Week 25, 2026

EbonJaeger

Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!

With this sync, our Python version is now 3.14! As with every Python upgrade, this took a long time, resulting in over 1,000 packages being updated or rebuilt. Huge shoutout to @joebonrichie for taking this on once again.

KDE Frameworks have been updated to 6.27.0. See what's changed here.

LibreOffice has been updated to 26.2.4.2, marking the first time that 26.2 has been in the Solus repository. Check out all that's new in this version here.

Amule has been updated to 3.0.0. Highlights include dramatic download throughput improvements, a build-system migration from autotools to CMake, a modernized dependency stack, and a broad cleanup of legacy APIs. The full changelog is available here.

OpenJDK 25 has been added to the Solus repository. Our community contributors have done a lot of work on migrating packages to use the newer version of OpenJDK. As a result of their effort, we've been able to completely deprecate OpenJDK 11 and 17. Thanks to @androidnisse, @Jaredy899, and @liontiger23, in particular.

Amarok is now in the Solus repository. Amarok is an audio player for KDE, providing a simple drag and drop interface that aims to make playlist handling easy.

Security updates

As usual, we have a bunch of security updates this week. Make sure to install updates to get the latest vulnerability fixes!

calibre was updated to 9.9.0-235 (@joebonrichie, @Jaredy899). Includes security fixes for CVE-2026-33205, CVE-2026-27824, CVE-2026-26065, CVE-2026-30853, CVE-2026-25636, CVE-2026-25635, CVE-2026-33206, CVE-2026-25731, CVE-2026-26064, CVE-2026-27810.
composer was updated to 2.10.1-11 (@clintre). Includes security fixes for CVE-2026-45793.
containerd was updated to 2.3.2-74 (@davidjharder). Includes security fixes for CVE-2026-53489, CVE-2026-50195, CVE-2026-47262, CVE-2026-53492, CVE-2026-53488.
erlang was updated to 29.0.2-52 (@Jaredy899). Includes security fixes for CVE-2026-49759, CVE-2026-48856, CVE-2026-48860, CVE-2026-48855, CVE-2026-48858, CVE-2026-49760, CVE-2026-48859.
freerdp was updated to 3.27.1-53 (@Jaredy899). Includes security fixes for CVE-2026-55648, CVE-2026-55192, CVE-2026-55827, CVE-2026-55191, CVE-2026-55194, CVE-2026-55193.
kitty was updated to 0.47.4-99 (@joebonrichie, @Jaredy899, @Jaredy899). Includes security fixes for CVE-2026-54057.
ldns was updated to 1.9.2-10 (@EbonJaeger). Includes security fixes for CVE-2026-10846.
libde265 was updated to 1.1.1-17 (@EbonJaeger). Includes security fixes for GHSA-ccfw-29x7-rrx3, GHSA-j2qq-x2xq-g9wr.
libtiff was updated to 4.7.1-46 (@davidjharder). Includes security fixes for CVE-2026-36849.
logseq was updated to 0.10.15-16 (@Jaredy899). Includes security fixes for GHSA-92h5-2358-7xjv.
nodejs-22 was updated to 22.23.0-15 (@Jaredy899). Includes security fixes for CVE-2026-48930, CVE-2026-48931, CVE-2026-48928, CVE-2026-48934, CVE-2026-48618, CVE-2026-48935, CVE-2026-48619, CVE-2026-48615, CVE-2026-48933, CVE-2026-48617, CVE-2026-48937.
nodejs-24 was updated to 24.17.0-3 (@Jaredy899). Includes security fixes for CVE-2026-48930, CVE-2026-48931, CVE-2026-48928, CVE-2026-48934, CVE-2026-48618, CVE-2026-48935, CVE-2026-48619, CVE-2026-48615, CVE-2026-48933, CVE-2026-48617, CVE-2026-48937.
ocaml was updated to 4.14.4-24 (@Jaredy899). Includes security fixes for CVE-2026-34353, CVE-2026-41083.
openexr was updated to 3.4.13-16 (@Jaredy899). Includes security fixes for CVE-2026-53532, CVE-2026-55373, CVE-2026-55371, CVE-2026-54920, CVE-2026-55059.
openjdk-21 was updated to 21.0.11-8 (@androidnisse). Includes security fixes for CVE-2026-22018, CVE-2026-22021, CVE-2026-22007, CVE-2026-23865, CVE-2026-22016, CVE-2026-22013, CVE-2026-34282, CVE-2026-34268.
opentofu was updated to 1.12.3-19 (@davidjharder, @davidjharder). Includes security fixes for GHSA-q7j3-v8qv-22vq.
pnpm was updated to 11.8.0-5 (@Jaredy899). Includes security fixes for CVE-2026-55180.
podman was updated to 5.8.3-48 (@clintre). Includes security fixes for CVE-2026-44517.
runc was updated to 1.4.3-40 (@Jaredy899). Includes security fixes for CVE-2026-41579, CVE-2025-31133.
sqlite3 was updated to 3.53.2-67 (@Jaredy899). Includes security fixes for CVE-2026-11824, CVE-2026-11822.
util-linux was updated to 2.42.2-59 (@joebonrichie, @EbonJaeger). Includes security fixes for CVE-2026-27456, CVE-2026-53613, CVE-2026-53614, CVE-2026-53612.
vim was updated to 9.2.0677-169 (@Jaredy899, @davidjharder, @davidjharder). Includes security fixes for CVE-2026-52860.
xdg-desktop-portal was updated to 1.22.1-37 (@EbonJaeger, @EbonJaeger, @EbonJaeger). Includes security fixes for GHSA-c5cf-79w8-pvfh, GHSA-cm83-2936-gxjm.

General updates

The full list of updated packages can be found here.

For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.

That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!

Jaredy899

Big update this week! Thanks to all the contributors!

totalmongobaer

It was without Problems on Gnome 🙂 Thank you Solus Developers!

banger

Plasma ok - 307 updates, busy busy from the team. 🙂

Samill543

119 packages went good.

brent

@Sebastian @joebonrichie

shout out to both ^ for the Anoise update. I now have an systray Icon that I can pin to the panel (10.10x budgie).

and thanks to the crew, did a full reboot, all good

Sebastian

brent I had added the deskop file fix to our anoise package. You can now delete the anoise desktop file you had copied to ~/.local/share/applications/
Won't hurt to run
sudo update-desktop-database and update-desktop-database ~/.local/share/applications/
afterwards.

brent

Sebastian did all three. thanks for this

JamesGlover314

Update went great. Been on Solus for about a week now. Loving it. Great work by the team that maintains this.

One thing I did have issue with and had to fix when i first installed the OS to my laptop is I have a new NVIDIA card on my laptop. I ended up installing the open source drivers and all was OK after a black screen reboot where KDE would not launch with the drivers that come by following the command prompts for the NVIDIA drivers that come stock.

That said, today's update went without a problem.