Skip to content

Release 0.8.7 (stable)

Choose a tag to compare
@alexlarsson alexlarsson released this 20 Jun 13:35

Major changes in 0.8.7

This is a minor security update, matching the behaviour on master
where we avoid ever creating setuid files or world-writable
directories. However, the fix is more localized and does not
require a new ostree.


  • After pulling from a remote, always verify that the staged
    new files and directories have safe permissions.
  • Ensure ~/.local/share/flatpak is not readable to other users, to
    avoid anyone ever seeing possibly world-writeable directories
  • Fix double-setting a error in case of errors when pulling
  • Fix timeout in testcase
$ sha256sum flatpak-0.8.7.tar.xz 
ddd2b1d5b291b55a12bee1ef802d2e36ca7c830e2164d38996fa62460196f311  flatpak-0.8.7.tar.xz