1.16.1

Enhancements:

• When using parental controls, allow a child account to update existing apps by default, to ensure that security and bugfix updates can be installed. This can be overridden by setting polkit policy rules for the new org.freedesktop.Flatpak.override-parental-controls-update action if necessary. (#5552)
• Make systemd scopes easier to match to Flatpak app instances, by using the instance ID instead of the top-level process ID in the scope name (#6015)
• Access to --device=dri now includes /dev/udmabuf (#6158)
• Improve the error message for an invalid parameter to flatpak-spawn --sandbox-a11y-own-name (#6048)
• Speed up flatpak prune --dry-run by not calculating potential freed space and avoiding operations that would need to hold a lock (#5813, #6121)
• Speed up flatpak permission-reset by only writing entries that have actually changed (#5772)
• Documentation improvements (#4859, #6066, #6134)
• Look for TLS certificates at /etc/containers/certs.d when interacting with OCI registries (#5916)
• Translation updates: bg (#6120), ka (#6176), pl (#6106), pt_BR (#6076, #6188), ro (#6139), ru (#6145), sl (#6054), sv (#6193), tr (#6109)
  This is the first bugfix release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.

Bug fixes:

• Fix intermittent flatpak-portal crashes by avoiding unnecessary multi-threading (#5605)
• Don't show a confusing confirmation prompt when flatpak remove --unused removes autoprune-unless extensions that are no longer needed, such as older Nvidia drivers (#5712, #2718)
• Don't propagate $PYTHONPYCACHEPREFIX from host into sandbox (#6110)
• Don't propagate $WAYLAND_DISPLAY, $WAYLAND_SOCKET from host into sandbox if access to the Wayland socket has been denied (#3948)
• When discovering the AT-SPI bus, treat $AT_SPI_BUS_ADDRESS as higher-priority than GetAddress(), more closely matching the behaviour of AT-SPI itself (#6173)
• Fix a memory leak when installing extra-data (#6069)
• Don't show fatal transaction errors twice (#3400)
• Fix the build with -Ddefault_library=static (#6119)
• Fix incorrect error reporting (#6127, #5170)
• When using FLATPAK_TTY_PROGRESS, terminate OSC escape sequence with standard ST sequence instead of xterm-specific BEL (#6092)
• Include all options in shell completion for flatpak search (#6096)

Internal changes:

• Fix an unclear boolean expression (no functional change) (#5013)
• Avoid a duplicate redirection in the test suite (#6117)
• CI updates

---

2b47e8f2d90d35d29339ed78e1a6eabb36eefa9cfa5a5ca3b0d1f27502c43675 *flatpak-1.16.1.tar.xz

1.16.0

This is the first stable release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.

Bug fixes:

• Update libglnx to 2024-12-06:

  • Fix an assertion failure if creating a parent directory encounters a dangling symlink (GNOME/libglnx#1)
  • Fix a Meson warning

• Don't emit terminal progress indicator escape sequences by default. They are interpreted as notifications by some terminal emulators. (#6052)

• Fix introspection annotations in libflatpak

Enhancements:

• Add the FLATPAK_TTY_PROGRESS environment variable, which re-enables the terminal progress indicator escape sequences added in 1.15.91.

• Document the FLATPAK_FANCY_OUTPUT environment variable, which allows disabling the fancy formatting when outputting to a terminal.

---

cb0ac565adcb62127c6d11ed50ee7044d6a836fa69c354b2f4b640a22bfa4b2a *flatpak-1.16.0.tar.xz

1.15.91

Important

This is a release candidate for Flatpak 1.16.0. Starting effectively now, only fixes to critical regressions and issues are accepted. Development will be reopened as usual after Flatpak 1.16.0 is released.

Enhancements:

• Add the FLATPAK_DATA_DIR environment variable, which allows overriding at runtime the data directory location that Flatpak uses to search for configuration files such as remotes. This is useful for running tests, and for when installing using Flatpak in a chroot.

• Add a FLATPAK_DOWNLOAD_TMPDIR variable. This allows using download directories other than /var/tmp.

• Emit progress escape sequence. This can be used by terminal emulators to detect and display progress of Flatpak operations on their graphical user interfaces.

Bug fixes:

• Install missing test data. This should fix "as-installed" tests via ginsttest-runner, used for example in Debian's autopkgtest framework.

• Unify and improve how the Wayland socket is passed to the sandboxed app. This should fix a regression that is triggered by compositors that both implement the security-context-v1 protocol, and sets the WAYLAND_DISPLAY environment variable when launching Flatpak apps. (#5863)

• Fix the plural form of a translatable string.

---

b1458c00eae49d59bc1c8eae5066fce0019295dc0ba6cc942f68911f200d8802 *flatpak-1.15.91.tar.xz

1.15.12

Bug fixes:

• Return to using the process ID of the Flatpak app in the cgroup name. Using the instance ID in 1.15.11 caused crashes when installing apps, extensions or runtimes that use the "extra data" mechanism, which does not set up an instance ID. (#6009)

a24f870de1096f04c6d6992cef851f8eea5f99f2a389e425e1ea73fbb9c02e3b *flatpak-1.15.12.tar.xz

1.15.11

Dependencies:

• In distributions that compile Flatpak to use a separate xdg-dbus-proxy
  executable, version 0.1.6 is recommended (but not required).
  The minimum xdg-dbus-proxy continues to be 0.1.0.

Enhancements:

• Allow applications like WebKit to connect the AT-SPI accessibility tree
  of processes in a sub-sandbox with the tree in the main process (#5898)

  • New sandboxing parameter flatpak run --a11y-own-name, which is
    like --own-name but for the accessibility bus

  • flatpak-portal API v7: add new sandbox-a11y-own-names option, which
    accepts names matching ${FLATPAK_ID}.*

  • Apps may call the org.a11y.atspi.Socket.Embedded method on names
    matching ${FLATPAK_ID}.Sandboxed.* by default

• flatpak run -vv $app_id shows all applicable sandboxing parameters
  and their source, including overrides, as debug messages (#5895)

• Introduce USB device listing

  • Apps can list which USB devices they want to access ahead of time by
    using the --usb parameter. Check the manpages for the more information
    about the accepted syntax.

  • Denying access to USB devices is also possible with the --no-usb
    parameter. The syntax is equal to --usb.

  • Both options merely store metadata, and aren't used by Flatpak itself.
    This metadata is intended to be used by the (as of now, still in
    progress) USB portal to decide which devices the app can enumerate and
    request access.

• Add support for KDE search completion

• Use the instance id of the Flatpak app as part of the cgroup name. This
  better matches the naming conventions for cgroup.

Bug fixes:

• Update libglnx to 2024-08-23 (#5918)

  • fix build in environments that use -Werror=return-type, such as
    openSUSE Tumbleweed (#5778)

  • add a fallback definition for G_PID_FORMAT with older GLib

  • avoid warnings for g_steal_fd() with newer GLib

  • improve compatibility of g_closefrom() backport with newer GLib

• Update meson wrap file for xdg-dbus-proxy to version 0.1.6:

  • compatibility with D-Bus implementations that pipeline the
    authentication handshake, such as sd-bus and zbus

  • compatibility with D-Bus implementations that use non-consecutive
    serial numbers, such as godbus and zbus

  • broadcast signals can be allowed without having to add TALK permission
    (#5828)

  • fix memory leaks

Internal changes:

• Better const-correctness (#5913)
• Fix a shellcheck warning in the tests (#5914)

---

cd4fab1f17bba3cfd94d777e6513ddfb808083bad462768cf9de8edbbd0fc13e *flatpak-1.15.11.tar.xz

1.15.10

Dependencies:

• In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required.
  This version adds a new feature which is required by the security fix in this release.

Security fixes:

• Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

• Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Other bug fixes:

• Fix several memory leaks (#5883, #5884)

Internal changes:

• Record a log file when running build-time tests with AddressSanitizer (#5884)

• Add initial suppressions file for AddressSanitizer (#5884)

6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f *flatpak-1.15.10.tar.xz

1.14.10

Dependencies:

• In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version with a backport of the --bind-fd option is required. These versions add a new feature which is required by the security fix in this release.

Security fixes:

• Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

• Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Version 1.14.9 was not released due to an incompatibility with older versions of GLib. Version 1.14.10 replaces it.

6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd *flatpak-1.14.10.tar.xz

1.15.9

Dependencies:

• bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files instead of being directly vendored via git submodule. If downloading external software during build is not allowed in your environment, please install suitable versions of bubblewrap and xdg-dbus-proxy separately, then configure Flatpak with options similar to -Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy (most major distributions package it like this already).

Enhancements:

• If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released), allow two broadcast signals from AT-SPI by default, allowing bus traffic to be reduced. If xdg-dbus-proxy is older, this change will have no practical effect but is harmless. (#5828)

• Install csh profile snippet (#5753)

Bug fixes:

• Expand the list of environment variables that Flatpak apps do not inherit from the host system (#5765, #5785)

• Take time zone information from $TZDIR if set (#5850)

• Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)

• Fix a memory leak when running flatpak permissions (#5844)

• Fix memory leaks in flatpak update (#5816)

• Fix memory leaks when installing packages (#5811)

• Use more similar translatable strings for some error messages (#5748)

• Document flatpak config --set languages '*all*' correctly: it is really *all* (or equivalently *), not just all (#5836)

• Fix a misleading comment in the test for CVE-2024-32462 (#5779)

• Fix a copy/paste error in the 1.15.7 release notes

• On systems where subdirectories of /sys have been made inaccessible, continue without them (#5138)

• Make tests more compatible with non-GNU shell utilities (#5812)

• Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)

Internal changes:

• libglnx and variant-schema-compiler are now managed as git subtree instead of git submodule. Maintainers and contributors, please see subprojects/README.md for details of how to interact with these. In particular this means that submodules no longer need to be set up before working on a git clone. (#5800, #5845)

• Split library code into more, smaller translation units, reducing internal circular dependencies (#5409, #5801, #5803)

• Add some convenience macros in the test suite (#5693)

• Minor internal robustness improvement (#5833)

• Add configuration for Github Codespaces (#5767)

• Improve CI configuration (#5791)

• Work around infrastructure issues in third-party apt repositories used by default in Github Workflows (#5786)

8a05aba11db26e922637e6422f772de3daf05d2ab97ca45bedc6ccc7a588c4d2 *flatpak-1.15.9.tar.xz

1.14.8

No changes. This release is rolling out to correct mismatching submodule versions
in the release tarball.

---

1016b7327f7af87896f95465f7e5813750d3b7049a3740a1a4ddcb5fa8c5348e  flatpak-1.14.8.tar.xz

1.14.7

New features:

• Automatically reload D-Bus session bus configuration after installing
  or upgrading apps, to pick up any exported D-Bus services (#3342)

Bug fixes:

• Expand the list of environment variables that Flatpak apps do not
  inherit from the host system (#5765, #5785)

• Don't refuse to start apps when there is no D-Bus system bus available
  (#5076)

• Don't try to repeat migration of apps whose data was migrated to a new
  name and then deleted (#5668)

• Fix warnings from newer GLib versions (#5660)

• Always set the container environment variable (#5610)

• In flatpak ps, add xdg-desktop-portal-gnome to the list of backends
  we'll use to learn which apps are running in the background (#5729)

• Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
  the shell environment (#5574)

• Avoid undefined behaviour of signed left-shift when storing object IDs
  in a hash table (#5738)

• Fix Docbook validity in documentation (#5719)

• Skip more tests when FUSE isn't available (#5611)

• Fix a misleading comment in the test for CVE-2024-32462 (#5779)

Internal changes:

• Fix Github Workflows recipes

---

526f5b592839fe47a6fa149df09ed1d1d7742e0497913e51683d4f1ab33c2da4  flatpak-1.14.7.tar.xz