Not that much has changed since the last audit. In fact there have only been minor version bumps, going from 1.2.6 to 1.2.16. I diffed the changes and revisited a few interesting parts. Changes from 1.2.6 ��������� 1.2.16: - minor refactoring - bug fixes - added GTK4 support Observations: - The D-Bus interface is still only accessible by root. - IKEv1 with SHA-1 is deprecated and it may be considered questionable to still include as an option in a modern VPN tool. Nevertheless this isn't a problem of this plugin but, if anything, a problem of the underlying software stack. It would be nice if the UI warned against outdated configurations. - `import_from_file`: the parser has been rewritten and now utilizes an error-prone string handling style, but a) it's done correctly, as long as no subsequent maintainer screws up, b) as of now the worst than can happen are out-of-bounds reads in an unprivileged user context. OK. - `export_to_file` still uses mode (masked) 666 for exported VPN configurations. Not super nice, but not a security vulnerability. The exported config does NOT include plaintext passwords. Good! Conclusion: NetworkManager, especially in combination with plugins like this one, is a complex beast and oversights can't be ruled out. I did not observe any obvious security issues. The coding style is mostly of high quality with numerous checks for error conditions. Subprocess invocation is implemented carefully. Its input parsers are sane too. Maybe deprecated modes should include warnings in the UI, but that's a matter of taste, not a bug. I will proceed with the whitelisting.