Announce: Flatpak 1.10.4

Alexander Larsson alexl at redhat.com
Fri Oct 8 11:29:42 UTC 2021


Available at:
   https://github.com/flatpak/flatpak/releases/tag/1.10.4

$ sha256sum flatpak-1.10.4.tar.xz
641f1a62b1b875cc0561ab9bdfd3030071286d6021ae4bac6f80094408f00d1c
flatpak-1.10.4.tar.xz

This release fixes a security vulnerability in the portal
support. Some recently added syscalls were not blocked by the seccomp rules
which allowed the application to create sub-sandboxes which can confuste
the sandboxing verification mechanisms of the portal. This has been
fixed by extending the seccomp rules.
For details, see:
  https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q

Other changes in this version:
* OCI now use the pax tar format which handles large files better than gnutar
* Fix the parental control checks for root

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                Red Hat, Inc
       alexl at redhat.com         alexander.larsson at gmail.com



More information about the Flatpak mailing list