TLDR: Help dialog wrongly indicating the latest version (1.3.5) is installed.
What I’m trying to do
This is a multi-user Windows 10 system.
Security suite flags an endpoint for having a vulnerable version of Obsidian under user A’s profile. User B’s installation is up to date.
When asked to update Obsidian, the user reports seeing notifications on start-up indicating a manual upgrade is necessary.
User reports having done the upgrade.
User shows me the help dialog indicating the latest version (1.3.5)
User is confused why they are still seeing notification to upgrade on every startup.
The security suite already reported the location and version of the out of date software: User A’s %localappdata%\Obsidian\Obsidian.exe.
I use task manager to identify the command line of the currently running application. It is the location reported above. I use file properties to check the version of the Obsidian.exe that is running, it is not the latest version.
So where is the help dialog getting version information from? Seems likely to be the wrong place?
Things I have tried
Complete uninstall/reinstall (under that user’s profile).
Side notes
Note: the other user’s installation on this machine was up to date.
It seems like this type of issue could be resolved by having a system-wide installer, which would be great.
From an IT perspective, I do not like %localappdata% installations. They are more difficult to keep up to date for a sysadmin. Example: User C logs onto a shared system, installs Obsidian, and then never uses the machine again. The security system will flag out of date/vulnerable software on user C’s profile. As a sysadmin, I have no good way to upgrade this out of date software. My best option is to delete it, but that’s not particularly clean and likely to leave remnants.
If you have a commercial license, it’s better you reach out to support via email. The user may be confused between the obsidian app version and the installer version. They can be different without that being a problem.
When you email support, provide the debug info which can be accessed by Command Palette (Ctrl/Cmd-P on Desktop, Swipe down from the top on mobile) enter “Show debug info”, and click “Copy to clipboard”.
There are two version numbers visible in Settings > About
One is the app version, the other is the installer version.
Both follow the same schema and should be kept somewhat in sync.
The changelog will mention when an installer update is recommended.
The app version can be updated automatically by our auto-updater, up to a certain point. Currently, 0.14.5 is the minimum required installer version to receive automatic updates.
The installer version needs to be updated manually, for that you just need to install a new version from our website.
One of the things, the installer is responsible for is the electron/Chrome version used, which is probably why the security suite flagged it.
@WhiteNoise We do not have a commercial license, but we also have not blacklisted the app to prevent users from installing this. Is this a violation of your license terms? Do I need to blacklist it?
@joethei Sorry, I should have been clearer about where my user was looking for version info: clicking the help icon.
Note: Screenshots below are from my home laptop, which I just discovered has a much less severe version of the same issue.
Settings > About also shows incorrect version information.
Debug info (again, not from the same system mentioned above, but I can get that too if required.)
SYSTEM INFO:
Obsidian version: v1.3.5
Installer version: v1.3.4
Operating system: Windows 10 Home 10.0.22621
Login status: not logged in
Insider build toggle: off
Live preview: on
Legacy editor: off
Base theme: dark
Community theme: Blue Topaz v20221104
Snippets enabled: 0
Restricted mode: off
Plugins installed: 3
Plugins enabled: 2
1: Dataview v0.5.56
2: Flexible Pomodoro For Obsidian v0.6.0
RECOMMENDATIONS:
Custom theme and snippets: for cosmetic issues, please first try updating your theme and disabling your snippets. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community theme and snippets.
Community plugins: for bugs, please first try updating all your plugins to latest. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community plugins.
Obsidian is not free for commercial use. You can read more about it here and determine if you need a commercial license:
If your company needs a commercial license and you don’t have one, you should either buy the commercial license or remove the app. The same applies to the users’ personal computers if they use the app for business related to the company.
I understand. Unfortunately, it’s not worth dealing with the procurement process for a very small portion of our user base, so we’ll most likely blacklist it. Thanks for the feedback.
It’s more of an internal problem. Management’s default response will be: “We already have OneNote licenses. The users should use the tools we’re already paying for.”
I don’t think there’s anything wrong being reported.
We have already explained that there are two versions: installer version and app version (again, it is fine if they are different).
If you required to download and reinstall obsidian, we will notify you.
I’m not on Windows nowadays, but do you think it’s logical that both the product version and the file version properties of the obsidian.exe refers to the installer version? I’m kind of thinking it would be natural that one of them reflected the obsidian version. Or is this given due to how electron packages its applications?
@holroy It looks like I have two different files with two different purposes.
In AppData\Local\obsidian-updater there is a file called installer.exe, which according to the file properties is version 1.3.4.
In AppData\Local\Obsidian there are many files and folders, including one called obsidian.exe which I have verified is actually the executable running when Obsidian is running. According to the file properties, this executable is version 1.3.4.
To quote selectively from the debug info:
SYSTEM INFO:
Obsidian version: v1.3.5
Installer version: v1.3.4
This is not wrong, it just means that your last installation of Obsidian was done using v1.3.4. At the time of that installation both versions would be the same.
After that Obsidian has auto-updated itself so that you’re now running the latest version of Obsidian namely v1.3.5. It’s quite normal, as we’ve tried to explain in this thread, that the two versions are different. In most cases you’ll not notice that these are different, and you don’t need to do anything.
If at any point Obsidian changes something internally which requires the Installer version to be updated, which it can’t manage to update on its own, you’ll get a notice. At this point you should reinstall Obsidian completely, which will “synchronize” the two version numbers.
So you’re perfectly fine with these versions being a little apart, and everything should work fine. You can reinstall Obsidian (but you don’t need to currently), to make the version numbers realign. A reinstall of Obsidian is safe to do with regards to your vault(s), and any contents therein.
Thanks for explaining. In an effort to unconfuse myself, I did a little research on Electron applications. It looks like Electron apps, in general, can have several ways to update themselves:
Downloading an installer or a binary package and running it outside of the Electron process.
Downloading a patch file and applying it to the existing Electron binary and application files.
Downloading a new Electron binary and replacing the existing one.
I’m guessing the behavior that was confusing me in this thread is a result of Obisidian using #2 above. I’m thinking a patch is applied that changes the Obsidian application files inside of the existing binary, leaving the file modification date and version unchanged. As a result, the file properties still match what was initially installed. And that bit will henceforth be called the Installer version.
How close am I to the truth here? What did I get wrong?
