Skip to content

1.15.4

Pre-release
Pre-release
Compare
Choose a tag to compare
@smcv smcv released this 16 Mar 14:39
· 207 commits to main since this release
1.15.4
e936e31

Security fixes:

  • Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101).

  • If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole.

Other bug fixes:

  • Document the path used for flatpak override
  • Translation updates: oc, pl, ru, sv, tr

sha256:

bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f *flatpak-1.15.4.tar.xz
Assets 3