First Xfce 4.14 Maintainance Release Available, ScreenSaver Security Hole Remains Wide Open
The light-weight GNU/Linux desktop got its first maintenance release over the last two days with new versions of most of the base components like xfce4-settings, xfce4-session, xfce4-panel, xfdesktop, libxfce4ui and libxfce4util. The releases address smaller bugs and do not include any new features.
The individual Xfce components that were releases as part of the first Xfce 4.14 maintenance release are so far:
- xfce4-settings 4.14.2
- xfce4-panel 4.14.3
- xfdesktop 4.14.2
xfce4-panel now makes the application menu (which is a part of the panel package) use the panels icon sizes, it will now change icons if the icon theme changes and one memory leak issue in the preferences dialog has been fixed (bug 16016).
A Gaping Security Hole Remains
The maintenance release does NOT fix a long-standing major security hole in the Xfce screensaver xfce4-screensaver which remains open as bug #16102. Connecting two monitors at once crashes xfce4-screensaver - making it a really easy and efficient way to by-pass the scrensaver password on a locked machine.
The Road To Xfce 4.16
The Xfce team released development versions of some Xfce components side by side with the 4.14 maintenance release: libxfce4ui 4.15.1, libxfce4util 4.15.0, xfce4-settings 4.15.0 and xfce4-panel 4.15.1 are now available for developers and those who are curious to see what the next major Xfce version will look like. These development versions have a lot more changes than the maintenance releases. The changelogs for libxfce4ui 4.15.1 and xfce4-settings 4.15.0 stand out as being unusually long. Xfce 4.15.x is a development series which will eventually become a stable 4.16 release later this year. They should, for now, not be used by anyone who is not willing to run into bugs and oddities on a regular basis.
The release does not add support for file creation timestamps as Xfce developer Andre Miranda wants to add it to the underlying glib library instead of adding Xfce specific support.
The source for the latest Xfce releases can be acquired from archive.xfce.org/src/.