secureblue
@secureblue.dev
Pinned
secureblue
@secureblue.dev
· Aug 11
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases: secureblue.dev/faq#releases
Trivalent 142.0.7444.162-440723 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
Release 142.0.7444.162-440723 · secureblue/Trivalent
What's Changed
docs: Update the readme to reflect the new state of the NSS by @Collision4468 in #504
feat(ui): Move search suggestion by @RKNF404 in #510
feat(conf): Extra conf files support by @R...
github.com
November 12, 2025 at 6:29 AM
Trivalent 142.0.7444.162-440723 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
ISOs and Torrents for the F43-based secureblue images are now available! Please seed if you can:
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to @fosstorrents.bsky.social for providing torrent hosting!
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to @fosstorrents.bsky.social for providing torrent hosting!
Install | secureblue
Steps to install secureblue
secureblue.dev
November 10, 2025 at 5:50 AM
ISOs and Torrents for the F43-based secureblue images are now available! Please seed if you can:
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to @fosstorrents.bsky.social for providing torrent hosting!
secureblue.dev/install#iso
fosstorrents.com/distribution...
Many thanks to @fosstorrents.bsky.social for providing torrent hosting!
Trivalent 142.0.7444.134-440598 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
Release 142.0.7444.134-440598 · secureblue/Trivalent
What's Changed
fix: disable ai mode omnibox entrypoint by @RoyalOughtness in #505
Full Changelog: 142.0.7444.134-440595...142.0.7444.134-440598
github.com
November 6, 2025 at 3:52 AM
Trivalent 142.0.7444.134-440598 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/11/stab...
Release v4.7 is out, based on Fedora 43. Thanks to everyone who helped test and fix issues. No action is needed to upgrade, you will get the new image automatically. github.com/secureblue/s...
Release v4.7 - Fedora 43 · secureblue/secureblue
What's Changed
chore(po): update PO files to reflect changes to audit script by @HastD in #1320
chore(audit): add Bazaar to "expected arbitrary permissions" list by @HastD in #1290
feat: don't ins...
github.com
November 5, 2025 at 5:51 PM
Release v4.7 is out, based on Fedora 43. Thanks to everyone who helped test and fix issues. No action is needed to upgrade, you will get the new image automatically. github.com/secureblue/s...
Fedora 43 was released yesterday, but we're not switching to an F43 base yet. F43 includes a switch from RPM 4 to RPM 6. This includes a change that breaks upgrades on atomic. A fix is in the works: github.com/coreos/rpm-o...
We'll switch to an F43 base once a fix is merged, tested, and shipped.
We'll switch to an F43 base once a fix is merged, tested, and shipped.
October 29, 2025 at 4:19 PM
Fedora 43 was released yesterday, but we're not switching to an F43 base yet. F43 includes a switch from RPM 4 to RPM 6. This includes a change that breaks upgrades on atomic. A fix is in the works: github.com/coreos/rpm-o...
We'll switch to an F43 base once a fix is merged, tested, and shipped.
We'll switch to an F43 base once a fix is merged, tested, and shipped.
Trivalent 142.0.7444.59-440428 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Release 142.0.7444.59-440428 · secureblue/Trivalent
What's Changed
chore: switch to environment secrets by @RoyalOughtness in #485
fix: environment change based on test_build variable by @RoyalOughtness in #486
chore: delete approvals action by @Ro...
github.com
October 29, 2025 at 7:21 AM
Trivalent 142.0.7444.59-440428 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Trivalent 141.0.7390.127-440331 released:
This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here: issues.chromium.org/issues/45435...
github.com/secureblue/T...
This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here: issues.chromium.org/issues/45435...
github.com/secureblue/T...
Release 141.0.7390.127-440331 · secureblue/Trivalent
What's Changed
feat: Disable optimizers with JIT enabled by @RKNF404 in #481
feat(versioning): add support for off-version tag releases by @RKNF404 in #482
chore: set 141.0.7390.127 version due to...
github.com
October 24, 2025 at 7:54 PM
Trivalent 141.0.7390.127-440331 released:
This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here: issues.chromium.org/issues/45435...
github.com/secureblue/T...
This release pulls in V8 14.1.146.13, which fixes CVE-2025-12036. This V8 version was supposed to be pulled into Chromium in 141.0.7390.122. This issue has been ack'd by Google here: issues.chromium.org/issues/45435...
github.com/secureblue/T...
Trivalent 141.0.7390.122-440271 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Release 141.0.7390.122-440271 · secureblue/Trivalent
What's Changed
chore: add dependabot cooldown by @RoyalOughtness in #469
feat: switch to stepsecurity image by @RoyalOughtness in #471
fix: update deps so that dnf doesn't get confused by @RoyalOu...
github.com
October 22, 2025 at 12:30 AM
Trivalent 141.0.7390.122-440271 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Trivalent 141.0.7390.107-440120 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Release 141.0.7390.107-440120 · secureblue/Trivalent
What's Changed
fix(build): grep command should be arch-agnostic by @RoyalOughtness in #456
chore: add openssf scorecard.dev scanning by @RoyalOughtness in #455
chore: delete auth schemes patch by ...
github.com
October 15, 2025 at 1:39 AM
Trivalent 141.0.7390.107-440120 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Trivalent 141.0.7390.76-440020 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Release 141.0.7390.76-440020 · secureblue/Trivalent
What's Changed
chore: Revert "chore(build): switch back to github large runners unti… by @RoyalOughtness in #440
fix(supplychain): set subject correctly for provenance generation by @RoyalOughtnes...
github.com
October 10, 2025 at 8:37 AM
Trivalent 141.0.7390.76-440020 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Trivalent 141.0.7390.65-439968 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Release 141.0.7390.65-439968 · secureblue/Trivalent
What's Changed
fix(arm): update rust clanglib patch by @RoyalOughtness in #424
chore: add initial changelog by @RoyalOughtness in #426
chore(build): remove dep on sysroot by @RKNF404 in #427
chore...
github.com
October 7, 2025 at 11:16 PM
Trivalent 141.0.7390.65-439968 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/10/stab...
Trivalent 141.0.7390.54-439843 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Release 141.0.7390.54-439843 · secureblue/Trivalent
What's Changed
feat: enable drumbrake by default by @RKNF404 in #411
chore: adjust wording on DrumBrake flag by @RKNF404 in #412
chore: 141 port by @RKNF404 in #413
chore: pull 141 patches from Va...
github.com
October 2, 2025 at 4:53 AM
Trivalent 141.0.7390.54-439843 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Trivalent 140.0.7339.207-439665 released:
This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Release 140.0.7339.207-439665 · secureblue/Trivalent
What's Changed
feat: add functional drumbrake toggle & enable drumbrake build option by @RKNF404 in #408
Full Changelog: 140.0.7339.185-439535...140.0.7339.207-439665
github.com
September 23, 2025 at 11:14 PM
Trivalent 140.0.7339.207-439665 released:
This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes a toggle in flags to enable DrumBrake. The toggle is disabled by default due to its experimental state. If the toggle is flipped on, it enables JIT-less WASM.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
Release 140.0.7339.185-439535 · secureblue/Trivalent
What's Changed
fix: build hardening typo by @RoyalOughtness in #403
build: disable shadow_call_stack for aarch64 by @RoyalOughtness in #404
chore: hide ui popup text by @RKNF404 in #405
chore: hid...
github.com
September 17, 2025 at 11:21 PM
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
Trivalent 140.0.7339.127-439381 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Release 140.0.7339.127-439381 · secureblue/Trivalent
What's Changed
chore: re-enable audio sandbox by @RKNF404 in #393
fix: FTBFS patch by @RoyalOughtness in #394
chore: remove fedora patches from updater by @RKNF404 in #395
fix: search selection sc...
github.com
September 10, 2025 at 8:59 PM
Trivalent 140.0.7339.127-439381 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
secureblue v4.6.1 has been released:
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
Release v4.6.1 - Polish and QOL release · secureblue/secureblue
What's Changed
fix: add LD_PRELOAD=libhardened_malloc.so to /etc/profile.d by @HastD in #1168
fix: missing timer preset by @RoyalOughtness in #1165
chore(deps): bump aquasecurity/trivy-action from...
github.com
September 5, 2025 at 11:11 PM
secureblue v4.6.1 has been released:
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
github.com/secureblue/s...
𝑅𝑒𝑚𝑖𝑛𝑑𝑒𝑟: 𝑟𝑒𝑙𝑒𝑎𝑠𝑒𝑠 𝑎𝑟𝑒 𝑠𝑦𝑚𝑏𝑜𝑙𝑖𝑐. 𝐵𝑢𝑖𝑙𝑑𝑠 𝑎𝑟𝑒 𝑐𝑟𝑒𝑎𝑡𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑠ℎ𝑒𝑑 𝑖𝑚𝑚𝑒𝑑𝑖𝑎𝑡𝑒𝑙𝑦 𝑎𝑓𝑡𝑒𝑟 𝑛𝑒𝑤 𝑐𝑜𝑚𝑚𝑖𝑡𝑠 𝑎𝑟𝑒 𝑚𝑒𝑟𝑔𝑒𝑑.
Trivalent 140.0.7339.80-439219 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Release 140.0.7339.80-439219 · secureblue/Trivalent
What's Changed
chore: remove PATH hacks by @RKNF404 in #371
ci: add separate x86 and aarch64 builds by @RoyalOughtness in #372
fix: missing gn variable by @RKNF404 in #373
chore: ensure nodejs is ...
github.com
September 3, 2025 at 6:35 AM
Trivalent 140.0.7339.80-439219 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
Trivalent 139.0.7258.154-439061 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Release 139.0.7258.154-439061 · secureblue/Trivalent
What's Changed
chore: add Vanadium patch to fix CFI crash by @RKNF404 in #368
chore: System toolchain by @RKNF404 in #370
Full Changelog: 139.0.7258.138-438928...139.0.7258.154-439061
github.com
August 26, 2025 at 11:02 PM
Trivalent 139.0.7258.154-439061 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Trivalent 139.0.7258.138-438928 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Release 139.0.7258.138-438928 · secureblue/Trivalent
What's Changed
chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 by @dependabot[bot] in #353
chore: use autoninja instead of calling ninja directly by @RKNF404 in #357
docs: add refer...
github.com
August 20, 2025 at 9:27 PM
Trivalent 139.0.7258.138-438928 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Trivalent 139.0.7258.127-438758 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Release 139.0.7258.127-438758 · secureblue/Trivalent
What's Changed
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #347
chore(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #343
chore(...
github.com
August 12, 2025 at 11:11 PM
Trivalent 139.0.7258.127-438758 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
github.com/secureblue/T...
chromereleases.googleblog.com/2025/08/stab...
Reposted by secureblue
Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots.
August 11, 2025 at 10:05 PM
Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots.
This talk by @siosm.bsky.social covers the important work being done to enable verification for bootc images like ours. youtu.be/D7HqckeHlx8
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
UKIs and composefs support for Bootable Containers - DevConf.CZ 2025
YouTube video by DevConf
www.youtube.com
August 11, 2025 at 1:00 AM
This talk by @siosm.bsky.social covers the important work being done to enable verification for bootc images like ours. youtu.be/D7HqckeHlx8
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
"Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every byte of every file is verified on load."
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases: secureblue.dev/faq#releases
August 11, 2025 at 12:48 AM
You can expect posts here to cover news, updates, and future plans. Critical information relating to releases will continue to be provided at Github Releases: secureblue.dev/faq#releases