14 DAY TRIAL // It's been a month since Flatpak 0.8 major release hit the streets for GNU/Linux distributions that want to offer their users fast and easy access to various third-party apps that aren't available in the official repositories of the respective OS.
Alex Larsson has announced today the availability of Flatpak 0.8.1, the first point release of the new stable series. This appears to be a bugfix and security update, marked as CVE-2017-5226, bundled with bubblewrap 0.1.7 to address a security vulnerability that would allow an attacker to inject text on the controlling TTY.
"Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the sandbox, which works around the possibility to inject text on the controlling TTY (CVE-2017-5226)," explains Alex Larsson. "This was previously fixed in bubblewrap in 0.1.6, but that change has now been reverted as it introduced other problems for Flatpak."
It's again possible to update apps by installing newer bundles
Flatpak 0.8.1 re-implements the ability to update applications by installing newer bundles, a functionality that was apparently not working properly in previous versions of the app sandboxing and distribution framework, which was recently adopted by the popular Solus operating system.
It also allows the use of AppStream data that does not contain .desktop files in the component ID, such as data for runtimes, bumps the json-glib dependency to version 1.2, makes the /var/tmp directory to not be on a tmpfs (temporary file system), but on ~/.var/app/$appid/cache/tmp, and updates the documentation and some translations.
A few bugs reported by users since last month's Flatpak 0.8 release have been resolved as well in this first point release, in particular for the builder, OCI (Open Container Initiative) format, the update-mime-database trigger, and GNOME Software, for which it fixes the "extra-data" download.
Flatpak 0.8.1 is available for download as a source tarball right now from the GitHub announcement if you plan on compiling the software yourself, and it should land soon in the software repositories of your favorite GNU/Linux distribution, so please feel free to update at your earliest convenience. Flatpak was recently adopted by Solus.