Skip to content

Releases: flatpak/flatpak

1.16.1

11 May 02:40
1.16.1
Compare
Choose a tag to compare

Enhancements:

  • When using parental controls, allow a child account to update existing apps by default, to ensure that security and bugfix updates can be installed. This can be overridden by setting polkit policy rules for the new org.freedesktop.Flatpak.override-parental-controls-update action if necessary. (#5552)
  • Make systemd scopes easier to match to Flatpak app instances, by using the instance ID instead of the top-level process ID in the scope name (#6015)
  • Access to --device=dri now includes /dev/udmabuf (#6158)
  • Improve the error message for an invalid parameter to flatpak-spawn --sandbox-a11y-own-name (#6048)
  • Speed up flatpak prune --dry-run by not calculating potential freed space and avoiding operations that would need to hold a lock (#5813, #6121)
  • Speed up flatpak permission-reset by only writing entries that have actually changed (#5772)
  • Documentation improvements (#4859, #6066, #6134)
  • Look for TLS certificates at /etc/containers/certs.d when interacting with OCI registries (#5916)
  • Translation updates: bg (#6120), ka (#6176), pl (#6106), pt_BR (#6076, #6188), ro (#6139), ru (#6145), sl (#6054), sv (#6193), tr (#6109)
    This is the first bugfix release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.

Bug fixes:

  • Fix intermittent flatpak-portal crashes by avoiding unnecessary multi-threading (#5605)
  • Don't show a confusing confirmation prompt when flatpak remove --unused removes autoprune-unless extensions that are no longer needed, such as older Nvidia drivers (#5712, #2718)
  • Don't propagate $PYTHONPYCACHEPREFIX from host into sandbox (#6110)
  • Don't propagate $WAYLAND_DISPLAY, $WAYLAND_SOCKET from host into sandbox if access to the Wayland socket has been denied (#3948)
  • When discovering the AT-SPI bus, treat $AT_SPI_BUS_ADDRESS as higher-priority than GetAddress(), more closely matching the behaviour of AT-SPI itself (#6173)
  • Fix a memory leak when installing extra-data (#6069)
  • Don't show fatal transaction errors twice (#3400)
  • Fix the build with -Ddefault_library=static (#6119)
  • Fix incorrect error reporting (#6127, #5170)
  • When using FLATPAK_TTY_PROGRESS, terminate OSC escape sequence with standard ST sequence instead of xterm-specific BEL (#6092)
  • Include all options in shell completion for flatpak search (#6096)

Internal changes:

  • Fix an unclear boolean expression (no functional change) (#5013)
  • Avoid a duplicate redirection in the test suite (#6117)
  • CI updates

2b47e8f2d90d35d29339ed78e1a6eabb36eefa9cfa5a5ca3b0d1f27502c43675 *flatpak-1.16.1.tar.xz

1.16.0

09 Jan 17:36
1.16.0
Compare
Choose a tag to compare

This is the first stable release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.

Bug fixes:

  • Update libglnx to 2024-12-06:

    • Fix an assertion failure if creating a parent directory encounters a dangling symlink (GNOME/libglnx#1)
    • Fix a Meson warning
  • Don't emit terminal progress indicator escape sequences by default. They are interpreted as notifications by some terminal emulators. (#6052)

  • Fix introspection annotations in libflatpak

Enhancements:

  • Add the FLATPAK_TTY_PROGRESS environment variable, which re-enables the terminal progress indicator escape sequences added in 1.15.91.

  • Document the FLATPAK_FANCY_OUTPUT environment variable, which allows disabling the fancy formatting when outputting to a terminal.


cb0ac565adcb62127c6d11ed50ee7044d6a836fa69c354b2f4b640a22bfa4b2a *flatpak-1.16.0.tar.xz

1.15.91

20 Dec 13:37
1.15.91
Compare
Choose a tag to compare
1.15.91 Pre-release
Pre-release

Important

This is a release candidate for Flatpak 1.16.0. Starting effectively now, only fixes to critical regressions and issues are accepted. Development will be reopened as usual after Flatpak 1.16.0 is released.

Enhancements:

  • Add the FLATPAK_DATA_DIR environment variable, which allows overriding at runtime the data directory location that Flatpak uses to search for configuration files such as remotes. This is useful for running tests, and for when installing using Flatpak in a chroot.

  • Add a FLATPAK_DOWNLOAD_TMPDIR variable. This allows using download directories other than /var/tmp.

  • Emit progress escape sequence. This can be used by terminal emulators to detect and display progress of Flatpak operations on their graphical user interfaces.

Bug fixes:

  • Install missing test data. This should fix "as-installed" tests via ginsttest-runner, used for example in Debian's autopkgtest framework.

  • Unify and improve how the Wayland socket is passed to the sandboxed app. This should fix a regression that is triggered by compositors that both implement the security-context-v1 protocol, and sets the WAYLAND_DISPLAY environment variable when launching Flatpak apps. (#5863)

  • Fix the plural form of a translatable string.


b1458c00eae49d59bc1c8eae5066fce0019295dc0ba6cc942f68911f200d8802 *flatpak-1.15.91.tar.xz

1.15.12

28 Nov 16:22
Compare
Choose a tag to compare
1.15.12 Pre-release
Pre-release

Bug fixes:

  • Return to using the process ID of the Flatpak app in the cgroup name. Using the instance ID in 1.15.11 caused crashes when installing apps, extensions or runtimes that use the "extra data" mechanism, which does not set up an instance ID. (#6009)
a24f870de1096f04c6d6992cef851f8eea5f99f2a389e425e1ea73fbb9c02e3b *flatpak-1.15.12.tar.xz

1.15.11

26 Nov 15:14
Compare
Choose a tag to compare
1.15.11 Pre-release
Pre-release

Dependencies:

  • In distributions that compile Flatpak to use a separate xdg-dbus-proxy
    executable, version 0.1.6 is recommended (but not required).
    The minimum xdg-dbus-proxy continues to be 0.1.0.

Enhancements:

  • Allow applications like WebKit to connect the AT-SPI accessibility tree
    of processes in a sub-sandbox with the tree in the main process (#5898)

    • New sandboxing parameter flatpak run --a11y-own-name, which is
      like --own-name but for the accessibility bus

    • flatpak-portal API v7: add new sandbox-a11y-own-names option, which
      accepts names matching ${FLATPAK_ID}.*

    • Apps may call the org.a11y.atspi.Socket.Embedded method on names
      matching ${FLATPAK_ID}.Sandboxed.* by default

  • flatpak run -vv $app_id shows all applicable sandboxing parameters
    and their source, including overrides, as debug messages (#5895)

  • Introduce USB device listing

    • Apps can list which USB devices they want to access ahead of time by
      using the --usb parameter. Check the manpages for the more information
      about the accepted syntax.

    • Denying access to USB devices is also possible with the --no-usb
      parameter. The syntax is equal to --usb.

    • Both options merely store metadata, and aren't used by Flatpak itself.
      This metadata is intended to be used by the (as of now, still in
      progress) USB portal to decide which devices the app can enumerate and
      request access.

  • Add support for KDE search completion

  • Use the instance id of the Flatpak app as part of the cgroup name. This
    better matches the naming conventions for cgroup.

Bug fixes:

  • Update libglnx to 2024-08-23 (#5918)

    • fix build in environments that use -Werror=return-type, such as
      openSUSE Tumbleweed (#5778)

    • add a fallback definition for G_PID_FORMAT with older GLib

    • avoid warnings for g_steal_fd() with newer GLib

    • improve compatibility of g_closefrom() backport with newer GLib

  • Update meson wrap file for xdg-dbus-proxy to version 0.1.6:

    • compatibility with D-Bus implementations that pipeline the
      authentication handshake, such as sd-bus and zbus

    • compatibility with D-Bus implementations that use non-consecutive
      serial numbers, such as godbus and zbus

    • broadcast signals can be allowed without having to add TALK permission
      (#5828)

    • fix memory leaks

Internal changes:

  • Better const-correctness (#5913)
  • Fix a shellcheck warning in the tests (#5914)

cd4fab1f17bba3cfd94d777e6513ddfb808083bad462768cf9de8edbbd0fc13e *flatpak-1.15.11.tar.xz

1.15.10

14 Aug 15:57
Compare
Choose a tag to compare
1.15.10 Pre-release
Pre-release

Dependencies:

  • In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required.
    This version adds a new feature which is required by the security fix in this release.

Security fixes:

  • Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

  • Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Other bug fixes:

Internal changes:

  • Record a log file when running build-time tests with AddressSanitizer (#5884)

  • Add initial suppressions file for AddressSanitizer (#5884)

6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f *flatpak-1.15.10.tar.xz

1.14.10

14 Aug 15:59
Compare
Choose a tag to compare

Dependencies:

  • In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version with a backport of the --bind-fd option is required. These versions add a new feature which is required by the security fix in this release.

Security fixes:

  • Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

  • Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Version 1.14.9 was not released due to an incompatibility with older versions of GLib. Version 1.14.10 replaces it.

6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd *flatpak-1.14.10.tar.xz

1.15.9

22 Jul 18:10
Compare
Choose a tag to compare
1.15.9 Pre-release
Pre-release

Dependencies:

  • bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files instead of being directly vendored via git submodule. If downloading external software during build is not allowed in your environment, please install suitable versions of bubblewrap and xdg-dbus-proxy separately, then configure Flatpak with options similar to -Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy (most major distributions package it like this already).

Enhancements:

  • If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released), allow two broadcast signals from AT-SPI by default, allowing bus traffic to be reduced. If xdg-dbus-proxy is older, this change will have no practical effect but is harmless. (#5828)

  • Install csh profile snippet (#5753)

Bug fixes:

  • Expand the list of environment variables that Flatpak apps do not inherit from the host system (#5765, #5785)

  • Take time zone information from $TZDIR if set (#5850)

  • Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)

  • Fix a memory leak when running flatpak permissions (#5844)

  • Fix memory leaks in flatpak update (#5816)

  • Fix memory leaks when installing packages (#5811)

  • Use more similar translatable strings for some error messages (#5748)

  • Document flatpak config --set languages '*all*' correctly: it is really *all* (or equivalently *), not just all (#5836)

  • Fix a misleading comment in the test for CVE-2024-32462 (#5779)

  • Fix a copy/paste error in the 1.15.7 release notes

  • On systems where subdirectories of /sys have been made inaccessible, continue without them (#5138)

  • Make tests more compatible with non-GNU shell utilities (#5812)

  • Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)

Internal changes:

  • libglnx and variant-schema-compiler are now managed as git subtree instead of git submodule. Maintainers and contributors, please see subprojects/README.md for details of how to interact with these. In particular this means that submodules no longer need to be set up before working on a git clone. (#5800, #5845)

  • Split library code into more, smaller translation units, reducing internal circular dependencies (#5409, #5801, #5803)

  • Add some convenience macros in the test suite (#5693)

  • Minor internal robustness improvement (#5833)

  • Add configuration for Github Codespaces (#5767)

  • Improve CI configuration (#5791)

  • Work around infrastructure issues in third-party apt repositories used by default in Github Workflows (#5786)

8a05aba11db26e922637e6422f772de3daf05d2ab97ca45bedc6ccc7a588c4d2 *flatpak-1.15.9.tar.xz

1.14.8

30 Apr 13:58
Compare
Choose a tag to compare

No changes. This release is rolling out to correct mismatching submodule versions
in the release tarball.


1016b7327f7af87896f95465f7e5813750d3b7049a3740a1a4ddcb5fa8c5348e  flatpak-1.14.8.tar.xz

1.14.7

29 Apr 17:27
Compare
Choose a tag to compare

New features:

  • Automatically reload D-Bus session bus configuration after installing
    or upgrading apps, to pick up any exported D-Bus services (#3342)

Bug fixes:

  • Expand the list of environment variables that Flatpak apps do not
    inherit from the host system (#5765, #5785)

  • Don't refuse to start apps when there is no D-Bus system bus available
    (#5076)

  • Don't try to repeat migration of apps whose data was migrated to a new
    name and then deleted (#5668)

  • Fix warnings from newer GLib versions (#5660)

  • Always set the container environment variable (#5610)

  • In flatpak ps, add xdg-desktop-portal-gnome to the list of backends
    we'll use to learn which apps are running in the background (#5729)

  • Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
    the shell environment (#5574)

  • Avoid undefined behaviour of signed left-shift when storing object IDs
    in a hash table (#5738)

  • Fix Docbook validity in documentation (#5719)

  • Skip more tests when FUSE isn't available (#5611)

  • Fix a misleading comment in the test for CVE-2024-32462 (#5779)

Internal changes:

  • Fix Github Workflows recipes

526f5b592839fe47a6fa149df09ed1d1d7742e0497913e51683d4f1ab33c2da4  flatpak-1.14.7.tar.xz