• Fixed problem where if NewsGator started up but no folders were accessible, Select Folder… wouldn’t work and you’d be in a situation you couldn’t get out of
• Fixed problem where under certain rare conditions, retrieving a feed might never timeout

If you run into any problems, or have any new suggestions, please let me know!