Is the Paperpile team aware of the recently exposed, long-standing vulnerability of the Electron framework?
At first glance, it appears that Paperpile is using v15 whilst the patched versions of Electron are v22 and above.
Welcome to our forum, @Christoph13, and thanks for raising the concern. The engineering team confirms we are aware of this but it doesn’t affect us since our app does not display any third-party content not shipped with the app itself, which is notarized with a digital signature before being shipped for download.
That being said, we do want to update Electron to the latest version (we’re on v17 at the moment) but it’s not a matter we’re able to prioritize right now. Once our new extension and web-app (currently in beta) is fully implemented, we will be able to shift focus to this and other topics.