f883781c1f8c350fe1489456c806db2d75b0f5f2
From the deep-audit wave (reviewer-verified: capability identifiers valid, no removed-crate references, GDI free ordering correct): - Removed 8 never-registered plugins (clipboard-manager, fs, shell, http, process, os, dialog, global-shortcut) from Cargo.toml AND their capability grants (shell:allow-execute, unscoped fs writes, http:default, …) — verified the web never invokes any of them. A latent RCE-class surface is gone. - on_new_window: only http/https/mailto reach the OS opener (file:///custom schemes previously bypassed the opener capability scope entirely). - set_badge_count: freed hdc + hdc_screen on all three GDI error paths (leaked per badge update in a long-running tray app). - 8s reveal failsafe gated by an AtomicBool: no longer re-shows a window the user closed to tray; page-load reveal now fires once only (logout reloads don't re-surface a tray-hidden window); recovery for a missed page-load event preserved. - toast.rs: store pruned on Activated too + capped at 20 (was unbounded). - Startup no longer panics when the bundled icon is missing (tray skipped gracefully); msSmartScreenProtection no longer disabled (throttling disables kept); rust-version corrected to 1.77.2. - release.yml update-manifest: fails on empty signatures (was: could publish a manifest that traps Windows users in a failed-update loop); partial- failure window documented. Deleted the stale upstream tauri.yml workflow. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cinny desktop
Cinny is a matrix client focusing primarily on simple, elegant and secure interface. The desktop app is made with Tauri.
Download
Installers for macOS, Windows and Linux can be downloaded from Github releases. Releases are signed with a Ed25519 public-key.
| Operating System | Download |
|---|---|
| Windows | Get it on Windows |
| macOS | Get it on macOS |
| Linux | Get it on Linux · Flatpak |
Decoded public key:
RWRflTUQD3RHFtn25QNANCmePR9+4LSK89kAKTMEEB4OKpOFpLMgc64z
To verify release files, you need to download minisign tool and decode the .sig file before running:
minisign -Vm RELEASE_FILE.msi.zip -P RWRflTUQD3RHFtn25QNANCmePR9+4LSK89kAKTMEEB4OKpOFpLMgc64z -x SINGATURE.msi.zip.sig
Local development
Firstly, to setup Rust, NodeJS and build tools follow Tauri documentation.
Now, to setup development locally run the following commands:
git clone --recursive https://github.com/cinnyapp/cinny-desktop.gitcd cinny-desktop/cinnynpm cicd ..npm ci
To build the app locally, run:
npm run tauri build
To start local dev server, run:
npm run tauri dev
Languages
Rust
93.3%
JavaScript
4.9%
C
1.8%