Release 147.0.7727.101-444070 · secureblue/Trivalent What's Changed fix: report browser properly from commandline by @RKNF404 in #689 fix: proper toggle control for NSS by @RKNF404 in #688 fix: JIT UX controls by @RKNF404 in #686 chore(deps): bump s...

Trivalent 147.0.7727.101-444070 released:

github.com/secureblue/T...

Release 147.0.7727.55-443903 · secureblue/Trivalent What's Changed feat(selinux): Get rid of all file WX of Trivalent's Selinux trivalent_domain by @PhysicsIsAwesome in #666 chore(deps): bump github/codeql-action from 4.34.0 to 4.35.1 by @dependabo...

Please update to pull in Trivalent 147.0.7727.55. This is a major release with numerous security fixes noted in the commit history.

This version of Trivalent includes a new upstream feature allowing Javascript JIT to be toggled via an icon present in the address bar.

github.com/secureblue/T...

Upstream release notes have been published. This release includes fixes for 21 CVES. Google is aware that an exploit for CVE-2026-5281 exists in the wild.

chromereleases.googleblog.com/2026/03/stab...

Release 146.0.7680.177-443748 · secureblue/Trivalent What's Changed chore(singleton): add singleton hostname fix by @RKNF404 in #674 Full Changelog: 146.0.7680.164-443579...146.0.7680.177-443748

Trivalent 146.0.7680.177-443748 released:

github.com/secureblue/T...

Donate | secureblue Donation options for secureblue

The Open Collective page for secureblue is now live! A new GitHub Sponsors profile for the secureblue organization is live and integrated with Open Collective. Existing sponsors via GitHub are encouraged to switch their donations over to one of the two options.

secureblue.dev/donate

Release 146.0.7680.164-443581 · secureblue/Trivalent What's Changed chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in #663 chore(deps): bump github/codeql-action from 4.32.6 to 4.34.0 by @dependabot[bot] in #664 ...

Trivalent 146.0.7680.164-443581 released:

github.com/secureblue/T...

Trivalent 146.0.7680.153-443470 released:

github.com/secureblue/T...

Release 146.0.7680.80-443379 · secureblue/Trivalent What's Changed chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 by @dependabot[bot] in #654 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #...

Trivalent 146.0.7680.80 released:

github.com/secureblue/T...

CVE-2026-3909 was originally marked by Google as fixed in the previous upstream release. They have since revised those release notes and released for a third time this week, this time actually containing the fix for CVE-2026-3909.

Release 146.0.7680.75-443342 · secureblue/Trivalent What's Changed chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 by @dependabot[bot] in #636 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in ...

Trivalent 145.0.7632.75-442755 released:

github.com/secureblue/T...

Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.

Trivalent 146.0.7680.71-443298 released:

github.com/secureblue/T...

Release v4.8.2 - Mitigate rpm-ostree regression · secureblue/secureblue v4.8.2 - Mitigate rpm-ostree regression Reminder: releases are symbolic. Builds are created and published immediately after new commits are merged. There is a critical rpm-ostree regression in vers...

secureblue v4.8.2 has been released. There's a critical rpm-ostree regression in version 2026.1 causing upgrade failures. To confirm whether you're on the impacted version, check rpm-ostree --version. If the version shows 2026.1, follow the steps in the release notes:

github.com/secureblue/s...

California recently passed, and Colorado and NY recently introduced, age verification legislation targeting OS providers that is so imprecisely written that it's unclear how to comply. If you live in one of those states, contact your state senator and rep asking them to oppose this legislation.

Release 145.0.7632.159-443143 · secureblue/Trivalent What's Changed chore(deps): bump github/codeql-action from 4.31.10 to 4.32.4 by @dependabot[bot] in #632 chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in #635...

Trivalent 145.0.7632.159-443143 released:

github.com/secureblue/T...

Release 145.0.7632.116-442971 · secureblue/Trivalent Upstream Changes https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html Full Changelog: 145.0.7632.75-442755...145.0.7632.116-442971

Trivalent 145.0.7632.116 released:

github.com/secureblue/T...

Build architecture | secureblue Build architecture for secureblue

Check out the new article on secureblue.dev covering secureblue's build architecture, especially supply chain security mechanisms:

secureblue.dev/articles/bui...

Trivalent 145.0.7632.109-442868 released:

github.com/secureblue/T...

Release 145.0.7632.75-442755 · secureblue/Trivalent What's Changed feat: use source cache versioning by @RKNF404 in #624 Full Changelog: 145.0.7632.67-442735...145.0.7632.75-442755

Trivalent 145.0.7632.75-442755 released:

github.com/secureblue/T...

Google is aware that an exploit for CVE-2026-2441 exists in the wild.

Release 145.0.7632.67-442736 · secureblue/Trivalent What's Changed fix(aarch64): pull Chromium patch to assume nightly rustc by @RoyalOughtness in #615 Upstream Changes https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-deskto...

Trivalent 145.0.7632.67-442736 released:

github.com/secureblue/T...

This release includes upstream security fixes for 11 CVEs. It also features a new quick action toolbar button for our dark mode toggle. You can add it to your toolbar via Settings > Appearance > Customize your toolbar.

Release v4.8.1 - Switch to Bazaar App Store · secureblue/secureblue v4.8.1 - Switch to Bazaar App Store All app stores (Gnome Software, Discover, Cosmic Stores) have been removed and replaced with Bazaar. Corresponding firmware update notifications provided by thos...

Release v4.8.1 is out, now with the Bazaar App Store. See the release notes for details: github.com/secureblue/s...

Release 144.0.7559.132-442539 · secureblue/Trivalent What's Changed fix: secureblue faq url by @RoyalOughtness in #595 feat: disable user feedback prompts by @RoyalOughtness in #596 chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1...

Trivalent 144.0.7559.132-442539 released:

github.com/secureblue/T...

HTTP 404 for repo keyring when updating · Issue #1416 · freedomofpress/dangerzone What happened? I got the following error when doing a system update: error: Updating rpm-md repo 'dangerzone': Failed to download gpg key for repo 'dangerzone': Status code: 404 for https://package...

Additional information for the previous post: github.com/freedomofpre...

If you've installed dangerzone, you're likely having upgrade issues. Dangerzone abruptly moved their repo GPG key, which they will fix shortly. To unblock, you can simply ⁨run0edit /etc/yum.repos.d/dangerzone.repo⁩ and replace ⁨gpgkey⁩ with their new ⁨url: packages.freedom.press/yum-tools-pr...

Release 144.0.7559.109-442393 · secureblue/Trivalent What's Changed chore: update copyright statement by @RoyalOughtness in #585 chore(vanadium): update patches by @RKNF404 in #586 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabo...

Trivalent 144.0.7559.109-442393 released:

github.com/secureblue/T...

And yes, daily updates are pulled automatically and applied on reboot.

Updates have nothing to do with releases. Releases are symbolic. Builds are created and published daily.

Release v4.8 - Provenance, egress blocking, virtualization, and rechunking · secureblue/secureblue v4.8 - Provenance, egress blocking, virtualization, and rechunking Provenance Image upgrades now include automatic SLSA provenance verification. Provenance verification can also be done when manual...

Release v4.8 is out, containing a number of major improvements. See the release notes for details: github.com/secureblue/s...

Release 144.0.7559.96-442238 · secureblue/Trivalent What's Changed fix: remove quotes from generic name and comment in trivalent.desktop by @tpaau in #578 chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #582 Up...

Trivalent 144.0.7559.96-442238 released:

github.com/secureblue/T...

Release 144.0.7559.59-442111 · secureblue/Trivalent What's Changed feat: add comment and generic name for the desktop entry by @tpaau in #561 chore(port): update patches to 144 by @RKNF404 in #557 feat(gpusandbox): improve seccomp filter for GPU pr...

Trivalent 144.0.7559.59-442111 released:

github.com/secureblue/T...

Release 143.0.7499.192-441933 · secureblue/Trivalent What's Changed chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #548 chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #549...

Trivalent 143.0.7499.192-441933 released:

github.com/secureblue/T...

Release 143.0.7499.169-441525 · secureblue/Trivalent What's Changed feat(ui): Translation support by @RKNF404 in #544 Upstream Changes https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_18.html Full Changelog: 143.0.749...

Trivalent 143.0.7499.169-441525 released:

github.com/secureblue/T...