I was going to update to 1.10.1, but it seems 1.10 is dependent on a newer libostree. But in any case, we probably want a security fix that addresses an issue that allowed bypassing sandboxing.
Build failure on Bionic is expected, but this should be tested on Focal and Groovy.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21261 Advisory from Flatpak: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
I was going to update to 1.10.1, but it seems 1.10 is dependent on a newer libostree. But in any case, we probably want a security fix that addresses an issue that allowed bypassing sandboxing.
Build failure on Bionic is expected, but this should be tested on Focal and Groovy.