Skip to content

1.14.6
Compare
Choose a tag to compare
@smcv smcv released this 18 Apr 16:16
· 336 commits to main since this release
1.14.6
3344a7a

Security fixes:

  • Don't allow an executable name to be misinterpreted as a command-line
    option for bwrap(1). This prevents a sandbox escape where a malicious
    or compromised app could ask xdg-desktop-portal to generate a .desktop
    file with access to files outside the sandbox. (CVE-2024-32462)

Other bug fixes:

  • Don't parse <developer><name/></developer> as the application name
    (#5700)
538f36b2c6f8c70eefd12d13ad5b1ad830820106a8bd3a9f6b8e4d9de81e4946 *flatpak-1.14.6.tar.xz
Assets 4