Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the Vite guide to showcase how to use Tauri together with Vite. Copying the following snippet envPrefix: ['VITE_', …