First Xfce 4.14 Maintainance Release Available, ScreenSaver Security Hole Remains Wide Open

From LinuxReviews
Jump to navigationJump to search
Xfce4-icon.png

The light-weight GNU/Linux desktop got its first maintenance release over the last two days with new versions of most of the base components like xfce4-settings, xfce4-session, xfce4-panel, xfdesktop, libxfce4ui and libxfce4util. The releases address smaller bugs and do not include any new features.

written by 林慧 (Wai Lin). published 2020-01-14last edited 2020-01-14

Xfce-on-gentoo-2020-01-14.jpg
A typical Xfce desktop on Gentoo Linux. Its Thunar file manager is in the upper left corner and Xfce's image viewer Ristretto is in the lower right corner.

The individual Xfce components that were releases as part of the first Xfce 4.14 maintenance release are so far:

  • xfce4-settings 4.14.2
  • xfce4-panel 4.14.3
  • xfdesktop 4.14.2

xfce4-settings 4.14.2 fixes a crash in the color settings module (bug15876 and a bug which makes all monitors turns off when a monitor is disconnected under certain conditions (bug 15971).

xfce4-panel now makes the application menu (which is a part of the panel package) use the panels icon sizes, it will now change icons if the icon theme changes and one memory leak issue in the preferences dialog has been fixed (bug 16016).

xfdesktop 4.14.2 fixes several small corner-case bugs related drag and drop (14919, 16046 and it will now show file names in tooltips.

A Gaping Security Hole Remains

The maintenance release does NOT fix a long-standing major security hole in the Xfce screensaver xfce4-screensaver which remains open as bug #16102. Connecting two monitors at once crashes xfce4-screensaver - making it a really easy and efficient way to by-pass the scrensaver password on a locked machine.

The Road To Xfce 4.16

The Xfce team released development versions of some Xfce components side by side with the 4.14 maintenance release: libxfce4ui 4.15.1, libxfce4util 4.15.0, xfce4-settings 4.15.0 and xfce4-panel 4.15.1 are now available for developers and those who are curious to see what the next major Xfce version will look like. These development versions have a lot more changes than the maintenance releases. The changelogs for libxfce4ui 4.15.1 and xfce4-settings 4.15.0 stand out as being unusually long. Xfce 4.15.x is a development series which will eventually become a stable 4.16 release later this year. They should, for now, not be used by anyone who is not willing to run into bugs and oddities on a regular basis.

The release does not add support for file creation timestamps as Xfce developer Andre Miranda wants to add it to the underlying glib library instead of adding Xfce specific support.

The source for the latest Xfce releases can be acquired from archive.xfce.org/src/.


0.00
(0 votes)

avatar

Anonymous user #1

9 months ago
Score 1++
I didn't know there is a security hole with the screensaver. XFCE is my fav gui. Also I love WJSN :)
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.