Softpedia >Mac >Security >Dangerzone >  Changelog

Dangerzone Changelog

What's new in Dangerzone 0.6.0

Feb 27, 2024
  • Replace document rendering tools with PyMuPDF:
  • Dangerzone internally used multiple standalone programs to aid the various aspects of transforming a document into pixels. However, these started presenting integration challenges that could cause slowness or space issues. By using the PyMuPDF module instead, the conversion-related code becomes much simpler and thus, less error-prone. Unexpectedly, this change opened the door to many future technical improvements to Dangerzone summarized in this diagram. This may result in minor differences in the produced PDFs, particularly in fonts. We have documented some of these differences visually here.
  • New file extension support: EPUB, SVG and other image formats:
  • Including PyMuPDF (described above) in Dangerzone enabled us to add these new file formats at no extra effort. Additional formats like PSD or MOBI will be added in the future when all the different supported platforms have a version of PyMuPDF recent enough to support these other file formats.
  • Removal of timeouts:
  • Some documents would timeout after a certain time (depending on the file size and number of pages) if the conversion did not complete until then. Timeouts existed due to to some document conversion commands indefinitely hanging. While it is still true that some documents may take a very long time, having the document stop after an arbitrary amount of time does not look like the proper solution. So we have chosen to remove timeouts entirely, for now. We may revisit this idea in the future, better integrating it into the user interface.
  • Support for Fedora 39 (Linux):
  • The unavailability of a core component of Dangerzone (PySide2/PySide6) made it impossible to release our software when Fedora 39 became officially available (#606). We are pleased to announce that we managed to overcome this challenge by packaging this very component and distributing it from our software repositories.
  • Special thanks go to @sudwhiwdh, who informed us once Fedora 39 was out, offered some style fixes, and beta-tested an early Dangerzone release on Fedora 39.
  • New license: AGPL v3:
  • Dangerzone was originally licensed under the MIT License until version 0.5.1. The PyMuPDF project though, which we are including in this release thanks to its significant improvements to Dangerzone, is licensed under AGPLv3. In order to comply with the license's terms, we have decided to switch the Dangerzone license to AGPLv3 as well. This change should affect only entities who are offering Dangerzone commercially, as part of a closed-source offering.
  • Community contributions:
  • Two cheers for first-time contributors @EtiennePerot and @prateekj117, who offered some fixes in our build system (#721, #671), and one more cheer for recurring contributor @OctopusET, who added support for converting HWP documents on macOS systems with Apple Silicon chip (#498).

New in Dangerzone 0.5.1 (Dec 11, 2023)

  • Fixed:
  • Our Qubes RPM package was missing critical dependencies for the conversion of a document from pixels to PDF (issue #647)
  • Changed:
  • Use more descriptive button labels in update check prompt (issue #527, thanks to @garrettr)
  • Removed:
  • Platform support: Drop Fedora 37, since it reached end-of-life (issue #637)
  • Security:
  • Security advisory 2023-12-07: Protect our container image against CVE-2023-43115, by updating GhostScript to version 10.02.0.
  • Security advisory 2023-10-25: prevent dz-dvm network via dispVMs. This was officially communicated on the advisory date and is only included here since this is the first release since it was announced.

New in Dangerzone 0.5.0 (Oct 20, 2023)

  • Beta Qubes OS Support: The majority of this release has been improvements to the integration of Dangerzone in Qubes OS, moving from alpha support to beta. We added instructions on how to install it, caught the majority of the potential errors, and added timeouts and progress information. Testers should be aware that some issues still remain, which will be fixed on the road to stable support.
  • Converting large documents (e.g., >160 US letter pages) can fail with an out of space error, and/or require up to 2GiB of RAM (#577)
  • Failed conversions may require manual cleanup of the disposable qubes by the user (#577)
  • Fixed package upgrades in Fedora
  • Fedora users can now safely install new Dangerzone versions (#514)
  • Fixed a bug that could potentially lead to excluding the last page of the sanitized document
  • This bug was introduced in version 0.4.1. We are not aware of any user who is affected, but we do know that it does not have any security implications.
  • Reduced download size
  • We removed ~300MiB from our container image (and thus the application download) by using the fast variant of the Tesseract OCR (optical character recognition) language models (#545)
  • 1 contribution from a new contributor, @garrettr
  • Fixed dark mode on macOS where some texts in the user interface were black instead of white

New in Dangerzone 0.4.2 (Aug 8, 2023)

  • An opt-in update notification mechanism for Windows and MacOS users.
  • This allows users to get notified for new updates when they open the Dangerzone application. For more info, we have a page where we explain this mechanism in detail.
  • Fix for security vulnerability CVE-2023-39342
  • This vulnerability affects the messages that users of the dangerzone-cli see in their terminal. This is a low severity CVE that does not lead to any integrity or confidentiality loss, but all users are encouraged to upgrade.
  • Alpha support for native sanitization on Qubes OS
  • Qubes OS users that can follow our build instructions can give Dangerzone a spin and use disposable VMs to sanitize their files, instead of containers. If you are an early tester, feel free to write about your experience in our GitHub discussions page.
  • 4 contributions from 2 new contributors, @OctopusET and @keywordnew
  • We are especially excited for the support for HWP/HWPX files, which is a file format popular in South Korea, and unfortunately a common target of malware attacks (note: support for these files is not available on Qubes OS or MacOS with Apple Silicon chip yet).

New in Dangerzone 0.4.1 (Apr 25, 2023)

  • Added:
  • Feature: Add version info in the CLI and GUI (issue #219)
  • Development: Improve CI stability and coverage (issue #292, issue #217, issue #229)
  • Development: Provide dev scripts for testing Dangerzone in a container and running our QA pipeline (issue #286, issue #287)
  • Development: Support Dangerzone development on Fedora 37 (issue #294)
  • Development: Allow running Mypy on MacOS M1 machines (issue #177)
  • Development: Add dummy isolation provider for testing non-conversion-related issues in virtualized Windows and MacOS, where Docker can't run, due to the lack of nested virtualization (issue #229)
  • Add support for more MIME types that were previously disregarded (issue #369)
  • Changed:
  • Full release under Freedom of the Press Foundation: signing keys have changed from the original developer Micah Lee / First Look Media to FPF's signing keys. Linux packages moved from Packagecloud to FPF's servers
  • Installation instructions updated to reflect change in key owership to FPF
  • Platform support: MacOS (Apple Silicon) native application with significant performance boost (issue #50)
  • Feature: Introduce PySide6 / Qt6 support on Windows, MacOS, and Linux (dev-only) (issue #219)
  • Feature: Adjust conversion timeouts based on the document's pages/size, and allow users to disable them with --disable-timeouts (available when you run the Dangerzone from the terminal) (issue #327)
  • Development: Update Linux instructions for development on Qubes
  • Removed:
  • Platform support: Drop Fedora 35, since it's end-of-life (issue #308)
  • Bug fix: Remove unused PDFtk and sudo libraries from the container image, to lower its attack surface and reduce its size (issue #232)
  • Fixed:
  • Feature: Convert documents with non-standard permissions or SELinux labels (issue #335)
  • Bug fix: Report exceptions during conversions (issue #309)
  • Bug fix: (Windows) Fix Dangerzone description on "Open With" (issue #283)
  • Bug fix: Remove document conversion artifacts when conversion fails and store them on volatile memory instead of on a disk directory (issue #317)
  • Security:
  • Bug fix: Do not print debug logs in end-user executables (issue #316)

New in Dangerzone 0.4.0 (Jan 18, 2023)

  • Feature: Support bulk conversion to safe PDFs (issue #77)
  • Feature: Option to archive unsafe directories (issue #255)
  • Feature: Support python 3.10
  • Feature: When quitting while still converting, confirm if user is sure
  • Platform support: Re-add Fedora 37 support
  • Platform support: Add Debian Bookworm (12) support (issue #172)
  • Platform support: Reinstate Ubuntu Focal support (issue #206)
  • Platform support: Add Ubuntu 22.10 "Kinetic Kudu" support (issue #265)
  • Bug fix: Fix unit tests on Windows
  • Bug fix: Do not hardcode "docker" in help messages, now that Podman is also used (issue #122)
  • Bug fix: Failed execution no longer produces an empty "safe" documents (issue #214)
  • Bug fix: Malfunctioning "New window" logic was replaced with multi-doc support (issue #204)
  • Bug fix: re-adds support for 'open with Dangerzone' from finder on macOS (issue #268)
  • Bug fix: (macOS) quit Dangerzone when main window is closed (issue #271)