Home Forums Networks & Cross-Platform Networking Qualy’s Browser Check

MacBook OS 10.6.8

I use Qualy’s Browser Check to check for updates but recently it reports Apple Safari 5.1.9 to be insecure and offered to fix it.
Thing is I am running Safari 5.1.10.
Am I , or Qualy’s missing something, or can their report be ignored?
I have tried to contact Qualy's, but have had no reply
You advice please.
Kate

Same OS X 10.6.8 & Safari 5.1.10, same "Insecure Safari 5.1.9" warning.

Seems like Qualys has got its own issue.

I had an issue like that with a different developer and the problem was the way in which the app reads the version. My guess is that QBC reads 5.1.10 as 5.1.1; it doesn't see the final 0. When I notified the developer in my case (this was a long time ago with a much different app), he was able to fix it. So, you'll have to hope that the developer responds.

Your issue sounds like the one that was raised as a potential with OS X 10.4.10, but since Qualys is specifically mentioning v 5.1.9, this issue is different.

"Insecure" suggests to me that the Qualys app is reading the final zero, not recognizing it as a possibility, and reporting that v 5.1.10 is a corrupt v 5.1.9.

Edit: And how it knows that v 5.1.9 is installed is anybody's guess. (v 5.1.10 has been around for 90 days, already; you'd think that Qualys would have either adjusted or compensated for it by now.)

Thank you all for your comments, I will watch, wait, and update you, if I ever hear from Qualys.
Kate

Version numbers are stored internally as a sequence of four bytes, and displayed as a string by expanding each byte to a decimal number and putting periods between them, similar to the way IPv4 addresses are formatted. (The fourth byte of a version number is a little different. Instead of representing a number, it encodes whether this is a developer/alpha/beta/release version. Instead of formatting it as a period followed by a decimal number, it's formatted as a trailing d, a, b, or nothing, respectively.)

A common mistake when comparing version numbers is to compare their display strings as strings instead of comparing the underlying bytes. Thus x.y.10 seems to be an earlier version than x.y.9, because the character '9' is less than the character '1' and a string compare stops looking once it finds characters that don't match. Comparing correctly as a sequence of bytes, the number 9 comes before the number 10, giving the opposite result.

A similar problem occurs when x.y.z is thought to be an earlier version of x.y.zb, even though the underlying bytes make it clear that a production version is newer than a beta version with the otherwise identical version number.

(Did you really mean to say "the character '9' is less than the character '1'"?)

Thanks for explaining the nuts and bolts of how the .9/.10 thing works or, as the case may be, doesn't work; I always find the inner workings of OS X fascinating.

Unfortunately, though, I'm not sure which question or comment you were responding to. (If you were explaining why the Qualys software thinks 5.1.10 is "insecure" 5.1.9 I didn't follow at all.)