Announcing Tauri 1.4.0
The Tauri team is excited to announce the 1.4 release. This version includes several new features and important bug fixes such as CLI completions, unit testing capabilities and Windows installer improvements.
Make sure to update both NPM and Cargo dependencies to the 1.4.0 release. You can update the dependencies with:
npm install @tauri-apps/cli@latest @tauri-apps/api@latest
yarn upgrade @tauri-apps/cli @tauri-apps/api --latest
pnpm update @tauri-apps/cli @tauri-apps/api --latest
The Tauri CLI now can generate shell completions for Bash, Zsh, PowerShell and Fish. See the documentation for more information.
The window’s maximize, minimize and close buttons now can be disabled via configuration or API calls. Check out
set_closable for the Rust APIs and
The 1.4.0 release includes several NSIS bundle enhancements:
- Custom language files
- Custom installer template (.nsi file)
- Support for the dutch, japanese, korean, persian, swedish and turkish languages
- If your application is installed via WiX, the installer will prompt the user to uninstall it
- Improved support to updater install modes
Tauri 1.4 still has a minimum supported Rust version of 1.60, but due to some dependency incompatibility issues we are no longer pinning the patch version of the
winnow crates. If you are still using Rust 1.60, you will need to pin these versions manually with cargo update.
tauri crate now exposes the
test module under the
test Cargo feature. This module is still unstable but allows you to unit test your application by creating a
tauri::App instance that can execute without spawning windows. See the documentation for more information and examples.
Starting on v1.4.0, our changelog format has been improved. Check out the entire list of changes:
The internal1 audit was performed by Tillmann @tillmann-crabnebula and Chip @chip-crabnebula, who are also involved in security topics at the project under their private handles (@tweidinger and @chippers).
It was performed during paid time at CrabNebula Ltd. and we are grateful to be able to spend parts of our work time contributing to the open source project and making it a more secure environment :heart:.
For this release we manually audited a selection of PRs instead of all PRs coming into the release. The new approach means the reviewers and developers need to decide on their own if a PR is introducing any security relevant change. A review can be triggered by anyone involved in the change, by adding a label to the PR.
For the first time we also audited after the official release due to time constraints. This resulted in a security patch release, fixing the only impactful issue (CVE-2023-34460) discovered during auditing. In general this release was more focused on fixing and improving the NSIS features and introduced less new features and security relevant changes.
It is internal in the sense that we are also involved in the project itself but performed with the help of an external entity. Calling it external security audit would create false impressions. ↩