GOG Galaxy - Recommended Version Incorrect
For GOG Galaxy VulnDetect recommends the version 18.104.22.168.
When I check for Updates in the app, then there are NO Updates available:
![2022-07-31_17h51_03.png](Request Entity Too Large)
So why does VulnDetect suggests this version?
I just noticed that it always was "flagged" as pre-release. We'll consider if the "versions" should be updated to include the "Beta" or "Hotfix" strings.
Yeah, so they say, I just checked our data, in that case it has been in beta for 3 years by now.
And the last update to the 1.x branch, that we saw, is from February 2020.
And I can't see an option to download 1.x anywhere.
Since this is a game related app I don't have strong opinions about this.
If you insist this is a beta, then I'll split it into two channel and tag the 2.x one as beta. And probably mark the whole product as Untracked.
@OLLI_S Great. We started monitoring that URL and changed the recommended version to the official "Hotfix" version 2.0.49. We will follow what they publish, I think the flags in SUMo is based on statistics, rather than on official information, but I don't know enough about their solution to figure out how they determine that.
@Tom I found the Official Changelog of GOG Galaxy
Here you see that the current version is 2.0.51 (what I have).
Version 2.0.52 (what VulnDetect suggests) is not listed there.
Here you see, which versions of GOG the users of SUMo have installed:
You see, that
- 86% of SUMo users have version 2.0.51 and *
- 12% of SUMo users have version 2.0.52
You see, that version 2.0.51 is marked as current.
I also have an idea for this situation:
Maybe the developers of GOG send out version 2.0.52 to only some users (for testing it) and when everything goes well, they release it to the public?
So only a small percentage gets Version 2.0.52 via auto-update and the rest gets this version later.
@OLLI_S Because one or more users has had this file since the 13th July 2022 and that it was released by the vendor on the 12th July 2022.
I can see from the information available, that the file was fetched as an auto update and that Galaxy has verified it.
Since the vendor, to my knowledge, don't publish any release notes or other version information on the website, then we can only base it on the most recent file we see.
If you have information about where and how we can improve this, then please let us know.