@alexlarsson alexlarsson released this Jun 20, 2017 · 2048 commits to master since this release

Assets 3

Major changes in 0.8.7

This is a minor security update, matching the behaviour on master
where we avoid ever creating setuid files or world-writable
directories. However, the fix is more localized and does not
require a new ostree.

Changes:

  • After pulling from a remote, always verify that the staged
    new files and directories have safe permissions.
  • Ensure ~/.local/share/flatpak is not readable to other users, to
    avoid anyone ever seeing possibly world-writeable directories
    therein.
  • Fix double-setting a error in case of errors when pulling
  • Fix timeout in testcase
$ sha256sum flatpak-0.8.7.tar.xz 
ddd2b1d5b291b55a12bee1ef802d2e36ca7c830e2164d38996fa62460196f311  flatpak-0.8.7.tar.xz