Yes, there's almost a new critical patch every few weeks or so now.
Has the Electron team reached out for a professional security audit yet? It would really boost user's confidence in using it since so many different crypto wallets rely on it now.
Stuff like this is too trivial to justify:
https://github.com/spesmilo/electrum/issues/3374 class RequestHandler(SimpleJSONRPCRequestHandler):
def do_OPTIONS(self):
self.send_response(200)
self.end_headers()
def end_headers(self):
self.send_header("Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept")
self.send_header("Access-Control-Allow-Origin", "*")
SimpleJSONRPCRequestHandler.end_headers(self)
Allowing * is almost always a no-no.