From f58cd2ad47d2b7dc3e5e8430cc9eb048482978f6 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Thu, 7 May 2026 11:04:55 -0500 Subject: [PATCH 1/3] Revert macOS 14 activation logic --- CHANGELOG.md | 8 ++++++++ Nudge/Utilities/Utils.swift | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9820ef9..f9d9b5f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.1.2] - 2026-05-07 +Requires macOS 12.0 and higher. + +### Fixed +- Corrected activation logic when requiredInstallationDate is passed + - Addresses [704](https://github.com/macadmins/nudge/issues/704) + - **Important Note:** macOS 14 introduced `NSApp​.activate()` as a replacement for `NSApp​.activate(ignoring​Other​Apps: true)`, but the new API uses _cooperative_ _activation_ — it only gains focus if the current frontmost app _voluntarily_ _yields_. Chrome (and any other app) never does this, so Nudge ends up sitting just behind it. When Apple removes this API in a future macOS version, Nudge may not be able to gaurantee it launches in front of all applications. + ## [2.1.2] - 2026-03-30 Requires macOS 12.0 and higher. diff --git a/Nudge/Utilities/Utils.swift b/Nudge/Utilities/Utils.swift index 698d1d0d..70255109 100644 --- a/Nudge/Utilities/Utils.swift +++ b/Nudge/Utilities/Utils.swift @@ -38,7 +38,8 @@ struct BlurManager { // Force window to front regardless of space constraints // This will trigger a space switch if needed if #available(macOS 14, *) { - NSApp.activate() + // NSApp.activate() co-operative API that doesn't allow Nudge to properly activate + NSApp.activate(ignoringOtherApps: true) } else { NSApp.activate(ignoringOtherApps: true) } @@ -129,7 +130,8 @@ struct BlurManager { // Ensure main window stays on top and visible mainWindow.makeKeyAndOrderFront(nil) if #available(macOS 14, *) { - NSApp.activate() + // NSApp.activate() co-operative API that doesn't allow Nudge to properly activate + NSApp.activate(ignoringOtherApps: true) } else { NSApp.activate(ignoringOtherApps: true) } @@ -164,7 +166,8 @@ struct AppStateManager { if DateManager().pastRequiredInstallationDate() && OptionalFeatureVariables.aggressiveUserFullScreenExperience { UIUtilities().centerNudge() if #available(macOS 14, *) { - NSApp.activate() + // NSApp.activate() co-operative API that doesn't allow Nudge to properly activate + NSApp.activate(ignoringOtherApps: true) } else { NSApp.activate(ignoringOtherApps: true) } @@ -177,7 +180,8 @@ struct AppStateManager { LogManager.notice("Bypassing activation due to full screen bugs in macOS", logger: uiLog) } else { if #available(macOS 14, *) { - NSApp.activate() + // NSApp.activate() co-operative API that doesn't allow Nudge to properly activate + NSApp.activate(ignoringOtherApps: true) } else { NSApp.activate(ignoringOtherApps: true) } From 6cf3a5f269f60b813bf3aa85a436cd6501332054 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Thu, 7 May 2026 11:05:04 -0500 Subject: [PATCH 2/3] bump version to 2.1.3 --- Nudge.xcodeproj/project.pbxproj | 2 +- Nudge/Info.plist | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Nudge.xcodeproj/project.pbxproj b/Nudge.xcodeproj/project.pbxproj index 152f2f69..1bead105 100644 --- a/Nudge.xcodeproj/project.pbxproj +++ b/Nudge.xcodeproj/project.pbxproj @@ -737,7 +737,7 @@ "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 12.0; - MARKETING_VERSION = 2.1.2; + MARKETING_VERSION = 2.1.3; PRODUCT_BUNDLE_IDENTIFIER = com.github.macadmins.Nudge; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = ""; diff --git a/Nudge/Info.plist b/Nudge/Info.plist index 13187c79..e2e82a70 100644 --- a/Nudge/Info.plist +++ b/Nudge/Info.plist @@ -15,9 +15,9 @@ CFBundlePackageType $(PRODUCT_BUNDLE_PACKAGE_TYPE) CFBundleShortVersionString - 2.1.2 + 2.1.3 CFBundleVersion - 2.1.2 + 2.1.3 LSApplicationCategoryType public.app-category.utilities LSMinimumSystemVersion From 63776aaa4134bfd15205cd05dc1c24d2b355bc79 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Thu, 7 May 2026 11:21:27 -0500 Subject: [PATCH 3/3] try to address CVE logic again --- CHANGELOG.md | 2 ++ Nudge/UI/Main.swift | 13 ++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9d9b5f9..5747c43b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ Requires macOS 12.0 and higher. - Corrected activation logic when requiredInstallationDate is passed - Addresses [704](https://github.com/macadmins/nudge/issues/704) - **Important Note:** macOS 14 introduced `NSApp​.activate()` as a replacement for `NSApp​.activate(ignoring​Other​Apps: true)`, but the new API uses _cooperative_ _activation_ — it only gains focus if the current frontmost app _voluntarily_ _yields_. Chrome (and any other app) never does this, so Nudge ends up sitting just behind it. When Apple removes this API in a future macOS version, Nudge may not be able to gaurantee it launches in front of all applications. +- Added more logic in counting of CVEs + - Potentially Addresses [703](https://github.com/macadmins/nudge/issues/703), a continuation of [650](https://github.com/macadmins/nudge/issues/650) ## [2.1.2] - 2026-03-30 Requires macOS 12.0 and higher. diff --git a/Nudge/UI/Main.swift b/Nudge/UI/Main.swift index 73e9e83f..dbd18814 100644 --- a/Nudge/UI/Main.swift +++ b/Nudge/UI/Main.swift @@ -317,18 +317,22 @@ class AppDelegate: NSObject, NSApplicationDelegate { LogManager.notice("Assessing macOS version range for active exploits (cross major version): \(versionsToCheck) ", logger: sofaLog) } - // Count actively exploited CVEs in the appropriate filtered versions + // Count CVEs in the appropriate filtered versions + var totalAnyCVEsInRange = 0 for osVersion in macOSSOFAAssets { if versionsToCheck.contains(osVersion.latest.productVersion) { totalActivelyExploitedCVEs += osVersion.latest.activelyExploitedCVEs.count + totalAnyCVEsInRange += osVersion.latest.cves.count } for securityRelease in osVersion.securityReleases { if versionsToCheck.contains(securityRelease.productVersion) { totalActivelyExploitedCVEs += securityRelease.activelyExploitedCVEs.count + totalAnyCVEsInRange += securityRelease.cves.count } } } let activelyExploitedCVEs = totalActivelyExploitedCVEs > 0 + let anyCVEsInRange = totalAnyCVEsInRange > 0 let presentCVEs = selectedOS!.cves.count > 0 let slaExtension: TimeInterval @@ -367,10 +371,9 @@ class AppDelegate: NSObject, NSApplicationDelegate { // Check if we should disable Nudge for standard installs // Exit only if: // 1. disableNudgeForStandardInstalls is enabled - // 2. Target OS has no CVEs - // 3. No actively exploited CVEs exist in intermediate versions (respects minorVersionRecalculationThreshold) - if OptionalFeatureVariables.disableNudgeForStandardInstalls && !presentCVEs && !activelyExploitedCVEs { - LogManager.notice("No known CVEs for \(selectedOS!.productVersion), no actively exploited CVEs in intermediate versions, and disableNudgeForStandardInstalls is set to true", logger: sofaLog) + // 2. No CVEs exist anywhere in the update path (including non-actively exploited CVEs in intermediate versions) + if OptionalFeatureVariables.disableNudgeForStandardInstalls && !anyCVEsInRange { + LogManager.notice("No known CVEs in version range up to \(selectedOS!.productVersion), and disableNudgeForStandardInstalls is set to true", logger: sofaLog) AppStateManager().exitNudge() } LogManager.notice("SOFA Actively Exploited CVEs (across version range): \(activelyExploitedCVEs)", logger: sofaLog)