News

Dangerzone 0.8.0 is out

This release includes various new features, stability improvements and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date. In addition to the changes specific to this release, we want to note that you can now use Dangerzone on the Tails live system. You can read the announcement on their blog, or read the documentation about it.

The highlights are:

  • The second phase of the conversion (pixels to PDF) now happens on the host.

    Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF on the host, while the doc to pixels conversion is still running on the first container. This architectural change removes a class of problems we had in the past:

    • Issues with temporary directories and their permissions.
    • Out of space issues caused by documents with lots of pages (mainly impacted Qubes users).
    • SELinux issues due to relabeling mounted files.
    • Mounting files to Docker containers, prevented by security policies in Windows/macOS.
    • Not being able to run with user ID other than 1000.

    If at some point in time you were affected by the above, we suggest giving this version a shot. The sanitization is no less safe, since the boundaries between the sandbox and the host are still respected (#625).

  • Installation and execution errors are now caught and displayed in the interface, which should make debugging easier (#193)

  • The macOS entitlements have been revisited, following our security audit. We have now removed unneeded privileges (#638)

  • We now always use our own seccomp policy as a default (#908)

Platform support updates

  • This release is the last one that will support Ubuntu Focal (20.04).

    Ubuntu Focal is nearing its end of life date, due in April 2nd, 2025 (#965). We urge you to update to a newer Ubuntu version in order to get security updates.

  • Add support for Fedora 41 (#947)

  • Add support for Ubuntu 24.10 (#954)

  • Drop support for Ubuntu Mantic (23.10), since it's end-of-life (#977)

Community contributions

For this release, we had some help from community members. We want to thank:

  • @bnewc, who improved the interface, effectively preventing our users from using illegal characters in the output filename (#362)
  • @amnak613, who allowed us to report some stray conversion errors (#776)
  • @jkarasti, who helped us change the signature mechanism from SHA1 to SHA256 for our Windows installer (#931)

Read more

Dangerzone 0.7.1 is out

This release includes a patch for Docker Desktop, and security updates. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date. To install, follow the links in our downloads page.

The two changes in this release are:

  • Make Dangerzone work with fresh Docker Desktop installations

    This release mainly addresses an issue with new Docker Desktop installations on Windows and Mac OS. Users who have done a fresh installation of Docker Desktop 4.30.0 or greater (released on August 29th), have reported that Dangerzone fails conversions with the following error message:

    Unknown Error Code '125'

    This error message is attributed to a new way that Docker Desktop stores and references container images, which broke some Dangerzone expectations. With this release, we enable Dangerzone to work both with older Docker Deskop installations and newer ones.

  • Update the software in our container image

    As in every release, we rebuild our container image to get the latest security updates.

For a full list of the changes, see our changelog.

Safe Ride into the Dangerzone: Reducing attack surface with gVisor

This article was written in collaboration with Google's gVisor team and cross-posted on the gVisor blog.

One of the oft-repeated sound bites of computer security advice is: “Don’t open random attachments from strangers.” If you are a journalist, however, opening attachments and documents is part of your job description. Since journalists already have a lot of security threats to worry about in dealing with sources, the safe opening of documents should not be one of them. Dangerzone was developed to solve this problem. It lets you open suspicious documents with confidence and gets out of your way.

For the past few months, members of the Dangerzone team and the gVisor project collaborated on significantly improving the security properties of Dangerzone. We’re excited to announce that as of version 0.7.0, Dangerzone uses gVisor to secure its document conversion process. It is already trusted by Google and others to secure cloud products, scan Gmail attachments for viruses, etc.

Read more

Welcome to the Dangerzone

Welcome to the official Dangerzone blog. We will mainly cover:

  • release announcements
  • security updates (e.g., about code audits or vulnerabilities)
  • articles related to document sanitization and Dangerzone's inner workings.

You can follow the blog in your feed reader of choice. If you have thoughts on topics to cover (or would like to draft a post yourself), please don't hesitate to get in touch via our discussion forums.

Thank you for being part of the Dangerzone community!