You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/ISSUE_TEMPLATE/bug_report.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ labels: bug
6
6
7
7
## Environment
8
8
9
-
- NoSuckShell version (or commit), e.g. `0.3.6-beta.1` or `git rev-parse HEAD`:
9
+
- NoSuckShell version (or commit), e.g. `0.3.6` or `git rev-parse HEAD`:
10
10
- OS / distro (e.g. CachyOS, macOS 14, Windows 11):
11
11
- If Linux WebKit issues: Wayland sessions set `WEBKIT_DISABLE_DMABUF_RENDERER` by default when unset; did you try setting or unsetting it explicitly? (yes/no / N/A)
GitHub releases are created by pushing a SemVer tag. Full checklist: [docs/releases.md](docs/releases.md). User-facing history: [docs/CHANGELOG.md](docs/CHANGELOG.md).
**Current pre-release:**[`v0.3.6-beta.1`](https://github.com/d0dg3r/NoSuckShell/releases/tag/v0.3.6-beta.1) — Linux terminal input latency improvements (see [CHANGELOG](docs/CHANGELOG.md)).
194
+
**Current stable:**[`v0.3.6`](https://github.com/d0dg3r/NoSuckShell/releases/tag/v0.3.6) — first store-ready cut of the `0.3.x` line (see [CHANGELOG](docs/CHANGELOG.md)).
195
195
196
196
**Before tagging**, use the same version string in:
197
197
@@ -202,8 +202,8 @@ GitHub releases are created by pushing a SemVer tag. Full checklist: [docs/relea
202
202
The [release workflow](.github/workflows/release.yml) still overwrites those files from the tag at build time; keeping them aligned locally avoids drift while developing.
203
203
204
204
```bash
205
-
git tag v0.2.1
206
-
git push origin v0.2.1
205
+
git tag v0.3.6
206
+
git push origin v0.3.6
207
207
```
208
208
209
209
If the workflow rejects the tag, use `vMAJOR.MINOR.PATCH` or `vMAJOR.MINOR.PATCH-prerelease` (example: `v2.0.0` or `v2.0.0-rc.1`).
Copy file name to clipboardExpand all lines: SECURITY.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -84,7 +84,7 @@ The app may process **highly sensitive** data. You should:
84
84
85
85
## Technical notes (transparency)
86
86
87
-
- Tauri config currently sets**`csp: null`** for the webview — this affects **Content Security Policy** for the embedded frontend. Consult the [Tauri documentation](https://v2.tauri.app/)and the source when assessing impact.
87
+
-The Tauri webview enforces a**Content Security Policy** (see `app.security.csp` in [`apps/desktop/src-tauri/tauri.conf.json`](apps/desktop/src-tauri/tauri.conf.json)). It blocks inline scripts, restricts `object-src` to `'none'`, and limits `base-uri`/`form-action` to `'self'`. It still allows arbitrary `https:`/`http:` for `frame-src`/`img-src`/`connect-src` because the app embeds Proxmox Web UIs and connects to user-configured Proxmox WebSocket consoles (often via self-signed TLS). React's inline `style={{...}}` props require `style-src 'unsafe-inline'`. Tightening these to the minimum set per session is tracked as a follow-up.
88
88
-**Dependencies** (Rust, npm) have their own security posture; staying current and running `cargo audit` / `npm audit` is part of responsible use.
0 commit comments