Announcing Flatpak 1.15.8 (development prerelease)
Simon McVittie
smcv at collabora.com
Thu Apr 18 16:57:27 UTC 2024
Available here: https://github.com/flatpak/flatpak/releases/tag/1.15.8
$ sha256sum -b flatpak-1.15.8.tar.xz
e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3 *flatpak-1.15.8.tar.xz
This is a development prerelease for the adventurous, part of the 1.15.x
branch, which will eventually lead to a 1.16.0 stable release. Don't
include this branch in stable OS distributions.
This version has no new features, just the security fix from 1.14.6 and
some other bug fixes.
Security fixes:
* Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
Other bug fixes:
* Pass the -export-dynamic linker option as -Wl,-export-dynamic,
fixing build failures with clang 18 and lld 18 (#5760)
* Fix a double-free when installation is cancelled (#5763)
* Fix installed-tests failure with "FUSERMOUNT: unbound variable"
(#5751)
* Translation updates: pt_BR (#5762), tr (#5761)
--
Simon McVittie, Collabora Ltd. / Debian
on behalf of the Flatpak maintainers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20240418/b73a81b2/attachment.sig>
More information about the Flatpak
mailing list