The following versions of WPF HexEditor are currently supported with security updates:
| Version | .NET Target | Support Status | Security Updates |
|---|---|---|---|
| 2.1.7+ | .NET Framework 4.8 | ✅ Supported | Active |
| 2.1.7+ | .NET 8.0-windows | ✅ Supported | Active |
| 2.1.x | .NET 7.0-windows | ❌ Deprecated | No longer supported |
| < 2.1.0 | Various | ❌ Not Supported | No updates |
As of February 2026, .NET 7.0-windows support has been removed from all project files due to Microsoft ending security updates for this framework. Users on .NET 7.0 should migrate to:
- .NET 8.0-windows (recommended for modern applications)
- .NET Framework 4.8 (for legacy applications)
WPF HexEditor officially supports and receives security updates on:
- ✅ .NET Framework 4.8 - Long-term support until 2028+
- ✅ .NET 8.0-windows - Long-term support until November 2026
Security Improvements:
- Enhanced code maintainability through service-based architecture
- Reduced attack surface by separating business logic from UI
- Improved input validation in all service methods
- Better isolation of data modification operations
Services Added:
HighlightService- Manages search result highlighting with controlled stateByteModificationService- Centralized byte operations with validation
Security Impact: Medium Issue: Search cache was never invalidated after data modifications, potentially leading to data integrity issues and incorrect search results.
Fix: Cache clearing implemented at 11 critical modification points:
- ModifyByte, Paste, FillWithByte, ReplaceByte
- ReplaceFirst, ReplaceNext, ReplaceAll
- Undo handler, InsertByte, InsertBytes, DeleteSelection
Result: Users now receive accurate search results, preventing potential data corruption scenarios.
When integrating WPF HexEditor into your application:
-
Input Validation:
- Always validate file paths before passing to
HexEditor.FileName - Sanitize user input when searching/replacing bytes
- Verify file sizes before loading large files
- Always validate file paths before passing to
-
Access Control:
- Use
ReadOnlyModeproperty when editing should be restricted - Set
AllowDeleteByteandAllowInsertAnywhereaccording to your security requirements - Control file access permissions at the OS level
- Use
-
Data Integrity:
- Always backup important files before editing
- Use the Undo/Redo functionality for reversible operations
- Verify modifications with checksums when data integrity is critical
-
Memory Safety:
- Be aware of memory usage when loading large files (streams are recommended for files > 100MB)
- Dispose of the HexEditor control properly to free resources
- Monitor memory usage in production applications
❌ Don't:
- Load untrusted files without size validation
- Allow unrestricted file access in public-facing applications
- Ignore file permissions and access control
- Edit system-critical files without proper safeguards
✅ Do:
- Validate file paths and sizes before loading
- Implement proper access control in your application
- Use read-only mode when editing is not required
- Backup important data before modifications
WPF HexEditor directly accesses the file system when using the FileName property. Applications should:
- Validate file paths to prevent directory traversal attacks
- Implement proper access control
- Consider using streams instead of direct file access for sensitive scenarios
Large file operations can consume significant memory. Applications should:
- Limit maximum file sizes based on available memory
- Use streaming operations for files > 100MB
- Monitor memory usage in production
The undo/redo functionality stores byte changes in memory:
- Be aware that sensitive data may remain in memory after edits
- Clear undo/redo history when handling sensitive data
- Consider memory scrubbing for high-security applications
Data copied to clipboard may be accessible by other applications:
- Be cautious when copying sensitive binary data
- Consider disabling clipboard operations in high-security contexts
- Use in-memory streams instead of clipboard for sensitive transfers
If you discover a security vulnerability in WPF HexEditor, please report it responsibly:
🔒 For security vulnerabilities:
- Open a GitHub issue at: https://github.com/abbaye/WpfHexEditorControl/issues
- Use the label: security
- Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if available)
📋 GitHub Issue Title Format:
[SECURITY] Brief Description of the Vulnerability
Alternatively, you can contact the maintainer directly at: derektremblay666@gmail.com
- Initial Response: Within 48 hours
- Status Update: Within 1 week
- Fix Timeline: Depends on severity
- Critical: 1-2 weeks
- High: 2-4 weeks
- Medium: 4-8 weeks
- Low: Next regular release
If accepted:
- We will work on a fix and keep you informed of progress
- You will be credited in the release notes (if desired)
- A security advisory will be published after the fix is released
- We will coordinate disclosure timing with you
If declined:
- We will provide a detailed explanation
- We may suggest alternative security practices
- The issue may be reclassified as a feature request or bug
- Report via GitHub Issues: https://github.com/abbaye/WpfHexEditorControl/issues (Label: security)
- Alternative Contact: Derek Tremblay (derektremblay666@gmail.com)
- Project Repository: https://github.com/abbaye/WpfHexEditorControl
- Security Advisories: Check GitHub Security tab
Last Updated: 2026-02-10 Policy Version: 1.1