Early this year we shared our new Security page and first independent audit of Obsidian, coinciding with the release of Obsidian 1.5.3. Since then we&

Second audit of Obsidian apps completed by  Cure53

submited by
Style Pass
2024-12-23 19:30:05

Early this year we shared our new Security page and first independent audit of Obsidian, coinciding with the release of Obsidian 1.5.3. Since then we’ve made numerous improvements to  Obsidian.

Continuing our commitment to security and privacy, we asked the Berlin-based security firm Cure53 to perform a second penetration test and source code audit of the Obsidian apps, across all platforms. Special attention was given to hardening the new Web viewer plugin ahead of its first  release.

We were pleased to hear from Cure53 that incremental updates since Obsidian 1.5.3 maintained the highest degree of attention to security. No new vulnerabilities were introduced in public versions of Obsidian. Quoting from the  summary:

The security standing of the Obsidian client component has improved since the previous audit, as evidenced by the identification of only a single rather serious vulnerability, which addresses a new browser webview feature (see  DYL -03-007).

Particular emphasis was placed on hardening the Web viewer plugin during its development process, to ensure it would pass our strict security  standards.

Leave a Comment