diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -1,3 +1,24 @@ +Changes in 1.15.4 +~~~~~~~~~~~~~~~~~ +Released: not yet + +Security fixes: + +* Escape special characters when displaying permissions and metadata, + preventing malicious apps from manipulating the appearance of the + permissions list using crafted metadata (CVE-2023-28101). + +* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), + don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). + Note that this is specific to virtual consoles: Flatpak is not + vulnerable to this if run from a graphical terminal emulator such as + xterm, gnome-terminal or Konsole. + +Other bug fixes: + +* Document the path used for `flatpak override` +* Translation updates: oc, pl, ru, sv, tr + Changes in 1.15.3 ~~~~~~~~~~~~~~~~~ Released: 2023-02-21 |