Week 13, 2026

EbonJaeger

Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!

Our firewalld has been updated to 2.4.0. Version 2.3.0 adds support for several services, and 2.4.0 adds new policy features. With these updates, we've also made firewalld stateless, meaning the package configuration files are not installed to /etc. The firewall service is also automatically started on the next boot after the package is installed.

IVPN is now available from the Solus repository. This is an open source VPN application for the IVPN service. Note that this is not a free VPN service, and has no affiliation with Solus.

An extension manager for GNOME (extension-manager) is also now in the Solus repository. This is an application for GNOME users to easily manage, install, remove and browse GNOME Shell extensions, in one single app. Check it out!

Security updates

We have a bunch of security updates this week. As always, make sure to install available updates for the latest vulnerability fixes.

curl was updated to 8.19.0-113 (@silkeh). Includes security fixes for CVE-2026-1965, CVE-2026-3805, CVE-2026-3783, CVE-2026-3784.
ghostty was updated to 1.3.0-18 (@Jaredy899). Includes security fixes for CVE-2026-26982.
giflib was updated to 6.1.2-13 (@Jaredy899). Includes security fixes for CVE-2021-40633, CVE-2025-31344, CVE-2026-23868.
imagemagick was updated to 7.1.2.16-208 (@Jaredy899). Includes security fixes for CVE-2026-28692, CVE-2026-30935, CVE-2026-28690, CVE-2026-30936, CVE-2026-28693, CVE-2026-28691.
libssh was updated to 0.11.4-19 (@davidjharder). Includes security fixes for CVE-2026-0966, CVE-2026-0968, CVE-2026-0967, CVE-2026-0965.
openssl was updated to 3.6.1-57 (@EbonJaeger). Includes security fixes for CVE-2026-22796, CVE-2025-69419, CVE-2025-15467, CVE-2026-22795, CVE-2025-15469, CVE-2025-11187, CVE-2025-69418, CVE-2025-15468, CVE-2025-69420, CVE-2025-66199, CVE-2025-68160, CVE-2025-69421.
python-markdown was updated to 3.10.2-16 (@EbonJaeger). Includes security fixes for CVE-2025-69534.
qt6-webengine was updated to 6.10.2-60 (@joebonrichie, @HarveyDevel). Includes security fixes for CVE-2026-3062, CVE-2026-3540, CVE-2026-3536, CVE-2026-3544, CVE-2026-3543, CVE-2026-3061, CVE-2026-3545, CVE-2026-3538, CVE-2026-3539, CVE-2026-3542, CVE-2026-3541.

General updates

The full list of updated packages can be found here.

For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.

That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!

unclemez

No problem in upgrading on my side, as always!
Good job and thanks

VTMarik

All good here!

wazjf

small Sync for me. Everything works. I am happy to see extension-manager as a package. I already had the flatpak installed but i installed the package instead.

Clintre

Posted to socials!

Xoph

All good for me on my 2 Plasma systems.

Nice to have a bit smaller sync this week. 😉

But I have come to expect more frequent large updates being a Plasma user.

Harvey

Cherry-picked libwebkit-gtk v2.52.1, security advisory

brent

Harvey

that update was success but ended with Failed to record path /lib32 which I'm guessing is harmless

brent

47 CVEs for Firefox. that doesn't seem typical. I know there is some news I missed somewhere...

small (33) but rebooted anyway and all is fine. thank you all for your hard work

Harvey

brent

🤣

brent

Harvey that's officially 100% now 🙂

JayC

All good on my Plasma and an old system I loaded XFCE on this week. Running great.

brent Seems like @Harvey brought receipts 🤣

banger

All good with some extras on Plasma machines.

banger

Crash of plasmashell and drkonqui when logging out through menu and loggin back in with password. Reported to KDE.

AlphaElwedritsch

Can't sync this week directly. I'm on vacation in England

willoroe

Thanks for sorting the Proton VPN issue

UncleSlacky

Getting errors during download (in GNOME Software), both last night and just now:

Could not download package: Hit max retry count when downloading: "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg"

UncleSlacky

UncleSlacky I was able to update everything except unrar by using Discover instead and deselecting unrar. Manually attempting to reinstall unrar via eopkg gives the same error as seen with GNOME Software:

Total size of package(s): 177.70 KB
Downloading 1 / 1
Package unrar found in repository Solus

Failed to fetch file, retrying 1 out of 5 "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg": HTTP Error 416: Range Not Satisfiable

Failed to fetch file, retrying 2 out of 5 "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg": HTTP Error 416: Range Not Satisfiable

Failed to fetch file, retrying 3 out of 5 "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg": HTTP Error 416: Range Not Satisfiable

Failed to fetch file, retrying 4 out of 5 "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg": HTTP Error 416: Range Not Satisfiable

Failed to fetch file, retrying 5 out of 5 "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg": HTTP Error 416: Range Not Satisfiable                                                                
Program terminated.                                                      
Hit max retry count when downloading: "https://cdn.getsol.us/repo/polaris/u/unrar/unrar-7.2.5-52-1-x86_64.eopkg"

M4RINK0

Upgraded from Discover. Everything seems perfectly fine on my Solus Plasma.

ernesto

Everything is fine on XFCE. Thanks to the team