- Update to version 1.14.4 (bsc#1209410, bsc#1209411):
  + Security fixes:
    - Escape special characters when displaying permissions and
      metadata, preventing malicious apps from manipulating the
      appearance of the permissions list using crafted metadata
      (CVE-2023-28101).
    - If a Flatpak app is run on a Linux virtual console
      (tty1, tty2, etc.), don't allow copy/paste via the TIOCLINUX
      ioctl (CVE-2023-28100).
      Note that this is specific to virtual consoles: Flatpak is
      not vulnerable to this if run from a graphical terminal
      emulator such as xterm, gnome-terminal or Konsole.
  + Other bug fixes:
    - Translation update: pl
- Changes from version 1.14.3:
  + Bug fixes:
    - When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed
    - Fix a crash when --socket=gpg-agent is used 
    - Fix a crash when listing apps if one of them is broken or
      misconfigured
    - If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message
    - Unset $GDK_BACKEND for apps, ensuring GTK apps with
      --socket=fallback-x11 can work
    - Never try to export a parent of reserved directories as a

• Files Changed
• Browse Source