github freedomofpress/dangerzone v0.7.0
Dangerzone 0.7.0

latest releases: v0.8.0, v0.8.0-rc1, v0.7.1...
4 months ago

This release includes various new features, stability improvements, and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date.

The highlights are:

  • Improved our document processing sandbox with gVisor
    Our original sandbox where we processed untrusted documents relied on the container runtimes that Docker and Podman provided. These runtimes are battle-tested, and Dangerzone further restricted the spawned containers with as few privileges as possible. Still, the spawned container had direct access to the Linux kernel, which has a large, albeit not easily exploitable, attack surface.

    Starting on 0.7.0, we use gVisor as a sandbox between the conversion process and user's system, Linux kernel included. gVisor is written in a memory-safe language (Go), has a significantly smaller feature set than the Linux kernel, and reinterprets every system call that the container makes in a safer way. We believe that this integration empowers our users across all platforms (Windows, macOS, and Linux) to sanitize untrusted documents with even more confidence. We want to thank @EtiennePerot, an engineer on the gVisor project, who was the driving force behind this integration (#590).

  • Drag-and-drop interface
    Dangerzone will undergo UX improvements in the next releases, in order to make it easier to work with and enable some workflows that were previously not possible. A first taste of these improvements is a new drag-and-drop interface, which allows users to simply select files from their file manager and drag them to Dangerzone in order to convert them (#752).

  • Dropped support for Fedora 38, which is EOL

  • Community contributions:

    • We want to thank @rocodes, who improved Dangerzone on Linux to autodetect the system's default PDF viewer (#814)
    • We want to thank @naglis, who fixed some bugs and warnings related to the Python bindings for Qt (#595, #798).

For a full list of the changes, see our changelog.

Don't miss a new dangerzone release

NewReleases is sending notifications on new releases.