Asana desktop app - Security update for WebP vulnerability


Please update your Asana desktop app to the newest version. On September 22, 2023, we updated the Asana desktop app to include a fix to a security vulnerability (CVE-2023-4863). To specifically address this security vulnerability, we removed a dependency on the vulnerable version of WebP, which we inherited transitively through the Electron library.

We have not received any reports and do not have any evidence that this was exploitable or exploited within Asana.

If you still have a vulnerable version of the desktop app, it will automatically prompt you to upgrade. If you are unsure whether you have the update, please download the new version of the app from Download the Asana App for Mobile and Desktop.

We encourage all Asana desktop app users to upgrade to the newest version. You can verify by clicking ‘About Asana’ in the menu bar to confirm the version installed is at least version 2.0.1. You can also quit and reopen the app to trigger the new version check manually. Please reach out to your admin or Asana support if you have any issues updating the application.

Thank you!


Thanks for the transparency

Thank you for this update.

I can’t see ‘About Asana’ in my menu bar - could you please confirm where I can check what version I have installed?

Thank you

Same here Hannah! What is the menu bar you are referring to?

This topic was automatically closed after 2 days. New replies are no longer allowed.