Dangerzone 0.10.0 RC1

We're pleased to announce the first Release Candidate of Dangerzone 0.10.0.

This release introduces two major changes:

1. The Dangerzone sandbox that performs the document conversion can now auto-update in the background, without having to install a new Dangerzone release. This allows us to push security fixes to all of our users in a timely fashion. It’s an opt-in feature that we strongly recommend you enable to greatly enhance your security. You can always choose to disable it if you prefer to update manually. Read more technical details about this feature in our documentation.

2. Windows and macOS users no longer need to install and manage Docker Desktop separately. Dangerzone now uses an open source container engine, Podman, which is embedded directly in the macOS and Windows builds. You can now simply start Dangerzone, and let it create the necessary virtual machines and sandboxes under the hood. Plus, if you are a user/IT administrator in a big organization that wants to install Dangerzone, but couldn’t due to the licensing limitations of Docker Desktop, you now can.

Help us test Dangerzone!

These two changes are drastically changing how Dangerzone operates, especially on Windows and macOS. Dangerzone is used in different setups, and we cannot test for all of them. If you are willing to try this new release candidate and let us know how it went, that would be really useful to us.

If you want to help us, here is what to do:

1. Download and install the Dangerzone 0.10.0 RC1 release:
   • Windows
   • macOS (intel)
   • macOS (Apple Silicon)
   • Fedora 41
   • Fedora 42
   • Ubuntu/Debian
2. Start Dangerzone for the first time.
   • Wait while Dangerzone initializes.
   • Select a document and convert it.
   • Quit Dangerzone.
3. Start Dangerzone for the second time.
   • You should be prompted about enabling automatic sandbox updates.
   • Click “yes.”
   • Quit Dangerzone.
4. Start Dangerzone for the third time.
   • Dangerzone should verify, download, and install a new sandbox version.
   • Once done, run a conversion.

During these steps, if you encounter any errors, please either email us at [email protected] or open an issue in our bug tracker.

Thanks a lot!

Dangerzone 0.9.1

We're pleased to announce that Dangerzone 0.9.1 has been released. This release mainly contains bug fixes for Windows and macOS platforms. If you are running Windows or macOS, upgrading is advised as this release fixes errors with the latest Docker Desktop version.

For this release, the highlights are:

• Uniformly enforce our own seccomp profile when running the Dangerzone sandbox, across all platforms (Windows, macOS, Linux) and container runtimes (Docker, Podman). This fixes a regression that has manifested since Docker Desktop 4.42.0 (#1191)
• Fix a conversion failure for users who have enabled Podman Desktop integration, whereby the Podman VM cannot find the necessary seccomp profile (#1187)

Thanks to Nicola Sella for updating the installation instruction for Fedora (#1176).

This version drops support for Fedora 40, as security support has ended recently (#1178).

For a full list of the changes, see our changelog.

Dangerzone 0.9.0

We're pleased to announce that Dangerzone 0.9.0 has been released. This release mostly includes stability improvements and security fixes, with a few new features.

If you are on a Mac or Windows, please also update Docker Desktop to version 4.40.0 or later, as previous versions contain known bugs that prevent Dangerzone from converting documents. On Windows, you will need to uninstall any Dangerzone version prior to 0.9.0 before installing this one.

For this release, the highlights are:

• The container image is now reproducible across different container runtimes and versions (#1074). As part of this effort, the image used to run the conversion is now based on Debian (it was previously based on Alpine Linux) (#1046).
• Outdated Docker Desktop versions are now highlighted in the user interface and the user is asked to upgrade (#693).
• The CLI can now run with a --debug flag to help retrieve more logs (#941).
• Experimental support is now available for Podman Desktop on Windows and macOS (docs)

Platform support updates

• Add support for Fedora 42 (#1091)
• Add support for Ubuntu 25.04 (Plucky Puffin) (#1090)
• Drop support for Ubuntu Focal, since it's nearing end-of-life (#1018)
• Drop support for Fedora 39 (#999)
• Add support for Python 3.13 (#992)

Fixed

• Fix our Debian “trixie” installation instructions using Sequoia PGP (#1052)
• Fix the way multiprocessing works on macOS (#873)
• Update minimum Docker Desktop version to fix an stdout truncation issue (#1101)

Community contributions

For this release, we had some help from community members. We want to thank:

• @sudoforge for making changes to how we refer to our Debian base image (#1116 and #1118)
• @jkarasti for using Ruff to lint our code (#1029) and for upgrading our Windows installer to Wix Toolset 5 (#929)
• @DeltaEpsilon19498, @sudwhiwdh, @mkonia, @randomhydrosol, @thisislola, @t32r2r4653g21es1, @Rexless505, @rtfmkiesel, @Hitmanforrent and @charginglabrador for letting us know about issues they faced, and for some proposed changes. Don't hesitate to do so if you face any issues!

For a full list of the changes, see our changelog.

On a final note, the Windows .msi package has been built from a different commit (to include some last minute changes) that you can check out here.

Dangerzone 0.8.1

This is a security release that mainly addresses CVE-2024-47538, CVE-2024-47607 and CVE-2024-47615.

Our security advisory follows:

In Dangerzone, a security vulnerability was detected in the quarantined environment where documents are opened. Vulnerabilities like this are expected and do not compromise the security of Dangerzone. However, in combination with another more serious vulnerability (also called container escape), a malicious document may be able to breach the security of Dangerzone. We are not aware of any container escapes that affect Dangerzone.

To reduce that risk, you are strongly advised to update Dangerzone to the latest version.

Summary

A series of vulnerabilities in gst-plugins-base (CVE-2024-47538, CVE-2024-47607 and CVE-2024-47615) affects the contained environment where the document rendering takes place.

If one attempts to convert a malicious file with an embedded Vorbis or Opus media elements, arbitrary code may run within that environment. Such files look like regular Office documents, which means that you cannot avoid a specific extension. Other programs that open Office documents, such as LibreOffice, are also affected, unless the system has been upgraded in the meantime.

How does this impact me?

The expectation is that malicious code will run in a container without Internet access, meaning that it won't be able to infect the rest of the system.

What do I need to do?

You are strongly advised to update your Dangerzone installation to 0.8.1 as soon as possible.

---

For a full list of the changes, see our changelog.⏎

Dangerzone 0.8.0

This release includes various new features, stability improvements and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date.

In addition to the changes specific to this release, we want to note that you can now use Dangerzone on the Tails live system. You can read the announcement on their blog, or read the documentation about it.

On the subject of blogs, we have recently started one where we post release announcements and other technical articles about the Dangerzone project.

For this release, the highlights are:

• The second phase of the conversion (pixels to PDF) now happens on the host.

  Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF on the host, while the doc to pixels conversion is still running on the first container. This architectural change removes a class of problems we had in the past:

  • Issues with temporary directories and their permissions.
  • Out of space issues caused by documents with lots of pages (mainly impacted Qubes users).
  • SELinux issues due to relabeling mounted files.
  • Mounting files to Docker containers, prevented by security policies in Windows/macOS.
  • Not being able to run with user ID other than 1000.

  If at some point in time you were affected by the above, we suggest giving this version a shot. The sanitization is no less safe, since the boundaries between the sandbox and the host are still respected (#625).

• Installation and execution errors are now caught and displayed in the interface, which should make debugging easier (#193)

• The macOS entitlements have been revisited, following our security audit. We have now removed unneeded privileges (#638)

• We now always use our own seccomp policy as a default (#908)

Platform support updates

• This release is the last one that will support Ubuntu Focal (20.04).

  Ubuntu Focal is nearing its end of life date, due in April 2nd, 2025 (#965). We urge you to update to a newer Ubuntu version in order to get security updates.

• Add support for Fedora 41 (#947)

• Add support for Ubuntu 24.10 (#954)

• Drop support for Ubuntu Mantic (23.10), since it's end-of-life (#977)

Community contributions

For this release, we had some help from community members. We want to thank:

• @bnewc, who improved the interface, effectively preventing our users from using illegal characters in the output filename (#362)
• @amnak613, who allowed us to report some stray conversion errors (#776)
• @jkarasti, who helped us change the signature mechanism from SHA1 to SHA256 for our Windows installer (#931)

---

On a final note, the container image embedded in the Debian packages differs from the one attached to the release. You can have a look at issue #988 for more details.

As usual, for a full list of changes, see our changelog.

Dangerzone 0.7.1

This release includes a patch for Docker Desktop, and security updates. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date.

The two changes in this release are:

• Make Dangerzone work with fresh Docker Desktop installations
  This release mainly addresses an issue with new Docker Desktop installations on Windows and Mac OS. Users who have done a fresh installation of Docker Desktop 4.30.0 or greater (released on August 29th), have reported that Dangerzone fails conversions with the following error message:

  Unknown Error Code '125'

  This error message is attributed to a new way that Docker Desktop stores and references container images, which broke some Dangerzone expectations. With this release, we enable Dangerzone to work both with older Docker Deskop installations and newer ones.

• Update the software in our container image
  As in every release, we rebuild our container image to get the latest security updates.

For a full list of the changes, see our changelog.

Dangerzone 0.7.0

This release includes various new features, stability improvements, and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date.

The highlights are:

• Improved our document processing sandbox with gVisor
  Our original sandbox where we processed untrusted documents relied on the container runtimes that Docker and Podman provided. These runtimes are battle-tested, and Dangerzone further restricted the spawned containers with as few privileges as possible. Still, the spawned container had direct access to the Linux kernel, which has a large, albeit not easily exploitable, attack surface.

  Starting on 0.7.0, we use gVisor as a sandbox between the conversion process and user's system, Linux kernel included. gVisor is written in a memory-safe language (Go), has a significantly smaller feature set than the Linux kernel, and reinterprets every system call that the container makes in a safer way. We believe that this integration empowers our users across all platforms (Windows, macOS, and Linux) to sanitize untrusted documents with even more confidence. We want to thank @EtiennePerot, an engineer on the gVisor project, who was the driving force behind this integration (#590).

• Drag-and-drop interface
  Dangerzone will undergo UX improvements in the next releases, in order to make it easier to work with and enable some workflows that were previously not possible. A first taste of these improvements is a new drag-and-drop interface, which allows users to simply select files from their file manager and drag them to Dangerzone in order to convert them (#752).

• Dropped support for Fedora 38, which is EOL

• Community contributions:

  • We want to thank @rocodes, who improved Dangerzone on Linux to autodetect the system's default PDF viewer (#814)
  • We want to thank @naglis, who fixed some bugs and warnings related to the Python bindings for Qt (#595, #798).

For a full list of the changes, see our changelog.

Dangerzone 0.6.1

This release includes various fixes and stability improvements. If you are on a Mac or PC, please also update Docker Desktop to the latest version to get the latest security fixes.

The highlights for this release are:

• Handle timeout errors ("Timeout after 3 seconds") more gracefully
  Several people have encountered timeout errors when converting documents. We have not pinpointed yet the exact reason for these timeouts, but we know they happen once the conversion has finished, either successfully or unsuccessfully, and they are informational in nature. In this release, we improve our handling of termination delays, and users should not experience these timeout errors again.
• Support for Fedora 40 and Ubuntu 24.04 (Linux)
  Fedora 40 and Ubuntu 24.04 were released recently, so we added support for these platforms.
• Sign our release assets
  In addition to platform-specific signing procedures, our release assets are now also signed with the Dangerzone signing key (DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281). By "release assets", we refer to our installers for Windows and macOS, and our container image, that you see at the bottom of this page. We also provide a guide that explains how to verify these assets on your own.
• Community contributions
  • We want to thank our first-time contributor, @naglis, who fixed several issues, both user-facing and developer-facing. Notably, Dangerzone's icon and name should now be shown properly on all supported Linux platforms (#402). Also, Linux users can now open multiple documents at once, when they right-click on them, and then click on "Open with" -> "Dangerzone" (#797).
  • First-time contributor @maltfield notified us that Dangerzone did not work on macOS releases prior to Ventura (13) (#471). This issue should be resolved with this release.
  • Finally, special thanks to our two other first-time contributors, @stepnem and @iArchitSharma, who offered some development improvements (#573, #784).

On a final note, we'd like to inform our Fedora users that Dangerzone has stopped working since May 5th. We have contacted the upstream Python3 maintainers, and we are monitoring the situation.

For a full list of the changes, see our changelog.

Dangerzone 0.6.0

This release includes various new features, stability improvements, and security fixes. If you are on a Mac or PC you should additionally ensure that the Docker Desktop application is up to date.

The highlights are:

• Replace document rendering tools with PyMuPDF
  Dangerzone internally used multiple standalone programs to aid the various aspects of transforming a document into pixels. However, these started presenting integration challenges that could cause slowness or space issues. By using the PyMuPDF module instead, the conversion-related code becomes much simpler and thus, less error-prone. Unexpectedly, this change opened the door to many future technical improvements to Dangerzone summarized in this diagram. This may result in minor differences in the produced PDFs, particularly in fonts. We have documented some of these differences visually here.

• New file extension support: EPUB, SVG and other image formats
  Including PyMuPDF (described above) in Dangerzone enabled us to add these new file formats at no extra effort. Additional formats like PSD or MOBI will be added in the future when all the different supported platforms have a version of PyMuPDF recent enough to support these other file formats.

• Removal of timeouts
  Some documents would timeout after a certain time (depending on the file size and number of pages) if the conversion did not complete until then. Timeouts existed due to to some document conversion commands indefinitely hanging. While it is still true that some documents may take a very long time, having the document stop after an arbitrary amount of time does not look like the proper solution. So we have chosen to remove timeouts entirely, for now. We may revisit this idea in the future, better integrating it into the user interface.

• Support for Fedora 39 (Linux)
  The unavailability of a core component of Dangerzone (PySide2/PySide6) made it impossible to release our software when Fedora 39 became officially available (#606). We are pleased to announce that we managed to overcome this challenge by packaging this very component and distributing it from our software repositories.

  Special thanks go to @sudwhiwdh, who informed us once Fedora 39 was out, offered some style fixes, and beta-tested an early Dangerzone release on Fedora 39.

• New license: AGPL v3
  Dangerzone was originally licensed under the MIT License until version 0.5.1. The PyMuPDF project though, which we are including in this release thanks to its significant improvements to Dangerzone, is licensed under AGPLv3. In order to comply with the license's terms, we have decided to switch the Dangerzone license to AGPLv3 as well. This change should affect only entities who are offering Dangerzone commercially, as part of a closed-source offering.

• Community contributions
  Two cheers for first-time contributors @EtiennePerot and @prateekj117, who offered some fixes in our build system (#721, #671), and one more cheer for recurring contributor @OctopusET, who added support for converting HWP documents on macOS systems with Apple Silicon chip (#498).

On a final note, we'd like to inform users of the Dangerzone CLI on Windows that the latest Docker Desktop release (v4.27 as of writing this) has a bug that affects Dangerzone. If you use the Dangerzone CLI, you may see that it always attempts to re-install the container image. This bug is benign and will be fixed in Docker Desktop v4.28, but there's an official workaround if it affects your workflow. Please note that users of the regular Dangerzone GUI are not affected by this issue.

For a full list of the changes, see our changelog.

Edited on March 19, 2024: We have rebuilt the Dangerzone MSI for Windows using WiX toolset v3.14. Originally, we had built it with v3.11, but we wanted to update to the latest version for good measure. The Dangerzone application has remained exactly the same, but the contents of the MSI file have slightly changed, due to the new WiX toolset. As a result, we have changed the name from Dangerzone-0.6.0.msi to Dangerzone-0.6.0-1.msi.

Dangerzone 0.5.1

This is a security release that mainly addresses CVE-2023-43115. Our security advisory follows:

In Dangerzone, a security vulnerability was detected in the quarantined environment where documents are opened. Vulnerabilities like this are expected and do not compromise the security of Dangerzone. However, in combination with another more serious vulnerability (also called container escape), a malicious document may be able to breach the security of Dangerzone. We are not aware of any container escapes that affect Dangerzone. To reduce that risk, you are strongly advised to update Dangerzone to the latest version.

Summary

A security vulnerability in GhostScript (CVE-2023-43115) affects the contained environment where the document rendering takes place. If one attempts to convert a malicious file with an embedded PostScript image, arbitrary code may run within that environment. Such files look like regular Office documents, which means that you cannot avoid a specific extension. Other programs that open Office documents, such as LibreOffice, are also affected, unless the system has been upgraded in the meantime.

How does this impact me?

The expectation is that malicious code will run in a container without Internet access, meaning that it won't be able to infect the rest of the system.

What do I need to do?

You are strongly advised to update your Dangerzone installation to 0.5.1 as soon as possible.

Please note that we have recently enabled security scans for our software, and we aim to alert people even sooner about vulnerabilities like these.

---

On other news, this release brings some Qubes related fixes (see our security advisory), and an improvement in the update check UI, courtesy of our second-time contributor @garrettr.

For a full list of the changes, see our changelog.