Normale weergave

Vandaag ontvangen — 24 Juni 2026

Freexian Collaborators: Monthly report about Debian Long Term Support, May 2026 (by Santiago Ruano Rincón)

✇Planet Debian
19 Juni 2026 om 02:00

The Debian LTS Team, funded by Freexian’s Debian LTS offering, is pleased to report its activities for May.

Activity summary

During the month of May, 21 contributors have been paid to work on Debian LTS (links to individual contributor reports are located below).

The team released 56 DLAs fixing 877 CVEs.

May was a much busier month than usual, especially due to the disclosed vulnerabilities on linux regarding Local Privilege Escalation (LPE), that included public proof-of-concept (PoC) exploits. These reports of course impacted Debian as a whole, and the situation warrants a special mention to the Kernel Team, especially Ben Hutching and Salvatore Bonaccorso, who faced the pace and released linux packages on a weekly basis. On the LTS side, the Front Desk team also triaged a significant flow of high severity CVEs.

It is also important to note that Debian 12 (“bookworm”) will be handed over to the LTS Team on June 11th. If you benefit from Debian, especially during the full 5-year lifecycle, please consider subscribing as a sponsor of Debian LTS: https://www.freexian.com/lts/debian/.

Moreover, Debian 11 (“bullseye”) will reach the end of the Debian LTS period on August 31st. After that, Freexian will continue the security support under the Extended LTS offer.

The team published several notable updates:

  • As mentioned above, several exploitable LPE vulnerabilities in linux were published during May. Ben released the following DLAs for the Debian LTS versions:
  • exim update (DLA-4580-1), prepared by Thorsten, to address a vulnerability that may result in remote code execution.
  • gnutls28 update (DLA-4595-1) by Guilhem Moulin, fixes several vulnerabilities that may result in execution of arbitrary code, information leak, authentication bypass, among other impacts.
  • krb5 updates released as DLA-4603-1, fixing two vulnerabilities that may yield to a denial of service. Updated prepared by Emmanuel Arias
  • lemonldap-ng (DLA-4602-1), released by Abhijith PA, fixing multiple vulnerabilities
  • Two imagemagick updates (DLA-4559-1 and DLA-4609-1), prepared by Bastien Roucariès, fixing several vulnerabilities
  • openjdk-11 and openjdk-17 updates (DLA-4566-1 and DLA-4565-1), both prepared by Emilio, to fix seven vulnerabilities.
  • php7.4 update (DLA-4586-1) to fix six vulnerabilities that could result in remote code execution, information disclosure or denial of service. Update prepared by Guilhem Moulin.
  • python3.9 update (DLA-4583-1), prepared by Arnaud Rebillout, addressing multiple vulnerabilities.

Contributions from outside the LTS Team:

We are greatly thankful for the contributions from people outside the LTS Team:

  • Colin Watson prepared an OpenSSH update, that was released by Santiago as DLA-4584-1.
  • Thomas Goirand handled a keystone update, whose advisory was done by Santiago and released as DLA-4611-1.
  • Christopher Obbard kindly prepared a sentry-python update, released as DLA-4612-1.
  • Christoph Goehre made two thunderbird updates (DLA-4562-1 and DLA-4582-1). As is customary, Emilio released the advisories.

The LTS Team has also contributed with updates to the latest Debian releases:

Moreover, thanks to our partnership with Catalyst, it has been possible to extend the support for Samba 4.17, the version shipped with Debian 12. In May, several vulnerabilities were disclosed, and their patches were prepared by Catalyst. For Debian 12, the update was prepared by the Samba maintainer and released as DSA-6297-1.

Individual Debian LTS contributor reports

Thanks to our sponsors

Sponsors that joined recently are in bold.

  •  
  • ↗️

Hype te koop | POM S11E39

✇POM
Door: Alexander Klöpping and Ernst-Jan Pfauth
24 Juni 2026 om 06:00

Wat als alles wat je deze week leuk, belangrijk of de moeite waard vond, gewoon gekocht was? Van de Superbowl-show van Bad Bunny tot Sydney Sweeney en haar “good jeans”, alles wordt geëngineerd door clipping farms en legers fake accounts. Het liefst in twee ruziënde kampen tegelijk, zodat journalisten zich er als useful idiots op storten. Bij Bad Bunny kwam een kwart van alle 3,7 miljoen posts van minder dan vier procent van de accounts. Reken maar uit.

Het ongemakkelijke gevolg: bereik is dus te koop, spotgoedkoop zelfs, en daarmee bijna niks meer waard. FVD speelt het spel al meedogenloos, terwijl de rest nog cringe ministersfilmpjes op LinkedIn zet. En precies daar komt Ernst-Jan, oftewel DutchProBlogger, met zijn vaste advies waar hij al twintig jaar gelijk in heeft: begin nou een nieuwsbrief, begin nou een podcast. Want als content bijna gratis wordt, blijft er nog één ding over dat niemand kan kopen: vertrouwen. Tim Ferriss zag zijn boekverkoop door AI met 57 procent kelderen en valt terug op duizend echte fans. De moraal is even simpel als urgent: het venster om je eigen publiek op te bouwen sluit.

Sterkte. En pas op voor Alexander Slopping.

Deze aflevering wordt mede mogelijk gemaakt door Denkproducties. Schrijf je via denkproducties.nl/pom in voor het Amsterdam Business Forum en je krijgt als POM-luisteraar automatisch toegang tot een exclusieve sessie met Seth Godin.

Door lezen over Carbon Equity, dat investeert in bedrijven die het klimaat redden, zoals Carbon Cure dat CO2 opslaat in beton? Kijk dan op carbonequity.com

En dan nog zelfpromo in relatie tot POM: bij AI Report draait een webinarreeks over hoe je een persoonlijk kennissysteem bouwt waar je taalmodel uit kan putten. Drie hoorcolleges, voor twaalf euro ben je al binnen via aireport.nl



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.pom.show

💾

  •  
  • ↗️

Extended Stable Update for Desktop

✇Google Chrome
23 Juni 2026 om 20:59

The Extended Stable channel has been updated to 148.0.7778.280 for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip
Google Chrome
  •  
  • ↗️

Stable Channel Update for Desktop

✇Google Chrome
23 Juni 2026 om 20:37

The Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

  •  
  • ↗️
Gisteren ontvangen — 23 Juni 2026

South Dakota: Badlands

✇SCS Software
Door: Petr
23 Juni 2026 om 17:00

Today, we would like to show you a preview of one of the most famous and unique landscapes we have been recreating for the South Dakota DLC for American Truck Simulator - the beautiful Badlands National Park!

Situated along the edge of the Great Plains in southwestern South Dakota, Badlands National Park spans 244,000 acres of dramatically eroded buttes, pinnacles, and spires, alongside the largest protected mixed-grass prairie in the United States.

But why is such a stunning area named Badlands? For hundreds of years, the Lakota people have called it "mako sica", which translates to "bad lands". Then, early French fur trappers called the area "les mauvaises terres à traverser" (bad lands to travel across). Because when it rains there, the wet clay becomes sticky, and the jagged canyons also make it hard to navigate. The winters are cold and windy, and the summers are hot and dry. But it could have had a very different name, as in 1922, when Badlands was first proposed as a national park, the suggested name was Wonderland National Park.

The Badlands contain one of the world's richest fossil beds, preserving evidence of ancient species such as horses and rhinos that once roamed the region. Today, the area is home to bison, bighorn sheep, prairie dogs, and a diverse range of other plant and animal life. As players enter this region in the game, they will be immediately greeted by roaming bison and striking rock formations.

As you drive further, you'll come across iconic places like Pinnacles Overlook, Yellow Mounds Overlook, and the Fossil Trail.

"I fell in love with this place the first time we visited it on our research trip; it's like stepping into another world, where lush green grass blends with the colorful local soil and rolling hills," says Draky, our map designer who worked on recreating this national park for our game.

One thing you may notice in this region is the sudden transition from expansive plains and gentle hills to a dramatic, iconic landscape characterized by rugged formations and large wildlife such as the bison. As the seasons change, the Badlands vegetation undergoes significant shifts in color throughout the year. The version depicted in the game reflects how the landscape appears between July and August, in which the game is set.

Draky also shares her insight on how difficult it was to transfer this wonderful area into the scale of American Truck Simulator, with a message to our community: "The biggest challenge was the initial layout planning, as the space is quite limited, but I'm still very happy with the result, and I'm sure you'll love experiencing this place every time you pass through."

We hope you are looking forward to exploring the Badlands. If so, make sure to add the South Dakota DLC to your Steam wishlist

Also, remember to follow us on X/Twitter, Facebook, Instagram, Bluesky, and YouTube for all the latest news from this map expansion and other American Truck Simulator information, or sign up for our newsletter to stay informed. Keep on truckin'!

  •  
  • ↗️

Minecraft 26.3-snapshot-1 (snapshot) Released

✇Minecraft
23 Juni 2026 om 13:57
26.3 Snapshot 1 (known as 26.3-snapshot-1 in the launcher) is the first snapshot for Java Edition 26.3, released on June 23, 2026. Full changelog: https://minecraft.wiki/Java_Edition_26.3-snapshot-1
  •  
  • ↗️

Firefox

✇Mozilla Firefox
23 Juni 2026 om 16:45

Fixed

  • Fixed some Settings section headings showing placeholder text instead of the translated name in certain languages. (Bug 2047983)

  • Fixed New Tab content not matching the browser's display language after it was changed. (Bug 2046945)

  • Fixed a regression that could break playback of some MP4 video files. (Bug 2047467)

  • Fixed a performance regression that could slow down sites performing many encryption and decryption operations at once, such as Proton Drive. (Bug 2046401)

  •  
  • ↗️

The Matter upgrade you’ve been waiting for

✇Home Assistant
Door: Home Assistant
23 Juni 2026 om 02:00
The Matter upgrade you've been waiting for

It started as a passion project. Yet in a few years matter.js has grown beyond my wildest expectations, becoming the backbone of the open source Matter ecosystem, and powering everything from Homebridge to openHAB, and even some commercial products.

Ten months ago, I joined forces with the Open Home Foundation to work full time as Lead Developer of Matter. Shortly after, I donated matter.js to the foundation – giving it a new home where it would be safeguarded for the future. Together we announced our plans to take Matter support in Home Assistant in a completely new direction: we set out to rebuild the Open Home Foundation Matter Server – the engine that powers Matter in Home Assistant – on matter.js.

After four months of beta testing, with our community fixing bugs and contributing new features along the way, today we’re thrilled to present the newest version of Matter for Home Assistant! 🎉

The Open Home Foundation invests in important technology to make open alternatives possible, and our work is funded in part by everyone who subscribes to Home Assistant Cloud and buys official hardware from our commercial partners. The launch of a new Matter experience in Home Assistant shows what’s possible with your support. 💪

Ingo Fischer presenting at CSA events Presenting the matter.js plans at the Connectivity Standards Alliance (CSA) Member Meeting in November 2025 (right), and returning in March 2026 as an Outstanding Contributor Award recipient (left).

Serving up more with matter.js

For those new to matter.js, it’s an open source TypeScript implementation of the Matter standard. I built it to give developers and power users more speed and flexibility, and to make Matter better suited for open source development across the millions of homes that use Home Assistant. By running Matter in Home Assistant on matter.js, all of those benefits now flow directly into the platform.

This major update brings greater stability for Matter in Home Assistant, fewer bugs, and faster start-up and recovery. It also comes with a brand new visualization feature to help you understand your network (more on that below 👀). And by upgrading to the Matter 1.5.1 specification (1.6 coming soon!), we’re better equipped to improve support for all new Matter device types, such as cameras, doorbells, and closures.

Coupled with an updated OpenThread Border Router (OTBR) app to support Thread 1.4 in Home Assistant, these changes mark important steps in making Matter work more reliably within your setup, now and into the future. But don’t just take our word for it – here’s what our beta testers are saying:

"The new Matter Server has evolved into the ultimate Matter controller and troubleshooting tool for power users, backed by an incredible open community that continues to push the standard forward."

- Ward Zhou, Smart Home Journalist

"The new matter.js server is fantastic. I love all the new possibilities it offers. In particular, the new Thread mesh view is unique and helps keep the Thread network under control at all times. The icing on the cake is that Home Assistant now supports Matter 1.5.1. This means Home Assistant's Matter implementation is once again at the forefront of the industry."

- hoppel118, Home Assistant Discord Member

"Joining the beta program was born as a last resort to get my Matter/Thread network going. But it was a great experience! While I'm not at all a power user nor programmer, I could contribute at some degree. The very short feedback loop and close involvement of the developer made this a nice (and easy!) way to contribute to the development of the Open Home."

- Haapster, Home Assistant Discord Member

It was just a matter of time

When Matter emerged a few years ago, we immediately saw its potential to shape the industry for the better. As an open standard that lets smart devices from different brands speak the same language, it represents the kind of interoperable tech the Open Home Foundation exists to champion. So we set out to build on it.

Just weeks after Matter’s official launch in 2022, we added the Matter integration to Home Assistant, and in 2025 both Home Assistant and the Open Home Foundation Matter Server were officially certified by the Connectivity Standards Alliance. That server was built with Python and the official C++ Matter SDK – a solid starting point, but one that couldn’t keep pace with our open source ambitions.

Matter now runs in 38% of Home Assistant instances, and ranks twelfth among all integrations – a clear sign of where the smart home world is heading. We want that future to have fewer compatibility headaches, more device choice, and a smart home that just works. This update to Matter support in Home Assistant takes a huge step toward that vision.

An easy switch

The new Matter experience in Home Assistant is delivered through the “Matter Server app 9.0” – a fully compatible drop-in replacement for the previous Python-based server. After you’ve updated the app, it will automatically migrate your data on the first start, and work in exactly the same way that the previous server did.

Faster, smarter, and more secure

The real benefits kick in with every subsequent server start and device reconnection. Thanks to a range of optimizations, devices now come back online much faster, networks are more responsive, and over-the-air updates are more reliable.

Beyond performance, the new server also tightens security. When commissioning new devices, uncertified devices with an official development/test certificate can no longer be added out of the box, ensuring no malicious devices are added to your Matter network without your knowledge. Additionally, the new server checks certificate revocation data during commissioning, adding another layer of protection.

A clearer view

While the Matter Server’s web UI received a range of new and improved features, the ability to visualize your Thread or Wi-Fi networks steals the show.

Network visualization in the Matter Server web UI Your whole network, at a glance.

The visualization feature draws details from your commissioned Matter devices to map the network and offer insights into connection quality. Each device appears as a node, with small icons indicating its role in the network – whether it’s a leader (crown), a router (arrows), a sleepy, or another end device. The color of the connections between nodes reflects connection quality: green is strong, orange medium, red weak, and gray no signal (for those that want a deeper dive, check out our GitHub documentation).

This is especially helpful for Thread networks, where there can be multiple “hops” between a device and the border router, and the devices themselves decide how data is routed. Where possible, border routers are also discovered and displayed, giving you a fuller picture of how your network is structured. The visualization also helps with Wi-Fi devices, making it easier to see which device is connected to which access point, and at what signal quality.

A foundation for what’s next

Graduating Home Assistant to matter.js wouldn’t have been possible without our community, who’ve helped grow Home Assistant into one of the biggest smart home platforms in the world.

With these new changes, we’re better placed than ever to make Matter in Home Assistant more approachable for all. Head to the Open Home Foundation roadmap to add your voice to what comes next. We can’t wait to keep building together ⚒️.

  •  
  • ↗️

Dirk Eddelbuettel: tl-0.0.1 on CRAN: New Package

✇Planet Debian
23 Juni 2026 om 03:45

A new small package of mine just hit CRAN. The tl package wraps the (also very new) rspdlite package (announced last week) to offer a lightweight and consistent logging interface from both R and C++ that is also ‘tiny, fast, capable’ thanks to rspdlite.

The rspdlite announcement is a good place to get a first glimpse at that package; the upstream spdlite repo has all the details (for the C++ side of things). With tl we follow the same idea that our [spdl][spdl] package introduced: a simple consistent interface via just the tl:: prefix and the appropropriate logging level. In other words tl::debug("Alert -- foo is at '{}'", foo) will work from both R and C++ (given a variable foo, and in the case of C++ an extra semicolon). Just give it a try, and see how it goes. The package is still young and small.

The NEWS entry for this release is also very simple and just announces that we have a release. More details are in the ChangeLog and the GitHub repo.

Changes in version 0.0.1 (2025-06-17)

  • Initial CRAN upload

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

  •  
  • ↗️
Ontvangen — 22 Juni 2026

OBS Studio 32.2.0 Beta 2

✇OBS
Door: github-actions[bot]
22 Juni 2026 om 21:58

Beta 2 Changes

  • Fixed a CI deployment issue. There are no application changes since Beta 1.

32.2 New Features

  • Replaced add source dropdown with new dialog [Warchamp7]
  • Improved FPS selector UX [jcm93]
  • Added missing file support for filters [exeldro]
  • Added ability for plugins to set custom icons for new source types [cg2121]
  • Included .webp files when adding a directory to Image Slide Show source [TarunCore]
  • Added copy paste functions to frontend API [exeldro]
  • Added filter to compose SDR into HDR [jpark37]
  • Added delete as a hotkey to delete sources on macOS [PatTheMav]
  • Added dynamic bitrate support to multitrack video [lexano-ivs]

32.2 Changes

  • Forced Intel-based installations to update to Apple Silicon version on macOS [PatTheMav]
    • This change means that OBS Studio versions built for Intel-based Macs but running on Apple Silicon Macs will automatically update to OBS Studio built for Apple Silicon Macs. If an installation was using third-party plugins, those plugins will no longer load until replaced with Apple Silicon versions.
  • Fixed audio mixer state getting out of sync when changing settings via websockets or plugins [Warchamp7]
  • Added theming for checked QToolButtons [glikely]
  • Improved OpenGL performance slightly on low-end machines [kkartaltepe]
  • Set minimum size for color source to 1 pixel [exeldro]
  • Added minimum width to spinboxes [Warchamp7]
  • Disallowed overwriting the crash handler [sebastian-s-beckmann]
  • Applied process mitigation policies for Windows [notr1ch]
  • Adjusted description of multitrack video [jhnbwrs]
  • Changed new capture devices to use fallback frame rate by default [PatTheMav]
  • Improved DLL loading behavior on Windows [notr1ch]
  • Limited multitrack video config to Custom service [PatTheMav]

32.2 Bug Fixes

  • Fixed OAuth and dock state save corruption [PatTheMav]
  • Fixed group bounds not resizing when removing items [howellrl]
  • Fixed canvas mixes not being restored after video reset [dsaedtler]
  • Fixed some erroneous crashes during shutdown [Warchamp7]
  • Fixed display capture sometimes capturing black after a duplicator failure [ThrowTop]
  • Fixed color of controls dock output buttons in System theme [shiina424]
  • Fixed virtual camera reset failures [stephematician]
  • Fixed potential crash when user discards changes in the settings window [suogesi]
  • Fixed incorrect return value in virtualcam filter [xtfo]
  • Fixed source toolbar buttons not working after dragging a source into a group [Warchamp7]
  • Fixed properties hint icon spacing [Warchamp7]
  • Fixed potential crash when a video device reconnects on macOS [jcm93]
  • Fixed an issue where PipeWire could fail on NVIDIA GPUs [hoshinolina]
  • Fixed obs_canvas_get_video_info returning incorrect framerate [dsaedtler]

32.2 Deprecations

  • Deprecated obs_properties_add_button [sebastian-s-beckmann]

Checksums

OBS-Studio-32.2.0-beta2-Sources.tar.gz: 2b643fba022a7a7b512522b598dfa587fd87be071e43ff345cd73608f7bdae13
OBS-Studio-32.2.0-beta2-Ubuntu-24.04-x86_64-dbsym.ddeb: ba2ce12e1a220c6aa5d00e23bc10bfead82dae263ac1c213a81e9ac88e122403
OBS-Studio-32.2.0-beta2-Ubuntu-24.04-x86_64.deb: bc02de836d115323c87eee5fca17c1bc3831ef5c1fc64709aeabd8dbce32785a
OBS-Studio-32.2.0-beta2-Ubuntu-26.04-x86_64-dbsym.ddeb: 84956ff43ffec70581db566adbfd29942bab783bc98a92620ac73fdc6f3e2006
OBS-Studio-32.2.0-beta2-Ubuntu-26.04-x86_64.deb: 1816bc64e4e587883a6887744e5e48348290e8944ac8c6c5866f3c39db9a4600
OBS-Studio-32.2.0-beta2-Windows-arm64-PDBs.zip: 3110e6a4a1fef3f5474de37962e97b702601380e5afba48ec905a79966f4acfe
OBS-Studio-32.2.0-beta2-Windows-arm64.zip: d8998e8f0d7ae05da07a62c4b31dacfbd9a0f22e819736d045d0a6db85afc9db
OBS-Studio-32.2.0-beta2-Windows-x64-Installer.exe: 10ed6505b22df7c3d7ce3c30e8584bd9c475f0775b8515ab5bb895eefae870e6
OBS-Studio-32.2.0-beta2-Windows-x64-PDBs.zip: 302e7039d31dc897a2ce9d7323e9409e2e4bfcfe3d374de1cc21d0dbba783083
OBS-Studio-32.2.0-beta2-Windows-x64.zip: 38914895b20a6a2ffad4ed54ed41bf5ab2461fb10192cddc721eabccff526eae
OBS-Studio-32.2.0-beta2-macOS-Apple-dSYMs.tar.xz: f2f4cf21a396147be3b6a301f08b272ae546da0d5d4be0dd34d7b52191519560
OBS-Studio-32.2.0-beta2-macOS-Apple.dmg: 902de6585cddf070a161c6278db857aa3d5986e840a67cebb647dbcdae68ea72
OBS-Studio-32.2.0-beta2-macOS-Intel-dSYMs.tar.xz: 3dd5316492e67b8fe53197c28a6ae2def05a06df2cdfc5ad5af4189fd808d5f0
OBS-Studio-32.2.0-beta2-macOS-Intel.dmg: cddff8ff00b96eec9f5fb7116b4729d7de50ae58611bbc605958f3c458ccd02e

  •  
  • ↗️

HeidiSQL v12.20

✇HeidiSQL
Door: github-actions[bot]
22 Juni 2026 om 17:22

12.20 - 2026-06-22

⛰️ Features

  • Support some keywords like CURRENT_TIMESTAMP in SQLite default value drop-down - (dbadd37)

🐛 Bug Fixes

  • SelectUserNode on macOS cannot find a newly created node with a TUser, probably because nodes were refreshed too late in OnBeforePaint - (f6c5d2d)
  • Expect "IF NOT EXISTS" clause in trigger definition - (71af8d3)
  • Reveal procedures and function in MySQL which are stored with correct case in mysql.proc - (106010e)

⚙️ Miscellaneous Tasks

  • Ignore all .po translation files pulled from Transifex - (611212a)
  • Restrict cliff release notes from previous tag to current one, prefer spaces indentation in Makefile variable assignment - (548f44f)

Note

For a list of all the changes up to date, please read CHANGELOG.md.

  •  
  • ↗️

SCS On The Road: Dodge Viper Scanning and Interview

✇SCS Software
Door: David
22 Juni 2026 om 17:00

Today, we're excited to share another episode of our SCS On The Road series, where we travel across North America to meet passionate vehicle owners and gather valuable reference materials for future projects.

This time, our journey brought us to Denton, Texas, where we had the opportunity to experience a true American automotive icon - the 1997 Dodge Viper GTS.

During our visit, we had the chance to document and scan this beautiful car, getting our vehicle artists the accurate reference data needed to faithfully recreate it for the Road Trip project in American Truck Simulator. From its distinctive exterior styling to the finer interior details, every piece of information helps us bring this legendary sports car to life in-game.

This vehicle belongs to Dino, who kindly welcomed our team and generously allowed us to document his prized Viper. We also had the pleasure of having an interview with him, where he shared more about his amazing ride.

The Dodge Viper remains one of the most recognizable American sports cars ever produced, and seeing this exceptionally preserved 1997 example in-person was a fantastic experience for our team.


We would like to extend a sincere thank you to Dino for taking the time to speak with us, sharing his story, and allowing us to scan and capture reference materials from his stunning Viper. Support from owners like Dino is invaluable and helps us create authentic experiences for players around the world.

We hope you enjoy this latest episode of SCS On The Road from Denton, Texas. Be sure to watch the video and learn more about this incredible machine and its owner.

Ready to hit the road in the Dodge Viper? Be sure to add the RAM & Dodge Car Pack for American Truck Simulator to your Steam Wishlist! To stay up to date with the latest development news for Road Trip, don’t forget to follow our blog, subscribe to our newsletter, and follow us on X/Twitter, Facebook, BlueSky, and Instagram.

  •  
  • ↗️

DistroWatch Weekly, Issue 1178

✇DistroWatch
Door: distro@distrowatch.com
22 Juni 2026 om 02:17
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: TBlock
News: Arch responds to more AUR attacks, Fedora's growing community, reasons to avoid immutable desktops, Ubuntu 26.10 to get speech recognition, Canonical updates its beta policy, highlights of KDE Plasma 6.7
Questions and answers: What is the significance of the AUR being compromised?
Released....
  •  
  • ↗️

12.0 RC1

✇Jellyfin - Web
Door: joshuaboniface
22 Juni 2026 om 18:40

🚀 Jellyfin Server 12.0 RC1

We are pleased to announce the first release candidate preview release of Jellyfin 12.0!

This is a preview release, intended for those interested in testing 12.0 before it's final public release. We welcome testers to help find as many bugs as we can before the final release.

As always, please ensure you stop your Jellyfin server and take a full backup before upgrading!

A note about versioning

Starting with this release, we are dropping the preceeding 10. from our versioning. Thus, 10.11.x -> [10.]12.x = 12.x. The reason is simple: at this point in the project, we don't envision a hard break in the API like we planned way back in the early days, and this version scheme was causing a lot of confusion amongst users about what a "major" release was.

Thus, we are now on two digits:

  • The first digit is the major release. Expect signifiant changes between major releases. Do not ever auto-update to a new major release without first checking the release notes, and always take a backup of your server data and config before a major release upgrade.
  • The second digit is the minor release. These are primarily bug and security fix releases, and do not introduce significant feature or functionality changes. You can, usually, safely auto-update between minor releases and should not need a full backup, but it is prudent just in case. You should also ALWAYS strive to run the latest point release as security fixes are embargo'd for at most 2 weeks after the release.

What's new?

The main goal of this release has been performance. 10.11.0 dropped a major backend rewrite, and while it was broadly functional, it had a lot of rough edges. This release seeks to polish out most of those rough edges and bring better performance to all users.

There are many other small fixes, improvements, changes, and translations. See our draft release notes here or below for the full list of pull requests.

Note: You must be on Jellyfin 10.11.x (ideally, 10.11.11) before upgrading! If you are not, the upgrade will fail. I have been informed that I was wrong here, and upgrades from 10.10.7 are also possible, same as 10.11.x!

Note: The initial load of Jellyfin 12.x will run a few migrations and will take several minutes. Please be patient and do not interrupt the process.

Note: If you install the RC, you should disable all plugins and reinstall using the unstable plugin repository, or plugins may fail to load and cause unintended side effects.

Installing

This preview release is distributed in all our traditional forms, though not automatically via our Apt repository or latest tag.

  • For all non-Docker environments, you can find the files for manual download in our repository by selecting "Stable Preview" for your OS.
  • For Docker, you can pull the 12.0-rc1 or preview tags.

What's Changed (since v10.11.x)

New Contributors

Full Changelog: v10.11.11...v12.0-rc1

  •  
  • ↗️

12.0 RC1

✇Jellyfin - Server
Door: joshuaboniface
22 Juni 2026 om 18:40

🚀 Jellyfin Server 12.0 RC1

We are pleased to announce the first release candidate preview release of Jellyfin 12.0!

This is a preview release, intended for those interested in testing 12.0 before it's final public release. We welcome testers to help find as many bugs as we can before the final release.

As always, please ensure you stop your Jellyfin server and take a full backup before upgrading!

A note about versioning

Starting with this release, we are dropping the preceeding 10. from our versioning. Thus, 10.11.x -> [10.]12.x = 12.x. The reason is simple: at this point in the project, we don't envision a hard break in the API like we planned way back in the early days, and this version scheme was causing a lot of confusion amongst users about what a "major" release was.

Thus, we are now on two digits:

  • The first digit is the major release. Expect signifiant changes between major releases. Do not ever auto-update to a new major release without first checking the release notes, and always take a backup of your server data and config before a major release upgrade.
  • The second digit is the minor release. These are primarily bug and security fix releases, and do not introduce significant feature or functionality changes. You can, usually, safely auto-update between minor releases and should not need a full backup, but it is prudent just in case. You should also ALWAYS strive to run the latest point release as security fixes are embargo'd for at most 2 weeks after the release.

What's new?

The main goal of this release has been performance. 10.11.0 dropped a major backend rewrite, and while it was broadly functional, it had a lot of rough edges. This release seeks to polish out most of those rough edges and bring better performance to all users.

There are many other small fixes, improvements, changes, and translations. See our draft release notes here or below for the full list of pull requests.

Note: You must be on Jellyfin 10.11.x (ideally, 10.11.11) before upgrading! If you are not, the upgrade will fail. I have been informed that I was wrong here, and upgrades from 10.10.7 are also possible, same as 10.11.x!

Note: The initial load of Jellyfin 12.x will run a few migrations and will take several minutes. Please be patient and do not interrupt the process.

Note: If you install the RC, you should disable all plugins and reinstall using the unstable plugin repository, or plugins may fail to load and cause unintended side effects.

Installing

This preview release is distributed in all our traditional forms, though not automatically via our Apt repository or latest tag.

  • For all non-Docker environments, you can find the files for manual download in our repository by selecting "Stable Preview" for your OS.
  • For Docker, you can pull the 12.0-rc1 or preview tags.

What's Changed (since v10.11.x)

New Contributors

Full Changelog: v10.11.11...v12.0-rc1

  •  
  • ↗️
Ontvangen — 21 Juni 2026

Tim Retout: seL4 repo relationships

✇Planet Debian
21 Juni 2026 om 17:36

The seL4 organisation on GitHub uses git-repo to manage multiple source repositories, and so there are a large number of projects to get your head around when figuring out the ecosystem.

As an experiment, I have taken the various manifest files across the org, and constructed a graph based on how frequently each pair of repositories is mentioned in a manifest together. See below:

Graphviz Diagram

[This may render badly when syndicated outside of my blog; and also on small screens. And probably large screens. I’ve attempted to make sure there’s a non-JS fallback – on my site with JS enabled, if you hover over a node, it should highlight connected nodes.]

The colouring of the nodes is mostly manual; I experimented with graph clustering algorithms but have not found a satisfactory result so far. Still, some clusters are obvious:

  • Kernel – the seL4 microkernel proper. This often but not always co-exists with the main cluster of core libraries, but it is pulled away slightly by the verification and microkit manifests.

  • Verification – the verification repositories (l4v, HOL, graph-refine, polyml, isabelle) form a very distinct group. These are connected only to the seL4 microkernel itself, which is the only component formally verified.

  • Microkitmicrokit is a newer operating system framework that does not use CAmkES, so stands apart from the rest of the pack. I chose to scope this work to the seL4 org, so the LionsOS ecosystem and sDDF which are maintained by Trustworthy Systems are not shown. Also not linked is rust-sel4, because this modern world isn’t using git-repo in the main to manage its repositories.

  • RefOS – I’d not come across refos before, but it appears to be an example OS from 2021 built on the seL4 kernel.

It’s quite hard to pull apart the CAmkES framework and the core libraries; there are definitely some which are more associated with VM management, but the overall shape of this co-occurence data is a messy ball in the middle with some outliers in orbit. One observation is that camkes is correctly identified as more peripheral than camkes-tool, which contains the actual core CAmkES code.

Reflecting on this approach, in hindsight I’m surprised that using co-occurences worked as well as it did – there was no attempt to actually inspect the code and find direct mentions of other code e.g. library header dependencies. As the newer microkit effort largely eschews git-repo, better results might be found by actually taking that more detailed approach, so that graph edges could represent real dependencies between two packages. Additionally, this could allow diving into the various libraries held in the different ’libs’ repos, to get a more granular graph of relationships between them.

However, I think I spent more time on making it possible to render graphviz graphs easily on my blog than actually gaining any insight into the codebase!

  •  
  • ↗️

Dirk Eddelbuettel: RcppArmadillo 15.4.0-1 on CRAN: New Upstream Minor

✇Planet Debian
21 Juni 2026 om 16:18

armadillo image

Armadillo is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 1282 other packages on CRAN, downloaded 47.1 million times (per the partial logs from the cloud mirrors of CRAN), and the CSDA paper (preprint / vignette) by Conrad and myself has been cited 697 times according to Google Scholar.

This versions updates to the 15.4.0 upstream Armadillo release made on Thursday. We had run a complete reverse-dependency check leading up to it, asserting there were no issues with packages dependent on it. As it sometimes goes with that many packages involved, one CRAN package reported one test failure. And it turned out to be both unrelated and pre-existing. But sorting this out over one round of email delayed things by a day. And then I went cycling for a good cause so this announcement post comes a little later than usual. The package has also been updated for Debian, built for r2u, and by now also at CRAN for the different binary releases.

All changes since the last CRAN release follow.

Changes in RcppArmadillo version 15.4.0-1 (2026-06-17)

  • Upgraded to Armadillo release 15.4.0 (Medium Roast Agave)

    • Added fill::nan, fill::pos_inf, fill::neg_inf as optional fill forms for the Mat class

    • Added .push_back() for appending elements to vectors

    • Faster handling of find() within .elem()

    • Faster element-wise min() and max()

    • Faster conv_to when element types of input and output objects are the same

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub. You can also sponsor my Tour de Shore 2026 ride in support of the Maywood Fine Arts Center.

  •  
  • ↗️

v0.16.10

✇Stalwart
Door: github-actions[bot]
21 Juni 2026 om 17:56

[0.16.10] - 2026-06-21

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

  • International Domain Names (IDN) support (#207).
  • OAuth:
  • HTTP: Add redirectRoot option to Http object to allow redirecting requests to the root path to a different path (e.g. /account).
  • ACME: reuseKey option to allow reusing private keys in renewals.
  • IMAP:

Changed

Fixed

  • JMAP conformance (pass the jmap-test-suite tests):
    • Methods are only available if their capability is in using.
    • Reject requests that do not specify application/json in the Content-Type header.
    • Require accountId argument on requests.
    • Return unparsable ids in notFound / notUpdated / notDestroyed / notCopied instead of dropping them.
    • Default calendars and address books are not subscribed by default.
    • */set: Unchanged immutable id property is rejected on update.
    • */query and */queryChanges: nullrejected asnotRequest`.
    • Email/query:
      • Improper anchor handling.
      • Total miscount when collapseThreads is enabled.
      • Wrong sort order on hasKeyword, allInThreadHaveKeyword, and someInThreadHaveKeyword conditions.
      • Non-standard header values are not searchable.
    • Email/copy: Take the source message id from the value's id property.
    • Email/set: Bump reference-resolution max_depth from 1 to 2.
    • Email/import: Reject blobs that do not contain valid messages.
    • EmailSubmission/set: return sendAt and undoStatus in the created response.
    • Mailbox/set: Return alreadyExists instead of invalidProperties when creating a mailbox with an existing name.
    • SearchSnippet/get: incorrect response structure.
    • Thread/changes: emit a container delete when a thread becomes empty.
    • VacationResponse/set: incorrect singleton handling.
  • IMAP: Discard oversized non-synchronizing literals (#2768).
  • DANE: Improper TLSA record validation (#2328 - credits to @vdukhovni).
  • OIDC: Add default domain name to groups that are not email addresses.
  • RocksDB: Enable blob garbage collection to reclaim disk space from deleted blobs.
  • Sieve: include statements ignore capitalisation of sub-script names (#1643)
  • Cache: Invalidate negative email caches when an account is created.
  • Troubleshoot tool: Use the configured source IP address when connecting to remote servers (#2867).

Check binary attestation here

  •  
  • ↗️

Vasudev Kamath: Releasing debvulns: CLI for listing Debian vulnerabilities

✇Planet Debian
21 Juni 2026 om 14:06

Following up on my previous post, I have released the debvulns CLI. This utility uses the same parsing logic as the debsecan-mcp server but exposes the functionality directly via the command line.

Why a new CLI?

While Debian's native debsecan utility exists, it lacks modern output formats like JSON and CSV, and fails to expose a significant amount of metadata available in the Debian Security Team's daily snapshot.

Additionally, running a persistent Model Context Protocol (MCP) server introduces context window overhead. The manifests and tool descriptions required by the protocol consume tokens even when idle. For debsecan-mcp, the MCP Inspector utility shows an overhead of roughly 150 tokens.

By contrast, an LLM can parse a standard CLI help menu on-demand without permanently draining the context window. Integrating the CLI into a persistent agent workflow can be achieved via a skill file, allowing the LLM to leverage the tool without repeated discovery overhead.

What else is NEW?

During testing, I observed discrepancies between the output of debsecan-mcp/debvulns and native debsecan. Debugging with an LLM revealed a bug in the version comparison logic that caused debvulns to underreport vulnerabilities. This has been resolved.

The current interface supports structured formatting and customizable data backends:

usage: debvulns [-h] [-s {critical,high,medium,low,negligible}] [-f {json,csv}] [--sort-by {package,cve}] [--vuln-url VULN_URL] [--epss-url EPSS_URL] [--suite SUITE]
                [--cache-dir CACHE_DIR] [--no-cache] [-v]

debvulns - CLI Debian Vulnerabilities Tracker

options:
    -h, --help            show this help message and exit
    -s, --severity {critical,high,medium,low,negligible}
                          Filter vulnerabilities by severity
    -f, --format {json,csv}
                          Output format (default: json)
    -sort-by {package,cve}
                          Sort vulnerabilities by 'package' or 'cve'
    --vuln-url VULN_URL   Custom URL or local path for Debian Security Tracker data
    --epss-url EPSS_URL   Custom URL or local path for EPSS scores data
    --suite SUITE         Debian suite name (e.g. bookworm, sid). Auto-detected by default.
    --cache-dir CACHE_DIR
                          Directory to cache fetched and parsed data (default: /var/cache/debvulns)
    --no-cache            Do not use cached data, force downloading and parsing
    -v, --verbose         Enable verbose debug logging (sent to stderr)

By allowing users to override data sources with local snapshots of the Debian Security Tracker and EPSS feeds, debvulns can run natively in airgapped environments.

What Next?

The next step is building a Prometheus exporter for this vulnerability data to streamline scanning and monitoring across data center infrastructure. Stay tuned.

  •  
  • ↗️

Part-DB 2.12.3

✇Part-DB
Door: jbtronics
21 Juni 2026 om 00:04

Important

This version contains security fixes, it is recommended to update to this version immediately.

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

Part-DB 2.12.3

Security fixes

  • Fixed missing SVG sanitatization, when file was uploaded with non-svg extension
  • Added CSP headers to static files, to prevent script execution, should an vulnerable file be uploaded somehow

Other changes

  • Updated KiCad symbols
  • Updated dependencies

Full Changelog: v2.12.2...v2.12.3

  •  
  • ↗️
Ontvangen — 20 Juni 2026

Distribution Release: PorteuX 2.7

✇DistroWatch
Door: distro@distrowatch.com
20 Juni 2026 om 21:33
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The PorteuX project has published a new release, version 2.7. The new release includes updates for several desktop environments, including GNOME, COSMIC and Plasma. "First of all, apologies for the long delay. There were some upstream issues that were preventing a stable PorteuX release, most notably the ntfs3....
  •  
  • ↗️

Gunnar Wolf: systemd for Linux SysAdmins

✇Planet Debian
20 Juni 2026 om 04:07
This post is an unpublished review for systemd for Linux SysAdmins

systemd. Yes, in full lowercase. If there is ever a technology to cause controversy in the Linux world, this is it. Since its inception in 2010, systemd’s goals were set quite high — replacing the vital part in every Linux system that takes care of the system boot process. It quickly reached maturity, allowing its to be adopted as the main init system in most major distributions just five years later. But even given we are describing events that happened over a decade ago, systemd adoption still raises the temperature in any Linux-related discussion.

David Both’s comprehensive book tackles the “what”, the “why” and the “how” issues surrounding systemd. Carefully divided in 16 chapters, going from explaining the basics and some of the technical and political history behind the project to the different subsystems and aspects covered by systemd, its almost 450 pages can scare people away — but the text is written in a very clear, tutorial-like fashion, and while it can be read sequentially, cover-to-cover, the book is amenable for readers to pick a single aspect and jump straight to the relevant chapter.

One of the frequent criticisms the systemd project has received is that it aims to basically rewrite all of a Linux system, and just looking at this book’s index shows there is some truth to it. The first chapter is an introduction to the systemd project and a brief overview of its history (including the controversies around it), and the following four chapters deal about understanding and controlling the system boot process.

But that still leaves ten chapters to account for — they cover different aspects or sub-projects of systemd, such as time and date issues (synchronization, time specifications, and controlling repetitive tasks), understanding and leveraging the system journal that strongly departs from the old syslog system, network configuration and firewall management, system health and performance debugging — all of them, aspects that in the traditional Unix philosophy were managed by independent programs… And I can identify several systemd sub-projects not covered by this book!

We long-time Unix and Linux administrators took pride in how highly performant and stable systems were supported by the simplicity of our tools; systemd critics point out this massive project has absorbed dozens of individual tools, yielding corporate control over vast swaths of vital system tooling. Truth is… as a sysadmin myself, systemd is today one of my greatest allies.

I appreciate the author evaluates every component independently, including his personal evaluation of each — even stating he prefers working with the traditional programs in several areas.

If there is a criticism I must make about this book is that, although typographically it is well formed and taken care of, given it includes large amounts of console captures, having a maximum width below 70 characters means several lines are unnaturally cut short (and continued with odd indentations). I understand there is probably no “right” way to solve this, but it does affect the feeling of naturally reading the text.

  •  
  • ↗️

32.2.0-beta1: OBS Studio 32.2.0 Beta 1

✇OBS
Door: RytoEX
20 Juni 2026 om 20:07

32.2 New Features

  • Replaced add source dropdown with new dialog [Warchamp7]
  • Improved FPS selector UX [jcm93]
  • Added missing file support for filters [exeldro]
  • Added ability for plugins to set custom icons for new source types [cg2121]
  • Included .webp files when adding a directory to Image Slide Show source [TarunCore]
  • Added copy paste functions to frontend API [exeldro]
  • Added filter to compose SDR into HDR [jpark37]
  • Added delete as a hotkey to delete sources on macOS [PatTheMav]
  • Added dynamic bitrate support to multitrack video [lexano-ivs]

32.2 Changes

  • Forced Intel-based installations to update to Apple Silicon version on macOS [PatTheMav]
    • This change means that OBS Studio versions built for Intel-based Macs but running on Apple Silicon Macs will automatically update to OBS Studio built for Apple Silicon Macs. If an installation was using third-party plugins, those plugins will no longer load until replaced with Apple Silicon versions.
  • Fixed audio mixer state getting out of sync when changing settings via websockets or plugins [Warchamp7]
  • Added theming for checked QToolButtons [glikely]
  • Improved OpenGL performance slightly on low-end machines [kkartaltepe]
  • Set minimum size for color source to 1 pixel [exeldro]
  • Added minimum width to spinboxes [Warchamp7]
  • Disallowed overwriting the crash handler [sebastian-s-beckmann]
  • Applied process mitigation policies for Windows [notr1ch]
  • Adjusted description of multitrack video [jhnbwrs]
  • Changed new capture devices to use fallback frame rate by default [PatTheMav]
  • Improved DLL loading behavior on Windows [notr1ch]
  • Limited multitrack video config to Custom service [PatTheMav]

32.2 Bug Fixes

  • Fixed OAuth and dock state save corruption [PatTheMav]
  • Fixed group bounds not resizing when removing items [howellrl]
  • Fixed canvas mixes not being restored after video reset [dsaedtler]
  • Fixed some erroneous crashes during shutdown [Warchamp7]
  • Fixed display capture sometimes capturing black after a duplicator failure [ThrowTop]
  • Fixed color of controls dock output buttons in System theme [shiina424]
  • Fixed virtual camera reset failures [stephematician]
  • Fixed potential crash when user discards changes in the settings window [suogesi]
  • Fixed incorrect return value in virtualcam filter [xtfo]
  • Fixed source toolbar buttons not working after dragging a source into a group [Warchamp7]
  • Fixed properties hint icon spacing [Warchamp7]
  • Fixed potential crash when a video device reconnects on macOS [jcm93]
  • Fixed an issue where PipeWire could fail on NVIDIA GPUs [hoshinolina]
  • Fixed obs_canvas_get_video_info returning incorrect framerate [dsaedtler]

32.2 Deprecations

  • Deprecated obs_properties_add_button [sebastian-s-beckmann]

  •  
  • ↗️
❌