Changes in 1.0.7
This release fixes CVE-2019-8308.
The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.
- Don't expose /proc in apply_extra script sandbox.
$ sha256sum flatpak-1.0.7.tar.xz e0e6626a6d475ab263e7eab93d945d88f37c055fc9083d349101829b61253590 flatpak-1.0.7.tar.xz