electerm

v3.9.15 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 21d CLI & Terminal

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

ai electerm electron file-manager ftp linux-app

+12 more

macos-app mcp rdp serialport sftp spice ssh telnet cli vnc windows-app zmodem

Affected surfaces

crypto_tls

ReleasePort's take

Light signal

editorial:auto 13d

Electerm v3.9.15 upgrades encryption to AES-256-GCM and restricts the renderer process to a safe environment.

Why it matters: Patch immediately if handling sensitive data; the security updates address encryption weaknesses and sandboxing flaws in versions prior to v3.9.15.

Summary

AI summary

Encryption updated to AES-256-GCM and renderer process now receives only a safe environment set.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Update encryption to use AES-256-GCM and improved format handling. Update encryption to use AES-256-GCM and improved format handling. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Only expose a safe environment to the renderer process. Only expose a safe environment to the renderer process. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Enhance custom editor functionality with auto-open. Enhance custom editor functionality with auto-open. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Improve terminal password prompt handling and show status in tab title. Improve terminal password prompt handling and show status in tab title. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Improve tab UI — more obvious feed icon. Improve tab UI — more obvious feed icon. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Bugfix
Bugfix	Medium	Update password hint format to include port if available. Update password hint format to include port if available. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Scroll reset logic fixed on file list update. Scroll reset logic fixed on file list update. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Bookmark matching now includes description in search. Bookmark matching now includes description in search. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Bookmark item updates live after edit. Bookmark item updates live after edit. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

UI/Feature updates

UI: Improve tab UI — more obvious feed icon.
New: Enhance custom editor functionality with auto-open.
New: Improve terminal password prompt handling and show status in tab title.

Bug fixes

Fix: update password hint format to include port if available.
Fix: scroll reset logic on file list update.
Fix: bookmark matching now includes description in search.
Fix: bookmark item now updates live after edit.

Security

Update encryption to use AES-256-GCM and improved format handling.
Only expose a safe environment to the renderer process.

界面/功能更新

界面：改进标签 UI，突出显示订阅图标。
新增：增强自定义编辑器功能，支持自动打开。
新增：改进终端密码提示处理，并在标签标题显示状态反馈。

Bug 修复

修复：密码提示格式，必要时包含端口信息。
修复：文件列表更新时滚动重置问题。
修复：书签匹配现在包含描述字段的搜索。
修复：编辑后书签项不能实时更新的问题。

安全

将加密更新为 AES-256-GCM 并改进格式处理。
仅向渲染进程暴露安全环境变量集。

Download下载: https://electerm.html5beta.com

Security Fixes

Encryption upgraded to AES-256-GCM with improved format handling
Renderer process now exposed only a safe environment variable set

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track electerm

Get notified when new releases ship.

About electerm

Terminal/ssh/sftp/ftp/telnet/serialport/RDP/VNC/Spice client(linux, mac, win)

All releases →

Related context

Related tools

Earlier breaking changes

v3.11.0 Deprecates permissive CORS on MCP server; adds optional API key authentication.