Week 17, 2026

EbonJaeger

Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!

Both of our kernel branches were updated to 6.18.23 this week. The changelogs are here and here.

GNOME has been updated to 50.1. This is a significant update to GNOME, featuring accessibility enhancements, and more integrations between GNOME applications and the shell. Check out the entire release announcement for more information. Important! With GNOME 50, the desktop is Wayland-only!

KDE Frameworks has been updated to 6.25.0. The full list of changes is available here.

PipeWire has been the default audio server on Solus for a few years now. As such, our PulseAudio package now only provides the library and utilities portion of the project.

KLayout has been updated to 0.30.8. There are over 30 new features and enhancements between 0.30.5 and 0.30.8. A complete list of changes can be found here.

github-cli has been updated to 2.91.0. With this version, github-cli now collects various telemetry. Like Arch, we have added a patch disabling telemetry collection by default.

MailSpring has been added back to the Solus repository. It was previously removed due to unaddressed security vulnerabilities. Since they have been resolved, we decided to undeprecate the package.

New to the repository this week are kew and Eden.

kew is a terminal music player for your shell. It lets you search a local music library by partial artist, album, song, or directory name, then builds and plays a playlist automatically. It also supports gapless playback, playlist editing, shuffling, MPRIS, and multiple audio formats like MP3, FLAC, AAC/M4A, OPUS, OGG, WebM, and WAV.

Eden is a Nintendo Switch 1 emulator that continues where yuzu left off. It maintains direct backwards compatibility with yuzu, even allowing users to import their games, saves and settings from a previous yuzu install. It also features a number of emulation accuracy and stability improvements over its predecessor, making many titles playable that were impossible to run previously.

Lastly, framework-system is now in the repository. It is a set of tools for users to interact with their Framework devices.

Security updates

We have a lot of security updates this week. Make sure you install available updates to receive the latest vulnerability fixes!

botan3 was updated to 3.11.1-2 (@Jaredy899). Includes security fixes for CVE-2026-32877, CVE-2026-32883, CVE-2026-35582, CVE-2026-32884, CVE-2026-35580.
bubblewrap was updated to 0.11.2-22 (@EbonJaeger). Includes security fixes for CVE-2026-41163.
containerd was updated to 2.2.3-71 (@Jaredy899). Includes security fixes for CVE-2024-25621, CVE-2025-64329.
erlang was updated to 28.5-50 (@Jaredy899). Includes security fixes for CVE-2026-28810, CVE-2026-28808, CVE-2026-32144.
freerdp was updated to 3.25.0-50 (@EbonJaeger). Includes security fixes for CVE-2026-40254.
glibc was updated to 2.43-140 (@EbonJaeger). Includes security fixes for CVE-2026-4046.
imagemagick was updated to 7.1.2.21-214 (@EbonJaeger, @Jaredy899). Includes security fixes for GHSA-7mxf-ff4f-jj7p.
libde265 was updated to 1.0.18-14 (@Jaredy899). Includes security fixes for CVE-2026-33165, CVE-2026-33164, CVE-2025-61147.
libxpm was updated to 3.5.19-15 (@EbonJaeger). Includes security fixes for CVE-2026-4367.
moby was updated to 29.3.1-28 (@Jaredy899). Includes security fixes for CVE-2026-34040, CVE-2026-33997.
ntfs-3g was updated to 2026.2.25-21 (@EbonJaeger). Includes security fixes for CVE-2026-40706.
openvpn was updated to 2.7.2-40 (@EbonJaeger). Includes security fixes for CVE-2026-35058, CVE-2026-40215.
packagekit was updated to 1.3.5-39 (@EbonJaeger). Includes security fixes for CVE-2026-41651.
python-nbconvert was updated to 7.17.1-22 (@Jaredy899). Includes security fixes for CVE-2026-39377, CVE-2026-39378.
python-pillow was updated to 12.2.0-44 (@Jaredy899). Includes security fixes for CVE-2026-40192.
rclone was updated to 1.73.5-46 (@HarveyDevel). Includes security fixes for CVE-2026-41176, CVE-2026-41179.
sed was updated to 4.10-16 (@clintre). Includes security fixes for CVE-2026-5958.
vim was updated to 9.2.0389-162 (@Jaredy899). Includes security fixes for CVE-2026-34982, CVE-2026-35177, CVE-2026-39881.

General updates

The full list of updated packages can be found here.

For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.

That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!

Harvey

Reminder that the nvidia 470 driver does not support Wayland. So if you use Gnome and that driver with Gnome now being Wayland only you are going to have to remove the 470 driver or you will encounter issues.

brent

Its 15 minutes after the announcement and the gates are still closed (for me):
$sudo eopkg up Updating repositories Updating repository: BudgieTesting Disabling keyboard interrupts for file operations. eopkg-index.xml.xz.sha1sum (40.0 B) 0% 0.00 --/- [--:--eopkg-index.xml.xz.sha1sum (40.0 B)100% 0.00 --/- [--:--:--] [complete] BudgieTesting repository information is up-to-date. Updating repository: Solus Disabling keyboard interrupts for file operations. eopkg-index.xml.xz.sha1sum (40.0 B) 0% 0.00 --/- [--:--eopkg-index.xml.xz.sha1sum (40.0 B)100% 0.00 --/- [--:--:--] [complete] Solus repository information is up-to-date. No packages to upgrade.

Clintre

brent Because you are in Unstable for the Budgie Testing. You already have the updates.

brent

Clintre that explains why I'm getting them as I go then, 7 here, 21 there, 4 here, etc
first time on unstable,
thanks clint

ForumPheasant

kew sounds pretty kewl. Always room for another music player option! Part of me still wishes MusicBee was available on Linux properly. Bottles ain't bad at running it, but having Bottles and WINE for just one application is a little silly imho. FOSS or no mas.

Xoph

brent I use Unstable on my second system and it is more akin to being on Arch as you never no quite when you are going to get an update througout the week. Just keep in mind that you have to check Matrix to make sure something like the kernel isn't going in and try and update during that as it can cause some serious problems.

Xoph

Now that I can get on the forum, was timing out, I can happily say it all updated well on my systems.

AND MAILSPRING! I needed that so bad for work. Was running it as a Snap (gross). Already removed the snap and have it up and going, working as expected for my 12 different accounts I have to have for work.

banger

All good on 2 Plasma, well done team. 🙂

JayC

Worked great on my Plasma and also tried Gnome on my second system this week to see if I liked it. I didn't. Updated to 50, still not my cup of tea. But looks very nice for sure and worked!

brent

Xoph is more akin to being on Arch

truer words. because Solus is in the habit of updating CVEs so often, I am in the habit of sudo eopkg up at any time of day if I'm not following the forum closely...
...but last three days like I said...large handfuls of updates...Arch-style. Raised eyebrow. Brain synapses did not link it to Unstable...thanks for the response.