Suggest updating the download source URL. The CDN URL (portswigger-cdn.net) seems unreliable. The official URL works correctly:
-source=("${pkgname}-${pkgver}.jar::https://portswigger-cdn.net/burp/releases/download?product=community&version=${pkgver}&type=Jar"
+source=("${pkgname}-${pkgver}.jar::https://portswigger.net/burp/releases/download?product=desktop&version=${pkgver}&type=Jar"
Also updated sha256sum for 2026.4.1:
sha256sums=('c1f89a64f0904ac4fa08ece90fb876fbe46eb9ad8f2e2b4bd96bea3005a3a9ad'
Hey,
The latest build of this package is broken. The downloaded file hashes dont match and its not even a jar file. I think they changed something upstream. I debugged it and found doing the following fixes it. I am not sure how you automate the ci/cd. I'd make a pr but unsure if i permissions for that.
Thanks for maintaining the package :)
diff --git a/PKGBUILD b/PKGBUILD
index 1e4a32d..4da9a63 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@
# Contributor: kageurufu
pkgname=burpsuite
-pkgver=2026.4.1
+pkgver=2026.3.3
pkgrel=1
pkgdesc="An integrated platform for performing security testing of web applications (free edition)"
url="https://portswigger.net/burp/"
@@ -18,12 +18,12 @@ noextract=("${pkgname}-${pkgver}.jar")
# Alternative faster source from CDN,
# From line 422 (might change), view-source:https://portswigger.net/burp/releases <input id="CdnBaseUrl" name="CdnBaseUrl" type="hidden" value="https://portswigger-cdn.net">
# Fixes #1 on aur-burpsuite
-source=("${pkgname}-${pkgver}.jar::https://portswigger-cdn.net/burp/releases/download?product=community&version=${pkgver}&type=Jar"
+source=("${pkgname}-${pkgver}.jar::https://portswigger.net/burp/releases/download?product=community&version=${pkgver}&type=Jar"
LICENSE
burpsuite.desktop
icon64.png)
install=burpsuite.install
-sha256sums=('54ba99b834d1b0366530df61e7a327422ce85a06a514716004e9124b2b2802a0'
+sha256sums=('46b60895b2488bc76911795c53a85ae2ef2f5d6ff734b6ec6f5dd616b2b99875'
'a1146672de7084a1cddc5b7dab4d18b3530c194bd6e45a2b0ac04b579751ca30'
'950c61d7ce1257c21a4152abebb8da320d0206ceb59247d6c912903d1ed39fc8'
'd31232a7dbdab9d5723f12aa25c52d13fd46ef2e8837a85fb9a08c3a7f151541')
Hi @iyanmv
The release should be stable now, someone has made a PR to improve the stability, I apologize for the non-consistent behavior so far.
The release should always be on the latest early-adopter now, hopefully.
Hi @MrColdboot,
I just saw your comment, sorry for the delay
Any PR onto the current automation work would be gladly welcome if you're able to improve and stabilize the versioning, AFAIK this package should always follow Early Adopter.
The Stable version creeping up is due to the way I get the latest version, there might be some tweaks that could fix it (more grep/sed).
Regarding the Update to vX.X.X commit message, I wanted to add the version number but I failed and then I left it as it is currently.
Unfortunately I'm no longer using ArchLinux but I can review and merge improvements PR, they are more than welcome.
I'd be willing to help if you don't have the time.
You seem to be going back and forth between the Stable and Early Adopter versions, breaking the package updates. Also, the package version in PKGBUILD doesn't always match the version actually installed. For example, the version I currently have built is reported 2025.5(-1), but the burpsuite version is 2025.5.1.
Aside from that, the commit messages are just a long list of Update to, with no version or other information.
Can we decide on whether this is going to follow the stable or early adopter releases and fix some of these issues?
And you have done it again... "upgrade" from 2025.5.1-1 to 2025.4.4-1 without any explanation or epoch bump. If by mistake you update the PKGBUILD to an early adopter release and you want to go back the stable series, simply increase the epoch.
You should not downgrade the pkgver (2025.2.1-1 -> 2025.1.3-1) without increasing epoch.