Releases: flatpak/flatpak
1.16.1
Enhancements:
- When using parental controls, allow a child account to update existing apps by default, to ensure that security and bugfix updates can be installed. This can be overridden by setting polkit policy rules for the new
org.freedesktop.Flatpak.override-parental-controls-update
action if necessary. (#5552) - Make systemd scopes easier to match to Flatpak app instances, by using the instance ID instead of the top-level process ID in the scope name (#6015)
- Access to
--device=dri
now includes/dev/udmabuf
(#6158) - Improve the error message for an invalid parameter to
flatpak-spawn --sandbox-a11y-own-name
(#6048) - Speed up
flatpak prune --dry-run
by not calculating potential freed space and avoiding operations that would need to hold a lock (#5813, #6121) - Speed up
flatpak permission-reset
by only writing entries that have actually changed (#5772) - Documentation improvements (#4859, #6066, #6134)
- Look for TLS certificates at /etc/containers/certs.d when interacting with OCI registries (#5916)
- Translation updates: bg (#6120), ka (#6176), pl (#6106), pt_BR (#6076, #6188), ro (#6139), ru (#6145), sl (#6054), sv (#6193), tr (#6109)
This is the first bugfix release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.
Bug fixes:
- Fix intermittent flatpak-portal crashes by avoiding unnecessary multi-threading (#5605)
- Don't show a confusing confirmation prompt when
flatpak remove --unused
removesautoprune-unless
extensions that are no longer needed, such as older Nvidia drivers (#5712, #2718) - Don't propagate
$PYTHONPYCACHEPREFIX
from host into sandbox (#6110) - Don't propagate
$WAYLAND_DISPLAY
,$WAYLAND_SOCKET
from host into sandbox if access to the Wayland socket has been denied (#3948) - When discovering the AT-SPI bus, treat
$AT_SPI_BUS_ADDRESS
as higher-priority than GetAddress(), more closely matching the behaviour of AT-SPI itself (#6173) - Fix a memory leak when installing extra-data (#6069)
- Don't show fatal transaction errors twice (#3400)
- Fix the build with -Ddefault_library=static (#6119)
- Fix incorrect error reporting (#6127, #5170)
- When using
FLATPAK_TTY_PROGRESS
, terminate OSC escape sequence with standard ST sequence instead of xterm-specific BEL (#6092) - Include all options in shell completion for
flatpak search
(#6096)
Internal changes:
- Fix an unclear boolean expression (no functional change) (#5013)
- Avoid a duplicate redirection in the test suite (#6117)
- CI updates
2b47e8f2d90d35d29339ed78e1a6eabb36eefa9cfa5a5ca3b0d1f27502c43675 *flatpak-1.16.1.tar.xz
1.16.0
This is the first stable release of the Flatpak 1.16 series! Users and distributions are strongly encouraged to update to this version.
Bug fixes:
-
Update libglnx to 2024-12-06:
- Fix an assertion failure if creating a parent directory encounters a dangling symlink (GNOME/libglnx#1)
- Fix a Meson warning
-
Don't emit terminal progress indicator escape sequences by default. They are interpreted as notifications by some terminal emulators. (#6052)
-
Fix introspection annotations in libflatpak
Enhancements:
-
Add the
FLATPAK_TTY_PROGRESS
environment variable, which re-enables the terminal progress indicator escape sequences added in 1.15.91. -
Document the
FLATPAK_FANCY_OUTPUT
environment variable, which allows disabling the fancy formatting when outputting to a terminal.
cb0ac565adcb62127c6d11ed50ee7044d6a836fa69c354b2f4b640a22bfa4b2a *flatpak-1.16.0.tar.xz
1.15.91
Important
This is a release candidate for Flatpak 1.16.0. Starting effectively now, only fixes to critical regressions and issues are accepted. Development will be reopened as usual after Flatpak 1.16.0 is released.
Enhancements:
-
Add the
FLATPAK_DATA_DIR
environment variable, which allows overriding at runtime the data directory location that Flatpak uses to search for configuration files such as remotes. This is useful for running tests, and for when installing using Flatpak in a chroot. -
Add a
FLATPAK_DOWNLOAD_TMPDIR
variable. This allows using download directories other than /var/tmp. -
Emit progress escape sequence. This can be used by terminal emulators to detect and display progress of Flatpak operations on their graphical user interfaces.
Bug fixes:
-
Install missing test data. This should fix "as-installed" tests via
ginsttest-runner
, used for example in Debian's autopkgtest framework. -
Unify and improve how the Wayland socket is passed to the sandboxed app. This should fix a regression that is triggered by compositors that both implement the security-context-v1 protocol, and sets the
WAYLAND_DISPLAY
environment variable when launching Flatpak apps. (#5863) -
Fix the plural form of a translatable string.
b1458c00eae49d59bc1c8eae5066fce0019295dc0ba6cc942f68911f200d8802 *flatpak-1.15.91.tar.xz
1.15.12
Bug fixes:
- Return to using the process ID of the Flatpak app in the cgroup name. Using the instance ID in 1.15.11 caused crashes when installing apps, extensions or runtimes that use the "extra data" mechanism, which does not set up an instance ID. (#6009)
a24f870de1096f04c6d6992cef851f8eea5f99f2a389e425e1ea73fbb9c02e3b *flatpak-1.15.12.tar.xz
1.15.11
Dependencies:
- In distributions that compile Flatpak to use a separate xdg-dbus-proxy
executable, version 0.1.6 is recommended (but not required).
The minimum xdg-dbus-proxy continues to be 0.1.0.
Enhancements:
-
Allow applications like WebKit to connect the AT-SPI accessibility tree
of processes in a sub-sandbox with the tree in the main process (#5898)-
New sandboxing parameter
flatpak run --a11y-own-name
, which is
like--own-name
but for the accessibility bus -
flatpak-portal API v7: add new sandbox-a11y-own-names option, which
accepts names matching${FLATPAK_ID}.*
-
Apps may call the
org.a11y.atspi.Socket.Embedded
method on names
matching${FLATPAK_ID}.Sandboxed.*
by default
-
-
flatpak run -vv $app_id
shows all applicable sandboxing parameters
and their source, including overrides, as debug messages (#5895) -
Introduce USB device listing
-
Apps can list which USB devices they want to access ahead of time by
using the--usb
parameter. Check the manpages for the more information
about the accepted syntax. -
Denying access to USB devices is also possible with the
--no-usb
parameter. The syntax is equal to--usb
. -
Both options merely store metadata, and aren't used by Flatpak itself.
This metadata is intended to be used by the (as of now, still in
progress) USB portal to decide which devices the app can enumerate and
request access.
-
-
Add support for KDE search completion
-
Use the instance id of the Flatpak app as part of the cgroup name. This
better matches the naming conventions for cgroup.
Bug fixes:
-
Update libglnx to 2024-08-23 (#5918)
-
fix build in environments that use -Werror=return-type, such as
openSUSE Tumbleweed (#5778) -
add a fallback definition for G_PID_FORMAT with older GLib
-
avoid warnings for g_steal_fd() with newer GLib
-
improve compatibility of g_closefrom() backport with newer GLib
-
-
Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
-
compatibility with D-Bus implementations that pipeline the
authentication handshake, such as sd-bus and zbus -
compatibility with D-Bus implementations that use non-consecutive
serial numbers, such as godbus and zbus -
broadcast signals can be allowed without having to add TALK permission
(#5828) -
fix memory leaks
-
Internal changes:
cd4fab1f17bba3cfd94d777e6513ddfb808083bad462768cf9de8edbbd0fc13e *flatpak-1.15.11.tar.xz
1.15.10
Dependencies:
- In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required.
This version adds a new feature which is required by the security fix in this release.
Security fixes:
- Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
Documentation:
- Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
Other bug fixes:
Internal changes:
-
Record a log file when running build-time tests with AddressSanitizer (#5884)
-
Add initial suppressions file for AddressSanitizer (#5884)
6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f *flatpak-1.15.10.tar.xz
1.14.10
Dependencies:
- In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version with a backport of the --bind-fd option is required. These versions add a new feature which is required by the security fix in this release.
Security fixes:
- Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
Documentation:
- Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
Version 1.14.9 was not released due to an incompatibility with older versions of GLib. Version 1.14.10 replaces it.
6bbdc7908127350ad85a4a47d70292ca2f4c46e977b32b1fd231c2a719d821cd *flatpak-1.14.10.tar.xz
1.15.9
Dependencies:
- bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files instead of being directly vendored via
git submodule
. If downloading external software during build is not allowed in your environment, please install suitable versions of bubblewrap and xdg-dbus-proxy separately, then configure Flatpak with options similar to-Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy
(most major distributions package it like this already).
Enhancements:
-
If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released), allow two broadcast signals from AT-SPI by default, allowing bus traffic to be reduced. If xdg-dbus-proxy is older, this change will have no practical effect but is harmless. (#5828)
-
Install csh profile snippet (#5753)
Bug fixes:
-
Expand the list of environment variables that Flatpak apps do not inherit from the host system (#5765, #5785)
-
Take time zone information from $TZDIR if set (#5850)
-
Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)
-
Fix a memory leak when running
flatpak permissions
(#5844) -
Fix memory leaks in
flatpak update
(#5816) -
Fix memory leaks when installing packages (#5811)
-
Use more similar translatable strings for some error messages (#5748)
-
Document
flatpak config --set languages '*all*'
correctly: it is really*all*
(or equivalently*
), not justall
(#5836) -
Fix a misleading comment in the test for CVE-2024-32462 (#5779)
-
Fix a copy/paste error in the 1.15.7 release notes
-
On systems where subdirectories of /sys have been made inaccessible, continue without them (#5138)
-
Make tests more compatible with non-GNU shell utilities (#5812)
-
Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)
Internal changes:
-
libglnx and variant-schema-compiler are now managed as
git subtree
instead ofgit submodule
. Maintainers and contributors, please seesubprojects/README.md
for details of how to interact with these. In particular this means that submodules no longer need to be set up before working on a git clone. (#5800, #5845) -
Split library code into more, smaller translation units, reducing internal circular dependencies (#5409, #5801, #5803)
-
Add some convenience macros in the test suite (#5693)
-
Minor internal robustness improvement (#5833)
-
Add configuration for Github Codespaces (#5767)
-
Improve CI configuration (#5791)
-
Work around infrastructure issues in third-party apt repositories used by default in Github Workflows (#5786)
8a05aba11db26e922637e6422f772de3daf05d2ab97ca45bedc6ccc7a588c4d2 *flatpak-1.15.9.tar.xz
1.14.8
No changes. This release is rolling out to correct mismatching submodule versions
in the release tarball.
1016b7327f7af87896f95465f7e5813750d3b7049a3740a1a4ddcb5fa8c5348e flatpak-1.14.8.tar.xz
1.14.7
New features:
- Automatically reload D-Bus session bus configuration after installing
or upgrading apps, to pick up any exported D-Bus services (#3342)
Bug fixes:
-
Expand the list of environment variables that Flatpak apps do not
inherit from the host system (#5765, #5785) -
Don't refuse to start apps when there is no D-Bus system bus available
(#5076) -
Don't try to repeat migration of apps whose data was migrated to a new
name and then deleted (#5668) -
Fix warnings from newer GLib versions (#5660)
-
Always set the
container
environment variable (#5610) -
In
flatpak ps
, add xdg-desktop-portal-gnome to the list of backends
we'll use to learn which apps are running in the background (#5729) -
Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
the shell environment (#5574) -
Avoid undefined behaviour of signed left-shift when storing object IDs
in a hash table (#5738) -
Fix Docbook validity in documentation (#5719)
-
Skip more tests when FUSE isn't available (#5611)
-
Fix a misleading comment in the test for CVE-2024-32462 (#5779)
Internal changes:
- Fix Github Workflows recipes
526f5b592839fe47a6fa149df09ed1d1d7742e0497913e51683d4f1ab33c2da4 flatpak-1.14.7.tar.xz