[GH-ISSUE #6114] Release Notes and/or Wiki 0.9.58.* & 0.9.56-LTS inconsistencies

gitea-mirror commented

2026-05-05 09:48:32 -06:00

Owner

Originally created by @peter-lyons-kehl on GitHub (Dec 2, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6114

https://firejail.wordpress.com/download-2/release-notes is mostly in the most-recent-to-oldest order, except for:

firetools (0.9.58) baseline; urgency=low
firejail (0.9.56-LTS) baseline; urgency=low
firejail (0.9.58.2) baseline; urgency=low

The above > firejail (0.9.56-LTS) baseline; urgency=low reads: "command line options removed:" ..."--rlimit*". However, https://github.com/netblue30/firejail/wiki/Comparison-of-firejail-and-systemd's-hardening-options#resource-limits still lists "rlimit*".
Please clarify if "--rlimit*" and other removals apply to LTS only, or to any newer version.

Originally created by @peter-lyons-kehl on GitHub (Dec 2, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6114 1. https://firejail.wordpress.com/download-2/release-notes is mostly in the most-recent-to-oldest order, except for: - firetools (0.9.58) baseline; urgency=low - firejail (0.9.56-LTS) baseline; urgency=low - firejail (0.9.58.2) baseline; urgency=low 2. The above > `firejail (0.9.56-LTS) baseline; urgency=low` reads: "command line options removed:" ..."--rlimit*". However, https://github.com/netblue30/firejail/wiki/Comparison-of-firejail-and-systemd's-hardening-options#resource-limits still lists "rlimit*". 3. Please clarify if "--rlimit*" and other removals apply to LTS only, or to any newer version.

gitea-mirror

2026-05-05 09:48:32 -06:00

closed this issue
added the
wordpress
label

gitea-mirror commented

2026-05-05 09:48:36 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 2, 2023):

I read: firetools 0.9.58 was released after firejail-LTS which was released after firejail 0.9.58.2. There's also a release date at the end of every release notes.

2/3. https://web.archive.org/web/20220317053525/https://firejail.wordpress.com/

Long Term Support (LTS) – Every two or three years we cut a branch from mainline git, we remove rarely used features (chroot, overlay, rlimits, cgroups, etc.), incomplete features (private-bin, private-lib, etc.), and a lot of instrumentation (build profile feature, tracing, auditing, etc). Sandbox-specific security features such as seccomp, capabilities, filesystem whitelist/blacklist and networking are updated and hardened. LTS receives periodic security updates, but no new features are ever added. The end result is a more stable software base, and a much smaller attack surface. Please use this version for any kind of enterprise deployment. (development page)

Important

https://firejail.wordpress.com/ (accessed on 2023-12-02; News > June 2022 – released Firejail 0.9.70.)

Retired Firejail LTS version. The latest LTS has the same –join problem, and it will be replaced with something different in the near future.

@rusty-snake commented on GitHub (Dec 2, 2023): 1. I read: fire*tools* 0.9.58 was released after fire*jail*-*LTS* which was released after fire*jail* 0.9.58.2. There's also a release date at the end of every release notes. 2/3. https://web.archive.org/web/20220317053525/https://firejail.wordpress.com/ > ***Long Term Support (LTS)*** – Every two or three years we cut a branch from mainline git, ***we remove*** rarely used ***features*** (chroot, overlay, ***rlimits***, cgroups, etc.), incomplete features (private-bin, private-lib, etc.), and a lot of instrumentation (build profile feature, tracing, auditing, etc). Sandbox-specific security features such as seccomp, capabilities, filesystem whitelist/blacklist and networking are updated and hardened. LTS receives periodic security updates, but no new features are ever added. The end result is a more stable software base, and a much smaller attack surface. Please use this version for any kind of enterprise deployment. ([development page](https://web.archive.org/web/20220317053525/https://github.com/netblue30/firejail/tree/LTSbase)) > [!IMPORTANT] > https://firejail.wordpress.com/ (accessed on 2023-12-02; News > June 2022 – released Firejail 0.9.70.) > > **Retired Firejail LTS version.** The latest LTS has the same –join problem, and it will be replaced with something different in the near future.

gitea-mirror commented

2026-05-05 09:48:37 -06:00

Author

Owner

@kmk3 commented on GitHub (Dec 2, 2023):

Important

https://firejail.wordpress.com/ (accessed on 2023-12-02; News > June 2022 –
released Firejail 0.9.70.)

Retired Firejail LTS version. The latest LTS has the same –join
problem, and it will be replaced with something different in the near
future.

To add to that: The "LTSbase" branch hasn't been updated since commit c06212591
("0.9.56.2 released", 2019-06-05), which is also where the "0.9.56.2" tag
points to.

And since commit d1acb31c9 ("compile time: enable LTS", 2021-02-28) / version
0.9.66 there is the --enable-lts configure option.

So presumably the aforementioned replacement would be to build from the current
stable version (currently 0.9.72; see SECURITY.md) with --enable-lts.

@kmk3 commented on GitHub (Dec 2, 2023): > Important > > https://firejail.wordpress.com/ (accessed on 2023-12-02; News > June 2022 – > released Firejail 0.9.70.) > > > **Retired Firejail LTS version.** The latest LTS has the same –join > > problem, and it will be replaced with something different in the near > > future. To add to that: The "LTSbase" branch hasn't been updated since commit c06212591 ("0.9.56.2 released", 2019-06-05), which is also where the "0.9.56.2" tag points to. And since commit d1acb31c9 ("compile time: enable LTS", 2021-02-28) / version 0.9.66 there is the `--enable-lts` configure option. So presumably the aforementioned replacement would be to build from the current stable version (currently 0.9.72; see SECURITY.md) with `--enable-lts`.

gitea-mirror commented

2026-05-05 09:48:38 -06:00

Author

Owner

@peter-lyons-kehl commented on GitHub (Dec 2, 2023):

As a want-to-be user, I come across https://firejail.wordpress.com/download-2/release-notes and https://firejailtools.wordpress.com/release-notes and the facts number 1. - 3. reported in the 1st comment here, and I'm confused as to

why are there those two "Release Notes", with the exact same titles,
why a lower version 0.9.58 is released after a higher version 0.9.58.2, with no comment about this. As it turns out, 0.9.58.2 has two release entries there.
why a parameter was removed in an LTS, yet it's documented in Wiki with no comment about its future/stability
why would I have to dig in web archives for this
why all the above would be left as-is, so that more people get confused.

@peter-lyons-kehl commented on GitHub (Dec 2, 2023): As a want-to-be user, I come across https://firejail.wordpress.com/download-2/release-notes and https://firejailtools.wordpress.com/release-notes and the facts number 1. - 3. reported in the 1st comment here, and I'm confused as to - why are there those two "Release Notes", with the exact same titles, - why a lower version `0.9.58` is released after a higher version `0.9.58.2`, with no comment about this. As it turns out, `0.9.58.2` has two release entries there. - why a parameter was removed in an LTS, yet it's documented in Wiki with no comment about its future/stability - why would I have to dig in web archives for this - why all the above would be left as-is, so that more people get confused.

gitea-mirror commented

2026-05-05 09:48:39 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 2, 2023):

why would I have to dig in web archives for this

Because it got retired and therefore removed from the website.

why all the above would be left as-is, so that more people get confused.

Because @netblue30 is the only person with write rights on WordPress.

why a lower version 0.9.58 is released after a higher version 0.9.58.2, with no comment about this. As it turns out, 0.9.58.2 has two release entries there.

Likely it got copied to the wrong file. ~~Maybe on GH too.~~ Nope, only WP.

This is something that could be fixed.

@rusty-snake commented on GitHub (Dec 2, 2023): > why would I have to dig in web archives for this Because it got retired and therefore removed from the website. > why all the above would be left as-is, so that more people get confused. Because @netblue30 is the only person with write rights on WordPress. > why a lower version 0.9.58 is released after a higher version 0.9.58.2, with no comment about this. As it turns out, 0.9.58.2 has two release entries there. Likely it got copied to the wrong file. ~~Maybe on GH too.~~ Nope, only WP. This is something that could be fixed.

gitea-mirror commented

2026-05-05 09:48:40 -06:00

Author

Owner

@peter-lyons-kehl commented on GitHub (Dec 2, 2023):

As a workaround, would it be OK to append "(unstable feature)" or "(work-in-pogress feature)" (or whatever you suggest) to non-LTS features mentioned in Wiki? I'm willing to append those in my clone of the Wiki.

grep -r -i -E "chroot|overlay|rlimit|cgroup|private-bin|private-lib" reports them mostly/most standing out in https://github.com/netblue30/firejail/wiki/Comparison-of-firejail-and-systemd's-hardening-options#resource-limits and https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions.

@peter-lyons-kehl commented on GitHub (Dec 2, 2023): As a workaround, would it be OK to append "(unstable feature)" or "(work-in-pogress feature)" (or whatever you suggest) to non-LTS features mentioned in Wiki? I'm willing to append those in my clone of the Wiki. Any other such features other than `chroot|overlay|rlimit|cgroup|private-bin|private-lib`? `grep -r -i -E "chroot|overlay|rlimit|cgroup|private-bin|private-lib"` reports them mostly/most standing out in https://github.com/netblue30/firejail/wiki/Comparison-of-firejail-and-systemd's-hardening-options#resource-limits and https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions.

gitea-mirror commented

2026-05-05 09:48:40 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 3, 2023):

As a workaround

Workaround for what? Wrong release notes?

would it be OK to append "(unstable feature)" or "(work-in-pogress feature)"

They are neither unstable nor wip nor anything else. They are just rarely used.

Wiki

IDK why you talk about the wiki all the time. Imho the manpages are a much more important source of information.

What you be ok imho and is actable by use.

We could add a wikipage that explains the different feature flags (imho it would be better to expand the help strings).
Or, preferred, we could explain the differences between a "normal" build (as distributed on the webpage and by distros) and a "lts" build (that you build).

@rusty-snake commented on GitHub (Dec 3, 2023): > As a workaround Workaround for what? Wrong release notes? > would it be OK to append "(unstable feature)" or "(work-in-pogress feature)" They are neither unstable nor wip nor anything else. They are just rarely used. > Wiki IDK why you talk about the wiki all the time. Imho the manpages are a much more important source of information. --- What you be ok imho and is actable by use. - We could add a wikipage that explains the different feature flags (imho it would be better to expand the help strings). - Or, preferred, we could explain the differences between a "normal" build (as distributed on the webpage and by distros) and a "lts" build (that you build).

gitea-mirror commented

2026-05-05 09:48:41 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 23, 2023):

db09546f29

@rusty-snake commented on GitHub (Dec 23, 2023): https://github.com/netblue30/firejail/commit/db09546f2946c921da1b07d9d3569c287238989b

gitea-mirror referenced this issue

2026-05-05 10:24:35 -06:00

[PR #3187] [MERGED] allow-*.local customizations #4678

Rows
Columns

[GH-ISSUE #6114] Release Notes and/or Wiki 0.9.58.* & 0.9.56-LTS inconsistencies #3187