Tauri officially released version 1.3.0 today .
Tauri is a desktop UI framework that allows developers to use each platform's Webview technology stack to build applications for all major desktop operating systems, and currently supports platforms such as Windows/macOS/Linux. Through Tauri, developers can use almost any front-end framework compiled to HTML, JS and CSS to build desktop UI.
The Tauri core library is written in Rust. The backend of an application developed using Tauri is a Rust-based binary file with an API that the frontend can interact with, and the backend interface is called through JS Api.
New release changes include security improvements, the introduction of new features, and important bug fixes.
- Introducing NSIS
Tauri CLI can now use NSIS to create Windows application installers. This new bundle target is currently available on macOS and Linux as an experimental feature, so developers can cross-compile Windows installers. Documentation for NSIS will be published soon.
- External API access
According to the development team, this is the most impactful and time-consuming PR to date. This PR introduces a simplified way for applications to allow external domains to access the Tauri IPC layer, and uses a security model that primarily affects Tauri applications. The security impact depends on the features exposed, the Tauri commands enabled, and the capabilities of the adversary.
They liken the new feature to driving a very fast race car without any safety features enabled, and urge developers to consider very, very carefully whether they really need this exposure.
- Browser Arguments
Since some webview features are not enabled or accessible, the community introduced the possibility to add extra parameters to the webview process, which is created in a new window.
This functionality window is exposed to the frontend in an endpoint. The development team found this risk of exposure high because most webviews have very influential features and flags that allow authorization via process parameters.