secureblue
@secureblue.dev
📤 138
📥 1
📝 48
A security-focused desktop and server linux operating system.
https://secureblue.dev
pinned post!
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases:
secureblue.dev/faq#releases
7 months ago
0
12
3
Trivalent 145.0.7632.116 released:
github.com/secureblue/T...
loading . . .
Release 145.0.7632.116-442971 · secureblue/Trivalent
Upstream Changes https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html Full Changelog: 145.0.7632.75-442755...145.0.7632.116-442971
https://github.com/secureblue/Trivalent/releases/tag/145.0.7632.116-442971
8 days ago
0
2
0
Check out the new article on
secureblue.dev
covering secureblue's build architecture, especially supply chain security mechanisms:
secureblue.dev/articles/bui...
loading . . .
Build architecture | secureblue
Build architecture for secureblue
https://secureblue.dev/articles/build-architecture
10 days ago
0
8
1
Trivalent 145.0.7632.109-442868 released:
github.com/secureblue/T...
loading . . .
Release 145.0.7632.109-442868 · secureblue/Trivalent
What's Changed chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in #626 chore: add debug conditions by @RKNF404 in #628 fix: right click crash due to SideByS...
https://github.com/secureblue/Trivalent/releases/tag/145.0.7632.109-442868
12 days ago
0
5
0
Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that an exploit for CVE-2026-2441 exists in the wild.
loading . . .
Release 145.0.7632.75-442755 · secureblue/Trivalent
What's Changed feat: use source cache versioning by @RKNF404 in #624 Full Changelog: 145.0.7632.67-442735...145.0.7632.75-442755
https://github.com/secureblue/Trivalent/releases/tag/145.0.7632.75-442755
18 days ago
0
2
1
Trivalent 145.0.7632.67-442736 released:
github.com/secureblue/T...
This release includes upstream security fixes for 11 CVEs. It also features a new quick action toolbar button for our dark mode toggle. You can add it to your toolbar via Settings > Appearance > Customize your toolbar.
loading . . .
Release 145.0.7632.67-442736 · secureblue/Trivalent
What's Changed fix(aarch64): pull Chromium patch to assume nightly rustc by @RoyalOughtness in #615 Upstream Changes https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-deskto...
https://github.com/secureblue/Trivalent/releases/tag/145.0.7632.67-442736
19 days ago
0
2
0
Release v4.8.1 is out, now with the Bazaar App Store. See the release notes for details:
github.com/secureblue/s...
loading . . .
Release v4.8.1 - Switch to Bazaar App Store · secureblue/secureblue
v4.8.1 - Switch to Bazaar App Store All app stores (Gnome Software, Discover, Cosmic Stores) have been removed and replaced with Bazaar. Corresponding firmware update notifications provided by thos...
https://github.com/secureblue/secureblue/releases/tag/v4.8.1
26 days ago
0
7
3
Trivalent 144.0.7559.132-442539 released:
github.com/secureblue/T...
loading . . .
Release 144.0.7559.132-442539 · secureblue/Trivalent
What's Changed fix: secureblue faq url by @RoyalOughtness in #595 feat: disable user feedback prompts by @RoyalOughtness in #596 chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1...
https://github.com/secureblue/Trivalent/releases/tag/144.0.7559.132-442539
27 days ago
0
3
0
If you've installed dangerzone, you're likely having upgrade issues. Dangerzone abruptly moved their repo GPG key, which they will fix shortly. To unblock, you can simply run0edit /etc/yum.repos.d/dangerzone.repo and replace gpgkey with their new url:
packages.freedom.press/yum-tools-pr...
about 1 month ago
1
1
0
Trivalent 144.0.7559.109-442393 released:
github.com/secureblue/T...
loading . . .
Release 144.0.7559.109-442393 · secureblue/Trivalent
What's Changed chore: update copyright statement by @RoyalOughtness in #585 chore(vanadium): update patches by @RKNF404 in #586 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabo...
https://github.com/secureblue/Trivalent/releases/tag/144.0.7559.109-442393
about 1 month ago
0
2
0
Release v4.8 is out, containing a number of major improvements. See the release notes for details:
github.com/secureblue/s...
loading . . .
Release v4.8 - Provenance, egress blocking, virtualization, and rechunking · secureblue/secureblue
v4.8 - Provenance, egress blocking, virtualization, and rechunking Provenance Image upgrades now include automatic SLSA provenance verification. Provenance verification can also be done when manual...
https://github.com/secureblue/secureblue/releases/tag/v4.8
about 1 month ago
0
7
0
Trivalent 144.0.7559.96-442238 released:
github.com/secureblue/T...
loading . . .
Release 144.0.7559.96-442238 · secureblue/Trivalent
What's Changed fix: remove quotes from generic name and comment in trivalent.desktop by @tpaau in #578 chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #582 Up...
https://github.com/secureblue/Trivalent/releases/tag/144.0.7559.96-442238
about 1 month ago
0
1
0
Trivalent 144.0.7559.59-442111 released:
github.com/secureblue/T...
loading . . .
Release 144.0.7559.59-442111 · secureblue/Trivalent
What's Changed feat: add comment and generic name for the desktop entry by @tpaau in #561 chore(port): update patches to 144 by @RKNF404 in #557 feat(gpusandbox): improve seccomp filter for GPU pr...
https://github.com/secureblue/Trivalent/releases/tag/144.0.7559.59-442111
about 2 months ago
0
1
0
Trivalent 143.0.7499.192-441933 released:
github.com/secureblue/T...
loading . . .
Release 143.0.7499.192-441933 · secureblue/Trivalent
What's Changed chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #548 chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #549...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.192-441933
about 2 months ago
0
3
0
Trivalent 143.0.7499.169-441525 released:
github.com/secureblue/T...
loading . . .
Release 143.0.7499.169-441525 · secureblue/Trivalent
What's Changed feat(ui): Translation support by @RKNF404 in #544 Upstream Changes https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_18.html Full Changelog: 143.0.749...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.169-441525
2 months ago
0
3
0
Trivalent 143.0.7499.146-441480 released:
github.com/secureblue/T...
loading . . .
Release 143.0.7499.146-441480 · secureblue/Trivalent
What's Changed chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #535 feat: exit immediately if run as root by @RoyalOughtness in #536 fix: avoid bwrap errors with ldpr...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.146-441480
3 months ago
0
3
0
Trivalent 143.0.7499.109-441349 released:
github.com/secureblue/T...
Google is aware that an exploit for Bug 466192044 (no CVE issued yet) exists in the wild.
loading . . .
Release 143.0.7499.109-441349 · secureblue/Trivalent
What's Changed feat: Create enable-partitionalloc-advanced-checks.patch by @RKNF404 in #527 chore(wrapper): various improvements Wrapper improvements by @RKNF404 in #528 docs: update selinux sente...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.109-441349
3 months ago
0
4
1
Trivalent 143.0.7499.40-441176 released:
github.com/secureblue/T...
loading . . .
Release 143.0.7499.40-441176 · secureblue/Trivalent
What's Changed feat(theming): Classic theme by default by @RKNF404 in #519 fix(spec): properly check off version tag by @RKNF404 in #520 fix(conf): make ENABLE_VULKAN not persistent in the system ...
https://github.com/secureblue/Trivalent/releases/tag/143.0.7499.40-441176
3 months ago
0
3
0
Our images are now rechunked using build-chunked-oci, reducing daily update sizes by ~40%. We expect this reduction to grow as we make further optimizations. The initial update to a rechunked image will be substantially larger, but this is a one-time event. For more info:
github.com/blue-build/c...
loading . . .
feat: support rechunking with build-chunked-oci by HastD · Pull Request #610 · blue-build/cli
Add support for rechunking images with rpm-ostree compose build-chunked-oci. This is available in the CLI with the --build-chunked-oci option, with an optional --max-layers argument to specify the ...
https://github.com/blue-build/cli/pull/610/files
3 months ago
0
18
1
This week we shipped ARM64 images for Beta testing. Please report any issues you encounter. For installation instructions, consult
secureblue.dev/install#arm64
loading . . .
Install | secureblue
Steps to install secureblue
https://secureblue.dev/install#arm64
3 months ago
1
8
1
Trivalent 142.0.7444.175-440855 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
This release includes upstream security fixes for multiple CVEs, including CVE-2025-13223. Google is aware of an exploit for CVE-2025-13223 that exists in the wild.
loading . . .
Release 142.0.7444.175-440855 · secureblue/Trivalent
What's Changed chore: remove unnecessary patch by @RoyalOughtness in #511 fix(wrapper): flags variable handling by @RKNF404 in #515 Full Changelog: 142.0.7444.162-440723...142.0.7444.175-440855
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.175-440855
4 months ago
0
2
0
Trivalent 142.0.7444.162-440723 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
loading . . .
Release 142.0.7444.162-440723 · secureblue/Trivalent
What's Changed docs: Update the readme to reflect the new state of the NSS by @Collision4468 in #504 feat(ui): Move search suggestion by @RKNF404 in #510 feat(conf): Extra conf files support by @R...
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.162-440723
4 months ago
0
3
1
ISOs and Torrents for the F43-based secureblue images are now available! Please seed if you can:
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to
@fosstorrents.bsky.social
for providing torrent hosting!
loading . . .
Install | secureblue
Steps to install secureblue
https://secureblue.dev/install#iso
4 months ago
0
3
0
Trivalent 142.0.7444.134-440598 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
loading . . .
Release 142.0.7444.134-440598 · secureblue/Trivalent
What's Changed fix: disable ai mode omnibox entrypoint by @RoyalOughtness in #505 Full Changelog: 142.0.7444.134-440595...142.0.7444.134-440598
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.134-440598
4 months ago
0
2
0
Release v4.7 is out, based on Fedora 43. Thanks to everyone who helped test and fix issues. No action is needed to upgrade, you will get the new image automatically.
github.com/secureblue/s...
loading . . .
Release v4.7 - Fedora 43 · secureblue/secureblue
What's Changed chore(po): update PO files to reflect changes to audit script by @HastD in #1320 chore(audit): add Bazaar to "expected arbitrary permissions" list by @HastD in #1290 feat: don't ins...
https://github.com/secureblue/secureblue/releases/tag/v4.7
4 months ago
0
5
0
Fedora 43 was released yesterday, but we're not switching to an F43 base yet. F43 includes a switch from RPM 4 to RPM 6. This includes a change that breaks upgrades on atomic. A fix is in the works:
github.com/coreos/rpm-o...
We'll switch to an F43 base once a fix is merged, tested, and shipped.
4 months ago
2
6
2
Trivalent 142.0.7444.59-440428 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 142.0.7444.59-440428 · secureblue/Trivalent
What's Changed chore: switch to environment secrets by @RoyalOughtness in #485 fix: environment change based on test_build variable by @RoyalOughtness in #486 chore: delete approvals action by @Ro...
https://github.com/secureblue/Trivalent/releases/tag/142.0.7444.59-440428
4 months ago
0
1
0
Trivalent 141.0.7390.127-440331 released: This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here:
issues.chromium.org/issues/45435...
github.com/secureblue/T...
loading . . .
Release 141.0.7390.127-440331 · secureblue/Trivalent
What's Changed feat: Disable optimizers with JIT enabled by @RKNF404 in #481 feat(versioning): add support for off-version tag releases by @RKNF404 in #482 chore: set 141.0.7390.127 version due to...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.127-440331
4 months ago
0
4
1
Trivalent 141.0.7390.122-440271 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.122-440271 · secureblue/Trivalent
What's Changed chore: add dependabot cooldown by @RoyalOughtness in #469 feat: switch to stepsecurity image by @RoyalOughtness in #471 fix: update deps so that dnf doesn't get confused by @RoyalOu...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.122-440271
4 months ago
0
3
0
Trivalent 141.0.7390.107-440120 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.107-440120 · secureblue/Trivalent
What's Changed fix(build): grep command should be arch-agnostic by @RoyalOughtness in #456 chore: add openssf scorecard.dev scanning by @RoyalOughtness in #455 chore: delete auth schemes patch by ...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.107-440120
5 months ago
0
2
1
Trivalent 141.0.7390.76-440020 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.76-440020 · secureblue/Trivalent
What's Changed chore: Revert "chore(build): switch back to github large runners unti… by @RoyalOughtness in #440 fix(supplychain): set subject correctly for provenance generation by @RoyalOughtnes...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.76-440020
5 months ago
0
2
0
Trivalent 141.0.7390.65-439968 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
loading . . .
Release 141.0.7390.65-439968 · secureblue/Trivalent
What's Changed fix(arm): update rust clanglib patch by @RoyalOughtness in #424 chore: add initial changelog by @RoyalOughtness in #426 chore(build): remove dep on sysroot by @RKNF404 in #427 chore...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.65-439968
5 months ago
0
0
0
Trivalent 141.0.7390.54-439843 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 141.0.7390.54-439843 · secureblue/Trivalent
What's Changed feat: enable drumbrake by default by @RKNF404 in #411 chore: adjust wording on DrumBrake flag by @RKNF404 in #412 chore: 141 port by @RKNF404 in #413 chore: pull 141 patches from Va...
https://github.com/secureblue/Trivalent/releases/tag/141.0.7390.54-439843
5 months ago
0
0
0
Trivalent 140.0.7339.207-439665 released: This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.207-439665 · secureblue/Trivalent
What's Changed feat: add functional drumbrake toggle & enable drumbrake build option by @RKNF404 in #408 Full Changelog: 140.0.7339.185-439535...140.0.7339.207-439665
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.207-439665
5 months ago
1
2
0
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
loading . . .
Release 140.0.7339.185-439535 · secureblue/Trivalent
What's Changed fix: build hardening typo by @RoyalOughtness in #403 build: disable shadow_call_stack for aarch64 by @RoyalOughtness in #404 chore: hide ui popup text by @RKNF404 in #405 chore: hid...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.185-439535
6 months ago
0
1
0
Trivalent 140.0.7339.127-439381 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.127-439381 · secureblue/Trivalent
What's Changed chore: re-enable audio sandbox by @RKNF404 in #393 fix: FTBFS patch by @RoyalOughtness in #394 chore: remove fedora patches from updater by @RKNF404 in #395 fix: search selection sc...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.127-439381
6 months ago
0
1
0
secureblue v4.6.1 has been released:
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
loading . . .
Release v4.6.1 - Polish and QOL release · secureblue/secureblue
What's Changed fix: add LD_PRELOAD=libhardened_malloc.so to /etc/profile.d by @HastD in #1168 fix: missing timer preset by @RoyalOughtness in #1165 chore(deps): bump aquasecurity/trivy-action from...
https://github.com/secureblue/secureblue/releases/tag/v4.6.1
6 months ago
0
9
1
Trivalent 140.0.7339.80-439219 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
loading . . .
Release 140.0.7339.80-439219 · secureblue/Trivalent
What's Changed chore: remove PATH hacks by @RKNF404 in #371 ci: add separate x86 and aarch64 builds by @RoyalOughtness in #372 fix: missing gn variable by @RKNF404 in #373 chore: ensure nodejs is ...
https://github.com/secureblue/Trivalent/releases/tag/140.0.7339.80-439219
6 months ago
0
2
0
Trivalent 139.0.7258.154-439061 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.154-439061 · secureblue/Trivalent
What's Changed chore: add Vanadium patch to fix CFI crash by @RKNF404 in #368 chore: System toolchain by @RKNF404 in #370 Full Changelog: 139.0.7258.138-438928...139.0.7258.154-439061
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.154-439061
6 months ago
0
1
0
Trivalent 139.0.7258.138-438928 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.138-438928 · secureblue/Trivalent
What's Changed chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 by @dependabot[bot] in #353 chore: use autoninja instead of calling ninja directly by @RKNF404 in #357 docs: add refer...
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.138-438928
7 months ago
0
2
1
Trivalent 139.0.7258.127-438758 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
loading . . .
Release 139.0.7258.127-438758 · secureblue/Trivalent
What's Changed chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #347 chore(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #343 chore(...
https://github.com/secureblue/Trivalent/releases/tag/139.0.7258.127-438758
7 months ago
0
6
0
reposted by
secureblue
GrapheneOS
7 months ago
Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots.
0
16
1
This talk by
@siosm.bsky.social
covers the important work being done to enable verification for bootc images like ours.
youtu.be/D7HqckeHlx8
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
loading . . .
UKIs and composefs support for Bootable Containers - DevConf.CZ 2025
YouTube video by DevConf
https://www.youtube.com/watch?v=D7HqckeHlx8
7 months ago
0
4
2
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases:
secureblue.dev/faq#releases
7 months ago
0
12
3
you reached the end!!
feeds!
log in
