Dangerzone 0.8.0 is out

This release includes various new features, stability improvements and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date. In addition to the changes specific to this release, we want to note that you can now use Dangerzone on the Tails live system. You can read the announcement on their blog, or read the documentation about it.

The highlights are:

  • The second phase of the conversion (pixels to PDF) now happens on the host.

    Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF on the host, while the doc to pixels conversion is still running on the first container. This architectural change removes a class of problems we had in the past:

    • Issues with temporary directories and their permissions.
    • Out of space issues caused by documents with lots of pages (mainly impacted Qubes users).
    • SELinux issues due to relabeling mounted files.
    • Mounting files to Docker containers, prevented by security policies in Windows/macOS.
    • Not being able to run with user ID other than 1000.

    If at some point in time you were affected by the above, we suggest giving this version a shot. The sanitization is no less safe, since the boundaries between the sandbox and the host are still respected (#625).

  • Installation and execution errors are now caught and displayed in the interface, which should make debugging easier (#193)

  • The macOS entitlements have been revisited, following our security audit. We have now removed unneeded privileges (#638)

  • We now always use our own seccomp policy as a default (#908)

Platform support updates

  • This release is the last one that will support Ubuntu Focal (20.04).

    Ubuntu Focal is nearing its end of life date, due in April 2nd, 2025 (#965). We urge you to update to a newer Ubuntu version in order to get security updates.

  • Add support for Fedora 41 (#947)

  • Add support for Ubuntu 24.10 (#954)

  • Drop support for Ubuntu Mantic (23.10), since it's end-of-life (#977)

Community contributions

For this release, we had some help from community members. We want to thank:

  • @bnewc, who improved the interface, effectively preventing our users from using illegal characters in the output filename (#362)
  • @amnak613, who allowed us to report some stray conversion errors (#776)
  • @jkarasti, who helped us change the signature mechanism from SHA1 to SHA256 for our Windows installer (#931)

On a final note, the container image embedded in the Debian packages differs from the one attached to the release. You can have a look at issue #988 for more details.

As usual, for a full list of changes, see our changelog.