Skip to content

Latest commit

 

History

History
92 lines (62 loc) · 4.09 KB

File metadata and controls

92 lines (62 loc) · 4.09 KB

Plan 0075 — GAR-529: tauri 2.10.3 → 2.11.1 (ACL enforcement for remote origins)

Linear issue: GAR-529 — "tauri 2.10.3 → 2.11.1 security upgrade (ACL enforcement for remote origins)"

Status: ✅ Merged — PR #177 (ba76287), 2026-05-07 (Florida).

Goal: Bump tauri from 2.10.3 to 2.11.1 in garraia-desktop to pick up the ACL enforcement security fix for remote origins without AppManifest. Dependabot PR #173 already implemented this change with all 18 CI checks green; this plan absorbs it on a health/ branch per health-routine protocol.

Architecture: Lockfile-only bump (Cargo.lock). No Cargo.toml edits required — tauri is a direct dependency only in crates/garraia-desktop/src-tauri/Cargo.toml but Cargo resolves the updated version through cargo update. The workspace CI excludes garraia-desktop from clippy/build steps, but the lockfile consistency check still validates the update.

Tech stack: Rust / Cargo lockfile. No application code changes.

Design invariants:

  1. Cargo.toml is not modified — the lockfile bump suffices.
  2. cargo-audit and cargo-deny must remain green after the bump.
  3. No other packages are updated by this PR beyond tauri and its pinned transitive deps.

Security surface: tauri ACL enforcement bug — remote web origins in Tauri apps could bypass ACL restrictions when AppManifest is absent. This allows unauthorized invocation of Tauri IPC commands from untrusted web content. Severity: High (privilege escalation in desktop WebView context).

Out of scope:

  • RUSTSEC-2024-0413 (atk unmaintained via GTK3 bindings) — warning only, no actionable fix available; tracked under GAR-437/Q7b carve-outs.
  • Any code changes in garraia-desktop beyond the lockfile.
  • Other tauri plugin upgrades.

Rollback: git revert the lockfile commit is fully sufficient.


§12 Open questions

# Question Decision
1 Does the ACL fix require any capabilities/ config changes? No — the fix is in tauri core; existing ACL config is correctly applied after the fix.

File Structure

Cargo.lock                                  ← tauri 2.10.3 → 2.11.1 bump
plans/0075-gar-529-tauri-2.11.1-acl-enforcement.md   ← this file
plans/0073-gar-527-openssl-0.10.79.md       ← status update: ⏳ → ✅
plans/README.md                             ← add row 0075

Tasks

  • T1: Create health/202505062050-tauri-2.11.1-acl branch from main
  • T2: Create this plan file + update plans/README.md row + update plan 0073 status + commit docs(plans): add plan 0075 for GAR-529 tauri 2.11.1 ACL fix
  • T3: Run cargo update -p tauri --precise 2.11.1; verify only tauri-family crates change via git diff Cargo.lock
  • T4: Commit fix(deps): GAR-529 — bump tauri 2.10.3→2.11.1 (ACL enforcement for remote origins)
  • T5: Push + open PR via GitHub MCP; poll CI until all 18 checks green; squash-merge
  • T6: Close Dependabot PR #173 (superseded by this PR)
  • T7: Mark GAR-529 Done in Linear

Risk register

Risk Likelihood Mitigation
tauri 2.11.1 pulls in incompatible transitive dep Low CI Build Check covers it; dependabot PR #173 already proved green
cargo-deny new advisory entry for tauri 2.11.1 Very Low Security Audit check in CI catches this

Acceptance criteria

  1. tauri = "2.11.1" (or higher) appears in Cargo.lock.
  2. All 18 CI checks pass (Format, Clippy, Test×3, Build, MSRV, cargo-deny, Security Audit, Coverage, Analyze rust, Analyze js-ts, Playwright, E2E, Secret Scan, Dependency Review, Quality Ratchet).
  3. PR squash-merged to main.
  4. Dependabot PR #173 closed.
  5. GAR-529 marked Done in Linear.

Cross-references

  • Dependabot PR #173: #173
  • GAR-527 (openssl fix, plan 0073): complete predecessor in this security series
  • GAR-486 (Green Security Baseline umbrella)
  • ROADMAP.md §1.5 — security baseline

Estimativa

  • T3–T4: 5 min (lockfile-only change)
  • T5: 25 min (CI wait)
  • Total: ~30 min