From the KeePass site: http://keepass.info/help/kb/sec_issues.html#updsig
In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512).
KeePass 2.34 and higher only accept such a digitally signed version information file. This solution is more secure than just using HTTPS, because it guarantees version information safety even when the webserver is compromised (the private key for signing the version information is not stored on the webserver).
Downloads page: http://keepass.info/download.html
Edit: The update has NOT yet been released, as of (CET 11:30 2016-06-06)
转载本站任何文章请注明：转载至神刀安全网，谢谢神刀安全网 » KeePass2 v 2.34 to fix the update security problem