github UNITRONIX/BetterDesk v3.2.0
BetterDesk 3.2.0
on GitHub

7 hours ago

BetterDesk 3.2.0 — stable release

Production release 3.2.0 (stable main). Ships via Settings → Updates on the Stable channel, or betterdesk.sh / betterdesk.ps1 option 2. Panel update creates a pre-update backup by default. No database migration or manual SQL step is required.

Security

  • CVE-2026-50575 / GHSA-3v82-3gf8-fxx8 (device replay after delete) — WebSocket signal registration now rejects soft-deleted peer IDs (new registration and heartbeat), matching UDP/TCP. UpdatePeerStatus no longer marks soft-deleted rows ONLINE. Restoration is explicit only via POST /api/peers/{id}/restore or the Devices UI. Requires betterdesk-server update (panel rebuild/redeploy when Go sources change).
  • Dependency updatesgo-ntlmssp 0.1.1 (CVE-2026-32952), golang.org/x/image 0.38.0 (CVE-2026-33809), pgx/v5 5.9.2 in Go modules; openssl 0.10.80 and tauri 2.11.2 in Tauri Cargo.lock (desktop client rebuild required for Rust-side fixes; server/console panel update alone is not enough for desktop).
  • Go API proxy hardening — shared goApiProxy.js validates path segments on fleet, commercialization, and cross-platform routes; ID guards on all proxy routes; blocks path-smuggling while accepting RustDesk peer IDs (a-zA-Z0-9_-).
  • Go API SSRF guardgoApiPath validates relative paths on the betterdeskApi client; policy routes validate org/device IDs; help-request IDs validated before proxying to Go.
  • XSScross-platform.js, users.js, dataguard.js, cdap-studio.js escape/sanitize dynamic HTML and CSS class names.
  • Path confinement — shared safePath for backup deletion, i18n language files, server file browser, fontService, and fileTransferService (symlink-aware root checks). File browser respects BETTERDESK_FILE_ALLOWED_ROOTS.
  • SSRF / shell hardening — OIDC discovery URLs validated before fetch; network monitor HTTP/TCP checks use validated hostname/port/path; terminal proxy restricted to known system shell paths; updateService and deploy helpers use execFileSync argv arrays; linux-ensure-console-user.js uses execFileSync.
  • Clear-text logging — admin password no longer logged on first install; API login logs redact usernames (logRedact.js); admin self-test password cleared after use in authService.
  • Audit logRecent / RecentByAction clamp n to 500 to limit allocation.
  • CIbuild.yml default permissions: contents: read; write only on release/binary-update jobs.

Fixed

  • RBAC — deleting the last super_admin / legacy admin is blocked (HTTP 409), aligned with update/demotion guards; org owner label shown as Org Admin in all 26 locales.
  • Panel update (dev channel) — repair step no longer re-downloads removed web-nodejs/scripts/* paths (404 false failures after dev-only i18n toolkit move).
  • Console update channel UXModal.confirm for channel switch dialog; clearer Stable / Development labels and Docker update UI strings in all locales.
  • Go server deploy (Linux panel) — privileged Go server binary deploy from the Linux panel (hotfix already on main).

Added

  • One-line Linux installer (install.sh)curl -fsSL …/install.sh | sudo bash for automated Docker quick-start (engine install when missing, compose download with validation, relay IP detection, firewall rules, health wait, credential summary). Use --native for git clone + betterdesk.sh --auto, or --uninstall / --purge to tear down the Docker stack.

Changed

  • i18n dev toolkit moved to web-nodejs/scripts/dev-i18n/ — not deployed to production consoles; one-shot patch-* scripts removed (recoverable from git history).
  • Update channel switcher — stable vs development channel selection in Settings → Updates (production servers should stay on Stable).

Upgrade notes (operators)

Topic Action
Native / panel update Settings → Updates → Stable → Check for updates → Install. Allow Go server rebuild/restart when prompted.
Docker Pull new GHCR tags after release (docker compose pull && docker compose up -d); in-app GitHub install is disabled in container mode.
Soft-deleted devices Do not expect deleted peers to self re-register over WebSocket; use Restore in Devices if intentional.
Custom file paths If file browser or font upload breaks, review BETTERDESK_FILE_ALLOWED_ROOTS in console .env.
Desktop client (Tauri) Rebuild/reinstall desktop agent after this release to pick up openssl / tauri lockfile fixes.
Rollback Use the automatic pre-update backup from Settings → Updates, or restore from your own snapshot.

Verify after update

  1. Panel login and dashboard load.
  2. Settings → Updates shows current version; no repair 404 errors.
  3. Devices list and one test remote session.
  4. Optional: delete-user guard — last admin cannot be removed (409).
  5. Docker operators: confirm new image tag on GHCR matches v3.2.0.

What's Changed

Full Changelog: v3.1.0...v3.2.0

Check out latest releases or
releases around UNITRONIX/BetterDesk v3.2.0

Don't miss a new BetterDesk release

NewReleases is sending notifications on new releases.

Get notifications