Linear issue: GAR-529 — "tauri 2.10.3 → 2.11.1 security upgrade (ACL enforcement for remote origins)"
Status: ✅ Merged — PR #177 (ba76287), 2026-05-07 (Florida).
Goal: Bump tauri from 2.10.3 to 2.11.1 in garraia-desktop to pick up the ACL enforcement security fix for remote origins without AppManifest. Dependabot PR #173 already implemented this change with all 18 CI checks green; this plan absorbs it on a health/ branch per health-routine protocol.
Architecture: Lockfile-only bump (Cargo.lock). No Cargo.toml edits required — tauri is a direct dependency only in crates/garraia-desktop/src-tauri/Cargo.toml but Cargo resolves the updated version through cargo update. The workspace CI excludes garraia-desktop from clippy/build steps, but the lockfile consistency check still validates the update.
Tech stack: Rust / Cargo lockfile. No application code changes.
Design invariants:
Cargo.tomlis not modified — the lockfile bump suffices.cargo-auditandcargo-denymust remain green after the bump.- No other packages are updated by this PR beyond
tauriand its pinned transitive deps.
Security surface: tauri ACL enforcement bug — remote web origins in Tauri apps could bypass ACL restrictions when AppManifest is absent. This allows unauthorized invocation of Tauri IPC commands from untrusted web content. Severity: High (privilege escalation in desktop WebView context).
Out of scope:
- RUSTSEC-2024-0413 (
atkunmaintained via GTK3 bindings) — warning only, no actionable fix available; tracked under GAR-437/Q7b carve-outs. - Any code changes in
garraia-desktopbeyond the lockfile. - Other tauri plugin upgrades.
Rollback: git revert the lockfile commit is fully sufficient.
| # | Question | Decision |
|---|---|---|
| 1 | Does the ACL fix require any capabilities/ config changes? |
No — the fix is in tauri core; existing ACL config is correctly applied after the fix. |
Cargo.lock ← tauri 2.10.3 → 2.11.1 bump
plans/0075-gar-529-tauri-2.11.1-acl-enforcement.md ← this file
plans/0073-gar-527-openssl-0.10.79.md ← status update: ⏳ → ✅
plans/README.md ← add row 0075
- T1: Create
health/202505062050-tauri-2.11.1-aclbranch from main - T2: Create this plan file + update plans/README.md row + update plan 0073 status + commit
docs(plans): add plan 0075 for GAR-529 tauri 2.11.1 ACL fix - T3: Run
cargo update -p tauri --precise 2.11.1; verify only tauri-family crates change viagit diff Cargo.lock - T4: Commit
fix(deps): GAR-529 — bump tauri 2.10.3→2.11.1 (ACL enforcement for remote origins) - T5: Push + open PR via GitHub MCP; poll CI until all 18 checks green; squash-merge
- T6: Close Dependabot PR #173 (superseded by this PR)
- T7: Mark GAR-529 Done in Linear
| Risk | Likelihood | Mitigation |
|---|---|---|
| tauri 2.11.1 pulls in incompatible transitive dep | Low | CI Build Check covers it; dependabot PR #173 already proved green |
cargo-deny new advisory entry for tauri 2.11.1 |
Very Low | Security Audit check in CI catches this |
tauri = "2.11.1"(or higher) appears inCargo.lock.- All 18 CI checks pass (Format, Clippy, Test×3, Build, MSRV, cargo-deny, Security Audit, Coverage, Analyze rust, Analyze js-ts, Playwright, E2E, Secret Scan, Dependency Review, Quality Ratchet).
- PR squash-merged to main.
- Dependabot PR #173 closed.
- GAR-529 marked Done in Linear.
- Dependabot PR #173: #173
- GAR-527 (openssl fix, plan 0073): complete predecessor in this security series
- GAR-486 (Green Security Baseline umbrella)
- ROADMAP.md §1.5 — security baseline
- T3–T4: 5 min (lockfile-only change)
- T5: 25 min (CI wait)
- Total: ~30 min