Impact
The 1.4.0 release includes a regression on the filesystem scope check for dotfiles on Linux and macOS.
Previously dotfiles (eg. $HOME/.ssh/) were not implicitly allowed by the glob wildcard scopes (eg. $HOME/*), but a regression was introduced when a configuration option for this behavior was implemented and dotfiles were implicitly allowed.
Only Tauri applications using wildcard scopes in the fs endpoint are affected.
Only macOS and Linux systems are affected.
Patches
The regression has been patched on v1.4.1.
Workarounds
There are no known workarounds at this time, users should update to v1.4.1 immediately.
References
See the original advisory for more information.
For more Information
If you have any questions or comments about this advisory:
Open an issue in tauri
Email us at security@tauri.app
References
tillmann-crabnebula Reporter
chip-crabnebula Reporter
Impact
The 1.4.0 release includes a regression on the filesystem scope check for dotfiles on Linux and macOS.
Previously dotfiles (eg.
$HOME/.ssh/) were not implicitly allowed by the glob wildcard scopes (eg.$HOME/*), but a regression was introduced when a configuration option for this behavior was implemented and dotfiles were implicitly allowed.Only Tauri applications using wildcard scopes in the
fsendpoint are affected.Only macOS and Linux systems are affected.
Patches
The regression has been patched on
v1.4.1.Workarounds
There are no known workarounds at this time, users should update to
v1.4.1immediately.References
See the original advisory for more information.
For more Information
If you have any questions or comments about this advisory:
Open an issue in tauri
Email us at security@tauri.app
References