Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@ DevEnv Manager 解决的是 Windows 上多个开发生态互相影响的问题

## 1.5.2 Patch Release

1.5.2 是质量与安全补丁版,集中修复更新清单兼容、高危操作后端确认、端口 process-first 识别、MySQL 修复证据与备份 manifest、rootDir 与受管目录保护、仓库卫生、CI 和 Tauri CSP。
1.5.2 是后台安全与发布状态收口版,集中修复更新清单兼容、高危操作后端确认、部分端口 process-first 识别、MySQL 备份 manifest、rootDir 与受管目录保护、仓库卫生、CI 和 Tauri CSP。

端口管理界面重做、完整端口识别库、首次启动安全声明、Python/chsrc 恢复闭环、外部运行时安全和扫描体验增强未在 1.5.2 完整落地,计划集中进入 1.5.3 Quality Patch。

## 1.5.1 Final Stable

Expand Down
8 changes: 5 additions & 3 deletions docs/release-v1.5.2.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
# DevEnv Manager v1.5.2

1.5.2 是 Patch Release,重点收口用户反馈与软件工程审查问题,不新增系统管家式大功能。
1.5.2 是 Patch Release,重点收口后台安全、构建、CI、manifest 和部分端口/MySQL 后端防护,不新增系统管家式大功能。

端口管理 UI 重做、完整端口识别库、首次启动安全声明、Python/chsrc 恢复闭环、外部运行时安全和扫描体验增强未在 1.5.2 完整落地,计划集中进入 1.5.3 Quality Patch。

## 修复与增强

- 修复 update-manifest 字段兼容问题:支持 `downloadUrl`,兼容 `download_url`,检查阶段即校验 SHA256 和下载白名单。
- 增加后端 confirmation token:绑定 action、plan、risk、fingerprint、过期时间和一次性使用;MySQL 修复与结束进程已接入。
- 强化 MySQL 修复中心:新增诊断证据、结论分级、备份 manifest 持久化和系统库修复前 manifest 校验。
- 强化端口管理识别:改为 process-first,端口号只作为弱证据,展示置信度、证据数量、冲突证据、风险和建议
- 强化 MySQL 修复后端:新增部分诊断证据、结论分级、备份 manifest 持久化和系统库修复前 manifest 校验。
- 强化端口识别后端:部分改为 process-first,端口号只作为弱证据,并返回置信度、证据数量、冲突证据、风险和建议字段
- 增加 rootDir 保存前校验,并统一去掉 Windows `\\?\\` 展示前缀。
- 收紧 Tauri CSP,拒绝远程脚本。
- 新增 GitHub Actions CI 与仓库卫生门禁。
Expand Down
17 changes: 13 additions & 4 deletions tauri/src-tauri/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,10 @@ use std::io::{self, Read, Write};
use std::net::{IpAddr, Ipv4Addr};
use std::path::{Path, PathBuf};
use std::process::{Command, Stdio};
use std::sync::{Mutex, OnceLock};
use std::sync::{
atomic::{AtomicU64, Ordering},
Mutex, OnceLock,
};
use std::time::Instant;
use tauri::Emitter;
use tempfile::Builder as TempBuilder;
Expand All @@ -27,6 +30,7 @@ use std::os::windows::process::CommandExt;
use winreg::{enums::*, RegKey};

const APP_NAME: &str = "DevEnvManager";
static SAVE_JSON_COUNTER: AtomicU64 = AtomicU64::new(0);
const MANAGED_PATHS: [&str; 8] = [
r"%DEVENV_HOME%\current\jdk\bin",
r"%DEVENV_HOME%\current\python",
Expand Down Expand Up @@ -8560,9 +8564,14 @@ fn save_json<T: Serialize>(path: &Path, value: &T) -> Result<(), String> {
if let Some(parent) = path.parent() {
fs::create_dir_all(parent).map_err(|err| format!("创建目录失败:{err}"))?;
}
let temp = path.with_extension(format!(
"{}.tmp",
path.extension().and_then(OsStr::to_str).unwrap_or("json")
let file_name = path
.file_name()
.and_then(OsStr::to_str)
.unwrap_or("config.json");
let temp = path.with_file_name(format!(
"{file_name}.{}.{}.tmp",
std::process::id(),
SAVE_JSON_COUNTER.fetch_add(1, Ordering::Relaxed)
));
let text = serde_json::to_string_pretty(value).map_err(|err| err.to_string())?;
fs::write(&temp, text).map_err(|err| format!("写入配置失败:{err}"))?;
Expand Down
2 changes: 1 addition & 1 deletion update-manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"version": "1.5.2",
"date": "2026-06-27",
"notes": [
"1.5.2 Patch:修复用户反馈与软件工程审查问题,强化安全边界、端口管理、MySQL 修复、Python/chsrc 可恢复性和质量门禁"
"1.5.2 Patch:收口更新清单、后端高危确认、部分端口 process-first 识别、MySQL 备份凭证、Tauri CSP、CI 与仓库卫生;端口 UI、首次安全声明、Python/chsrc 闭环等用户可见增强将进入 1.5.3。"
],
"downloadUrl": "https://github.com/weidonglang/DevEnv-Manager/releases/download/v1.5.2/DevEnv.Manager_1.5.2_x64-setup.exe",
"sha256": "1244d8888bf1e197fa59131381c4e52a897e94ceec518d743e4fdd9a20224a90"
Expand Down
Loading