secureblue
@secureblue.dev
📤 115
📥 1
📝 30
A security-focused desktop and server linux operating system.
https://secureblue.dev
pinned post!
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases:
secureblue.dev/faq#releases
4 months ago
0
11
3
Trivalent 143.0.7499.109-441349 released:
github.com/secureblue/T...
Google is aware that an exploit for Bug 466192044 (no CVE issued yet) exists in the wild.
loading . . .
Release 143.0.7499.109-441349 · secureblue/Trivalent
What's Changed feat: Create enable-partitionalloc-advanced-checks.patch by @RKNF404 in #527 chore(wrapper): various improvements Wrapper improvements by @RKNF404 in #528 docs: update selinux sente...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.109-441349
5 days ago
0
3
1
Trivalent 143.0.7499.40-441176 released:
github.com/secureblue/T...
loading . . .
Release 143.0.7499.40-441176 · secureblue/Trivalent
What's Changed feat(theming): Classic theme by default by @RKNF404 in #519 fix(spec): properly check off version tag by @RKNF404 in #520 fix(conf): make ENABLE_VULKAN not persistent in the system ...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.40-441176
13 days ago
0
3
0
Our images are now rechunked using build-chunked-oci, reducing daily update sizes by ~40%. We expect this reduction to grow as we make further optimizations. The initial update to a rechunked image will be substantially larger, but this is a one-time event. For more info:
github.com/blue-build/c...
loading . . .
feat: support rechunking with build-chunked-oci by HastD · Pull Request #610 · blue-build/cli
Add support for rechunking images with rpm-ostree compose build-chunked-oci. This is available in the CLI with the --build-chunked-oci option, with an optional --max-layers argument to specify the ...
https://github.com/blue-build/cli/pull/610/files
14 days ago
0
18
1
This week we shipped ARM64 images for Beta testing. Please report any issues you encounter. For installation instructions, consult
secureblue.dev/install#arm64
loading . . .
Install | secureblue
Steps to install secureblue
https://secureblue.dev/install#arm64
16 days ago
1
9
1
Trivalent 142.0.7444.175-440855 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
This release includes upstream security fixes for multiple CVEs, including CVE-2025-13223. Google is aware of an exploit for CVE-2025-13223 that exists in the wild.
loading . . .
Release 142.0.7444.175-440855 · secureblue/Trivalent
What's Changed chore: remove unnecessary patch by @RoyalOughtness in #511 fix(wrapper): flags variable handling by @RKNF404 in #515 Full Changelog: 142.0.7444.162-440723...142.0.7444.175-440855
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.175-440855
28 days ago
0
2
0
Trivalent 142.0.7444.162-440723 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
loading . . .
Release 142.0.7444.162-440723 · secureblue/Trivalent
What's Changed docs: Update the readme to reflect the new state of the NSS by @Collision4468 in #504 feat(ui): Move search suggestion by @RKNF404 in #510 feat(conf): Extra conf files support by @R...
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.162-440723
about 1 month ago
0
3
1
ISOs and Torrents for the F43-based secureblue images are now available! Please seed if you can:
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to
@fosstorrents.bsky.social
for providing torrent hosting!
loading . . .
Install | secureblue
Steps to install secureblue
https://secureblue.dev/install#iso
about 1 month ago
0
3
0
Trivalent 142.0.7444.134-440598 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
loading . . .
Release 142.0.7444.134-440598 · secureblue/Trivalent
What's Changed fix: disable ai mode omnibox entrypoint by @RoyalOughtness in #505 Full Changelog: 142.0.7444.134-440595...142.0.7444.134-440598
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.134-440598
about 1 month ago
0
2
0
Release v4.7 is out, based on Fedora 43. Thanks to everyone who helped test and fix issues. No action is needed to upgrade, you will get the new image automatically.
github.com/secureblue/s...
loading . . .
Release v4.7 - Fedora 43 · secureblue/secureblue
What's Changed chore(po): update PO files to reflect changes to audit script by @HastD in #1320 chore(audit): add Bazaar to "expected arbitrary permissions" list by @HastD in #1290 feat: don't ins...
https://github.com/secureblue/secureblue/releases/tag/v4.7
about 1 month ago
0
5
1
Fedora 43 was released yesterday, but we're not switching to an F43 base yet. F43 includes a switch from RPM 4 to RPM 6. This includes a change that breaks upgrades on atomic. A fix is in the works:
github.com/coreos/rpm-o...
We'll switch to an F43 base once a fix is merged, tested, and shipped.
about 2 months ago
2
6
2
Trivalent 142.0.7444.59-440428 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 142.0.7444.59-440428 · secureblue/Trivalent
What's Changed chore: switch to environment secrets by @RoyalOughtness in #485 fix: environment change based on test_build variable by @RoyalOughtness in #486 chore: delete approvals action by @Ro...
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.59-440428
about 2 months ago
0
1
1
Trivalent 141.0.7390.127-440331 released: This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here:
issues.chromium.org/issues/45435...
github.com/secureblue/T...
loading . . .
Release 141.0.7390.127-440331 · secureblue/Trivalent
What's Changed feat: Disable optimizers with JIT enabled by @RKNF404 in #481 feat(versioning): add support for off-version tag releases by @RKNF404 in #482 chore: set 141.0.7390.127 version due to...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.127-440331
about 2 months ago
0
4
1
Trivalent 141.0.7390.122-440271 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.122-440271 · secureblue/Trivalent
What's Changed chore: add dependabot cooldown by @RoyalOughtness in #469 feat: switch to stepsecurity image by @RoyalOughtness in #471 fix: update deps so that dnf doesn't get confused by @RoyalOu...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.122-440271
about 2 months ago
0
3
0
Trivalent 141.0.7390.107-440120 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.107-440120 · secureblue/Trivalent
What's Changed fix(build): grep command should be arch-agnostic by @RoyalOughtness in #456 chore: add openssf scorecard.dev scanning by @RoyalOughtness in #455 chore: delete auth schemes patch by ...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.107-440120
2 months ago
0
2
2
Trivalent 141.0.7390.76-440020 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.76-440020 · secureblue/Trivalent
What's Changed chore: Revert "chore(build): switch back to github large runners unti… by @RoyalOughtness in #440 fix(supplychain): set subject correctly for provenance generation by @RoyalOughtnes...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.76-440020
2 months ago
0
2
0
Trivalent 141.0.7390.65-439968 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.65-439968 · secureblue/Trivalent
What's Changed fix(arm): update rust clanglib patch by @RoyalOughtness in #424 chore: add initial changelog by @RoyalOughtness in #426 chore(build): remove dep on sysroot by @RKNF404 in #427 chore...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.65-439968
2 months ago
0
0
0
Trivalent 141.0.7390.54-439843 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 141.0.7390.54-439843 · secureblue/Trivalent
What's Changed feat: enable drumbrake by default by @RKNF404 in #411 chore: adjust wording on DrumBrake flag by @RKNF404 in #412 chore: 141 port by @RKNF404 in #413 chore: pull 141 patches from Va...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.54-439843
2 months ago
0
0
0
Trivalent 140.0.7339.207-439665 released: This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.207-439665 · secureblue/Trivalent
What's Changed feat: add functional drumbrake toggle & enable drumbrake build option by @RKNF404 in #408 Full Changelog: 140.0.7339.185-439535...140.0.7339.207-439665
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.207-439665
3 months ago
1
2
0
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
loading . . .
Release 140.0.7339.185-439535 · secureblue/Trivalent
What's Changed fix: build hardening typo by @RoyalOughtness in #403 build: disable shadow_call_stack for aarch64 by @RoyalOughtness in #404 chore: hide ui popup text by @RKNF404 in #405 chore: hid...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.185-439535
3 months ago
0
1
0
Trivalent 140.0.7339.127-439381 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.127-439381 · secureblue/Trivalent
What's Changed chore: re-enable audio sandbox by @RKNF404 in #393 fix: FTBFS patch by @RoyalOughtness in #394 chore: remove fedora patches from updater by @RKNF404 in #395 fix: search selection sc...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.127-439381
3 months ago
0
1
0
secureblue v4.6.1 has been released:
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
loading . . .
Release v4.6.1 - Polish and QOL release · secureblue/secureblue
What's Changed fix: add LD_PRELOAD=libhardened_malloc.so to /etc/profile.d by @HastD in #1168 fix: missing timer preset by @RoyalOughtness in #1165 chore(deps): bump aquasecurity/trivy-action from...
https://github.com/secureblue/secureblue/releases/tag/v4.6.1
3 months ago
0
9
1
Trivalent 140.0.7339.80-439219 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.80-439219 · secureblue/Trivalent
What's Changed chore: remove PATH hacks by @RKNF404 in #371 ci: add separate x86 and aarch64 builds by @RoyalOughtness in #372 fix: missing gn variable by @RKNF404 in #373 chore: ensure nodejs is ...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.80-439219
3 months ago
0
2
0
Trivalent 139.0.7258.154-439061 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.154-439061 · secureblue/Trivalent
What's Changed chore: add Vanadium patch to fix CFI crash by @RKNF404 in #368 chore: System toolchain by @RKNF404 in #370 Full Changelog: 139.0.7258.138-438928...139.0.7258.154-439061
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.154-439061
4 months ago
0
1
0
Trivalent 139.0.7258.138-438928 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.138-438928 · secureblue/Trivalent
What's Changed chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 by @dependabot[bot] in #353 chore: use autoninja instead of calling ninja directly by @RKNF404 in #357 docs: add refer...
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.138-438928
4 months ago
0
2
1
Trivalent 139.0.7258.127-438758 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.127-438758 · secureblue/Trivalent
What's Changed chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #347 chore(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #343 chore(...
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.127-438758
4 months ago
0
6
0
reposted by
secureblue
GrapheneOS
4 months ago
Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots.
0
16
1
This talk by
@siosm.bsky.social
covers the important work being done to enable verification for bootc images like ours.
youtu.be/D7HqckeHlx8
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
loading . . .
UKIs and composefs support for Bootable Containers - DevConf.CZ 2025
YouTube video by DevConf
https://www.youtube.com/watch?v=D7HqckeHlx8
4 months ago
0
4
2
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases:
secureblue.dev/faq#releases
4 months ago
0
11
3
you reached the end!!
feeds!
log in
