github netblue30/firejail 0.9.78
Release 0.9.78
on GitHub

5 hours ago

Note: The RELNOTES file was updated on January 3, 2026; the code archives below preserve the previous RELNOTES version.

firejail (0.9.78) baseline; urgency=low

  • feature: add arg-max-count / arg-max-len to firejail.config (#4633 #6878)
  • feature: add env-max-count / env-max-len to firejail.config (#3678 #6951)
  • feature: add --xephyr-extra-params= command (#6952)
  • feature: replace bubblewrap (bwrap) in the sandbox with a dummy program
    (fbwrap) to work around issues with glycin 2.0.0 via gdk-pixbuf2 and add
    --allow-bwrap command to force the use of the real bwrap (#6906 #7009)
  • modif: firemon: improve debug message code (#6856)
  • modif: rlimit: allow uppercase suffixes (#6890)
  • modif: rlimit: use uppercase suffixes in the code/docs (#6891)
  • modif: rlimit: improve error messages (#6893)
  • modif: update and add syscalls for several architectures (#6956 #6961)
  • modif: check for --version during early init (#6972)
  • removal: --disable-globalcfg configure option (#6984)
  • removal: overlayfs support/--overlay commands (#6994)
  • removal: Intrusion Detection System (IDS)/fids (#6995)
  • bugfix: remove /usr/share + "runner:root" CI workaround (#6844)
  • bugfix: firemon: fix inconsistent debug message format (#6854)
  • bugfix: fix potential infinite loop in checkcfg (-fanalyzer) (#6859)
  • bugfix: fnettrace-icmp: fix uninitialized vars (cppcheck) (#6869)
  • bugfix: firemon: avoid cmd double-free in procevent_monitor (#6792 #6846)
  • bugfix: firemon: fix potential memory leak in procevent_monitor (#6872)
  • bugfix: firecfg: fix parsing filenames with multiple ".desktop" (#6865
    #6871)
  • bugfix: fix French translation for ${PICTURES} macro (#6942)
  • bugfix: add missing macros in profile.template (#6948)
  • bugfix: check for --quiet/--debug earlier during init (#6969)
  • bugfix: disable apparmor if --allow-debuggers (#6882)
  • bugfix: firecfg: skip snap-packaged programs to avoid breaking them on
    Ubuntu desktop (#7008)
  • build: cppcheck: ignore src/lib/syscalls.c (#6868)
  • build: cppcheck: use --check-level=exhaustive (#6877)
  • build: add script to generate syscall headers (#6960 #6990)
  • build: add sort-profiles target for sort.py (#7004)
  • tests: rlimit: add missing tests for rlimit-as / rlimit-cpu (#6895)
  • tests: man: fix timeout error (#6949)
  • tests: man: disable test due to timeout (#6955)
  • tests: fix test-appimage on Arch and Debian 13 (#7007)
  • ci: allow new github domain for codeql download (#6845)
  • ci: standardize "apt-get install" step name (#6862)
  • ci: speed-up main build & add build-gcc (#6864)
  • ci: cppcheck: upgrade ubuntu-22.04 to ubuntu-24.04 (#6874)
  • ci: codespell: upgrade ubuntu-22.04 to ubuntu-24.04 (#6873)
  • ci: codeql-cpp: print config.log if configure fails (#7003)
  • docs: man: improve strace usage and add refs (#6851)
  • docs: add debian/ubuntu links to README.md (#6850)
  • docs: github: clarify how to attach logs (#6858)
  • docs: rlimit: improve text and use base-2 units (#6894)
  • docs: man: clarify what ipc-namespace affects (#6930)
  • docs: improve build/install commands (#6962)
  • docs: add distribution-specific build/install instructions (#6964)
  • docs: clarify that only latest and dev versions are supported (#6965)
  • docs: always use full path to program in examples (#6963)
  • profiles: thunderbird: fix ignoring wruc (#6839 #6852)
  • profiles: wine: disable noinput so gamepads work (#6866 #6867)
  • profiles: qutebrowser: whitelist /usr/share/pdf.js (#6875)
  • profiles: firefox-common: add a comment about mpris (#6876)
  • profiles: qutebrowser: add comment about qute-pass support (#6879)
  • profiles: add missing mailcap entries (#6883 #6884)
  • profiles: organize blacklist sections as per profile.template (#6885)
  • profiles: godot: allow ~/.local/share/Trash (#6904)
  • profiles: wusc: add /usr/share/glycin-loaders (#6907)
  • profiles: wusc: add /usr/share/gtk-4.0 (#6909)
  • profiles: mullvad-browser: allow readlink and realpath (#6923)
  • profiles: blink-common-hardened: disable noroot to fix saving files (#6920)
  • profiles: steam: allow ~/.local/share/doublefine (#6937)
  • profiles: wusc: add /usr/share/gtksourceview-5 (#6947)
  • profiles: ssh: add ${RUNUSER}/openssh_agent socket path (#6975)
  • profiles: brave: add org.mpris.MediaPlayer2.brave.* (#6980)
  • profiles: hashcat: fix runtime errors (#6364 #6888)
  • new profile: ne (text editor) (ae22e56)
  • new profile: trivalent (#6900)
  • new profile: openra (#7005)
  • new profile: gzdoom, lzdoom, uzdoom (#7010)
  • new profile: quakespasm (#7014)
    -- netblue30 netblue30@yahoo.com Sat, 3 Jan 2026 11:00:00 -0500
Check out latest releases or
releases around netblue30/firejail 0.9.78

Don't miss a new firejail release

NewReleases is sending notifications on new releases.

Get notifications