Zed Moves Toward Secure-by-Default: Introducing Worktree Trust
a day ago
- #security
- #supply-chain
- #developer-tools
- Introduction of a worktree trust mechanism in Zed to enhance developer and supply chain security.
- Secure-by-default principle adopted to make Zed resilient against threats without additional configuration.
- Recent vulnerabilities (CVE-2025-68432 and CVE-2025-68433) highlighted risks of automatic code execution in Zed.
- New Restricted Mode in Zed prevents automatic execution of potentially malicious code without user consent.
- Users can manually trust worktrees, with options to trust specific projects or all subdirectories.
- Option to configure Zed to automatically trust all worktrees, though not recommended for most users.
- Security enhancements aim to balance protection with minimal workflow disruption.
- Future plans include further security improvements while maintaining a focus on developer experience.
- Worktree trust mechanism available in Zed preview release v0.218.2-pre, with stable release expected soon.