github IsmaelMartinez/teams-for-linux v2.5.2
2.5.2
on GitHub

latest release: v2.5.3
pre-release2 days ago

Summary

  • Restored Teams DOM access by disabling Electron contextIsolation and sandbox security features while maintaining nodeIntegration: false
  • Implemented comprehensive security compensating controls including CSP headers and IPC channel validation
  • Added React version detection to monitor for breaking changes in React 19+ timeline
  • Consolidated documentation structure following architectural guidelines
  • Version bump to 2.5.2 following proper release workflow
  • Changed from --webDebug --logConfig='{}' to ELECTRON_ENABLE_LOGGING=true teams-for-linux --logConfig='{}'

Background

Teams for Linux relies on accessing React internals through deprecated APIs (_reactRootContainer, _internalRoot) that will be completely removed in React 19 (expected Q4 2025). To maintain functionality while these APIs still exist, we've restored DOM access by temporarily disabling Electron security isolation features and implementing robust
compensating security controls. Previous attempts to remove DOM access in v2.3.0 highlighted this critical dependency.

Documentation Updates

  • Restructured configuration.md with proper TOC and categorized options (Core, Authentication, Security, etc.)
  • Created development documentation with consolidated research and security architecture
  • Enhanced v2.5.2 release notes to include security and quality improvements
  • Archived planning documents to maintain clean documentation structure

Security Implementation

While contextIsolation and sandbox are disabled for the main Teams window, we've implemented multiple compensating controls:

Content Security Policy headers preventing malicious script injection
IPC channel allowlisting with payload validation and prototype pollution protection
Teams domain validation before DOM access (teams.microsoft.com, teams.live.com only)
Node.js access prevention (nodeIntegration: false maintained)
Screen sharing windows maintain full security isolation (they don't need DOM access)

Testing Performed

✅ ReactHandler successfully accesses Teams React internals
✅ Screen sharing functionality preserved with secure isolation
✅ React version detection working across multiple detection methods
✅ IPC validation preventing unauthorized channel access
✅ Documentation builds successfully in Docusaurus
✅ ESLint validation passes with no errors

Attempts to fix #1789 and #1795

Check out latest releases or
releases around IsmaelMartinez/teams-for-linux v2.5.2

Don't miss a new teams-for-linux release

NewReleases is sending notifications on new releases.

Get notifications