deblan-mirror/wails
1
0
Fork 0
mirror of https://github.com/wailsapp/wails.git synced 2026-03-15 07:05:50 +01:00
Code Issues Projects Releases Packages Wiki Activity
wails/v3/internal
History
Exact
Lea Anthony 330bc4e3de fix(security): prevent command injection in setup wizard 
The handleInstallDependency endpoint was vulnerable to command injection
attacks. User-provided commands were split and executed directly without
validation, allowing attackers to run arbitrary commands.

Changes:
- Add whitelist of allowed commands (package managers only)
- Validate commands against whitelist before execution
- Handle privilege escalation commands (sudo/pkexec/doas) by also
  validating the elevated command
- Reject any command not in the whitelist with a clear error message

The whitelist includes common package managers across platforms:
- Linux: apt, dnf, pacman, zypper, emerge, eopkg, nix-env
- macOS: brew, port
- Windows: winget, choco, scoop

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 06:05:55 +11:00
..
assetserver V3/fix debug logs (#4857) 2026-01-05 08:48:29 +11:00
buildinfo [v3] Late service registration and error handling overhaul (#4066) 2025-02-19 09:27:41 +01:00
capabilities fix(v3): revert goccy/go-json to stdlib encoding/json to fix Windows panic (#4859) 2026-01-05 08:26:35 +11:00
changelog Nightly release action 2025-07-17 06:28:19 +10:00
commands fix(v3): fix macOS mkdir brace expansion when APP_NAME contains spaces (#4850) 2026-01-04 15:48:03 +11:00
dbus [V3-Linux] Systray OnClick on initial icon click (#3907) 2024-11-24 07:46:14 +11:00
debug Run go mod tidy on project creation. Use better method of relative module location. 2023-08-12 14:32:52 +10:00
defaults feat(setup): add global defaults, light/dark mode, and UI improvements 2025-12-07 17:40:53 +11:00
doctor Add desktop environment detection on linux (#4797) 2025-12-15 18:18:48 +11:00
fileexplorer perf(v3): optimize JSON processing and reduce allocations in hot paths (#4843) 2026-01-02 07:03:36 +11:00
flags feat(v3): add cross-platform build system and signing support 2025-12-06 13:53:37 +11:00
generator fix(v3): overhaul drag-and-drop for Linux reliability and simplify Windows implementation (#4848) 2026-01-04 11:08:29 +11:00
github Fix tests 2025-01-20 19:56:03 +11:00
go-common-file-dialog [V3] Windows: fix(application): handle error and type assertion in save file dialog (#4284) 2025-08-04 19:57:53 +10:00
hash [v3] Late service registration and error handling overhaul (#4066) 2025-02-19 09:27:41 +01:00
keychain feat(v3): add cross-platform build system and signing support 2025-12-06 13:53:37 +11:00
libpath feat(linux): add libpath package for finding native library paths (#4847) 2026-01-04 11:59:22 +11:00
operatingsystem feat: Add Android support for Wails v3 2025-11-28 21:06:59 +11:00
packager [V3-Linux] Support for deb,rpm,arch linux packager packaging (#3909) 2024-11-30 13:31:56 +11:00
runtime fix(v3): revert goccy/go-json to stdlib encoding/json to fix Windows panic (#4859) 2026-01-05 08:26:35 +11:00
s Support template generation 2025-01-01 20:58:49 +11:00
service Breaking Change: Service method names 2025-01-16 07:47:23 +11:00
setupwizard fix(security): prevent command injection in setup wizard 2026-01-22 06:05:55 +11:00
signal # Conflicts: 2024-09-18 05:55:49 +10:00
sliceutil perf(v3): optimize JSON processing and reduce allocations in hot paths (#4843) 2026-01-02 07:03:36 +11:00
templates Merge Android support from v3-alpha-feature/android-support 2025-12-10 18:37:24 +11:00
term [v3] Pass build flags to binding generator (#4023) 2025-01-23 10:58:35 +00:00
version chore(v3): bump to v3.0.0-alpha.61 and update changelog [skip ci] 2026-01-20 02:48:15 +00:00