This release backports fixes for over 250 potential security issues found using various AI security scanners over the last 3 months.
The 2.1.x releases include even more fixes and hardening work, and so most users should use those instead; this release is provided for the more conservative distros.
This release also fixes the following bugs:
- Activate NVM when updating Dell docks
- Add a timeout to fwupd-refresh.service systemd unit
- Add vendor name and name for various UEFI certificates
- Allow Intel GPU firmware downgrade
- Claim the udev netlink backend before old libusb versions
- Cleanup all the user inhibits when required
- Do not include EV_NO_ACTION when calculating the TPM PCRs
- Do not probe all Nordic devices with USB VID 0x1915
- Do not support JCat files with ID path components
- Do not use capsule-on-disk on Lenovo ThinkCentre M60e Tiny
- Enable efi_app_location to be overrideable at build-time
- Expand netlink socket buffer to prevent packet loss during event floods
- Fall back to a generic firmware type when parsing unknown mtd devices
- Fix genesys-gl32xx enumeration crash due to argument mismatch
- Fix race with UDisks2 volume discovery during replug
- Fix the check-reboot-needed command to work correctly
- Fix the Thunderbolt version number by ignoring the reserved bits
- Get the fastboot device version and set the version format automatically
- Re-process the device metadata when required after all devices are added
- Show translated problems when a device cannot be installed
- Use CA1 for a SK Hynix NVMe drive
- Use the UOD approach while updating Dell docks
This release adds support for the following hardware:
- Intel Arc Pro B65 and Arc Pro B70
- SHIFTphone 8 and SHIFT6mq