Most recent releases:
* firejail 0.9.72: 2023-01-16
* firejail 0.9.74: 2025-03-24
* firejail 0.9.76: 2025-07-30
* firejail 0.9.78: 2026-01-03
* firejail 0.9.80: 2026-03-14
firejail 0.9.76 was released over 6 months ago, but the packages from
both Debian stable (13 / Trixie) and the Ubuntu PPA appear to still be
on firejail 0.9.74, which is over 1 year old[1] [2].
As for installing firejail through Debian backports, it is unclear to me
if that is currently working and if so, which firejail version would be
installed on each Debian version.
Lastly, the packages on Ubuntu seem to still be on firejail 0.9.72,
which is over 3 years old, even on the latest Ubuntu 25.10 and on the
upcoming Ubuntu 26.04[3].
So to avoid bugs and bug reports caused by old firejail versions,
recommend either installing the release .deb file from GitHub or
building from source on Debian/Ubuntu.
Relates to #6842#7060.
[1] https://tracker.debian.org/pkg/firejail
[2] https://launchpad.net/~deki/+archive/ubuntu/firejail
[3] https://launchpad.net/ubuntu/+source/firejail
Changes:
* Keep hostname by default (same as using `--keep-hostname`)
* Add `--hostname-randomize` command to randomize the hostname
* Ignore `--keep-hostname` command and print a warning if it is used
Setting a different hostname inside of the sandbox may prevent X11
programs from authenticating to the X server and displaying windows at
all (see #7062).
To avoid breakage, keep the hostname as is by default and only set it to
a random value if a new `hostname-randomize` command is used.
This also avoids potentially surprising behavior, as the user might not
expect the hostname to be changed inside of the sandbox, considering
that usually the protections that are applied firejail involve
restricting access to resources (like file paths), rather than modifying
their values inside of the sandbox.
Fixes#7062
Relates to #7048#7069.
Related commits:
* 188d5f16d ("--profile=FILE rework (#6896)", 2026-01-05).
* 54a741ecc ("update README.md", 2026-01-05)
See commit 491b46cfa ("docs: always use full path to program in examples
(#6963)", 2025-11-16).
And add it to the bug report template checklist.
To avoid potential issues due to firejail-in-firejail.
Commands used to search and replace:
perl -pi -e '
s/(firejail)( .*)? (blobby|dig|firefox|galculator|gedit|gimp|handbrake|icecat|iceweasel|mc|openbox|transmission|vlc|warzone2100|wget|xed|xterm)/$1$2 \/usr\/bin\/$3/;
' README.md src/firejail/usage.c src/man/*.in
perl -pi -e 's/^\s*(firefox \\?-)/\/usr\/bin\/$1/' \
src/man/firejail.1.in
Note: Some parts were edited manually.
Note: Most tests still use the program basename.
Relates to #2877.
To avoid wasting time due to (for example):
* Bugs that were already fixed
* Old versions with different/missing verbosity in the output
* Behavior that only affects (or differs in) old versions
* Copying and pasting profile lines which contain commands that are
unsupported in old versions (or that depend on other changes to
profiles in the current version)
This is a follow-up to #6964.
Changes:
* Format
* Quote URL
* Use `&&` where applicable
* Use parallel make
Kind of relates to commit 500d8f2d6 ("ci: run make in parallel where
applicable", 2023-08-14) / PR #5960.
The Debian CI site is apparently used for testing packages before the
official Debian packages are built.
Currently it is only listed in places like #6702, so add it to the main
list to make it easier to find.
Also add links for the Debian Package Tracker and Ubuntu PPA since they
are related.
Relates to #6702#6842.
Fix formatting and wrong/outdated information.
This amends commit 6d0559de7 ("landlock: update README.md, small fix in
man firejal; update profile stats in README.md", 2023-12-04).
Relates to #6078.
Move scan-build, cppcheck and CodeQL (cpp).
This is similar to build-extra.yml, but for jobs that check for issues
in the code rather than checking for build failures.
Note: As this deletes codeql-analysis.yml, its configuration also has to
be deleted in the GitHub web UI to prevent it from warning about the
file being missing:
* Security -> Code scanning -> Tool status -> (Setup Types) CodeQL ->
(Configurations) language:python -> Delete configuration
Misc: The above was clarified by @topimiettinen[1].
[1] https://github.com/netblue30/firejail/pull/5960#issuecomment-1685262643
Use two spaces to separate sentences to make the source easier to read
in monospace fonts (such as when editing or reviewing it), especially
for longer paragraphs. The HTML output should still look the same.
Misc: This also removes source-level ambiguity regarding abbreviations
(such as "Mr.") vs the end of sentences and enables moving between
sentences in vi with `(` and `)`, for example.
Changes:
* Add titles to referenced issues/discussions
* Use relative links for paths
* Separate repo paths from installed paths
* Turn some links and items into lists to make them stand out
