Endless OS 4.0.3 was released on 3rd March 2022.
For full details on what's new in Endless OS 4, please see the release notes for Endless OS 4.0.0.
Endless OS 4.0.1 introduced changes to improve compatibility between the web safety feature and networks which block access to alternative DNS servers. These changes were subsequently found to cause problems accessing the web on networks where IPv6 is available. This problem is resolved in Endless OS 4.0.3.
In previous versions of Endless OS, web safety would incorrectly only apply the Google Safe Search browser policy to Google Chrome, not Chromium. In Endless OS 4.0.3, this policy also applies to the Chromium browser, as intended.
pkexec issueCVE-2021-4034 describes a security vulnerability in the pkexec tool, included in Endless OS, which allows a non-administrator user to gain administrator privileges on the system. A fix for this issue is included in Endless OS 4.0.3.
However, after an OS update is applied, Endless OS keeps one previous version of the OS on the computer. This makes it possible to roll back to the old version if there is a problem with the new version; but it also means that this security vulnerability can still be exploited as long as the previous OS version containing the vulnerability is kept on the system. If your computer has multiple user accounts, and not all of those users are administrators, you may wish to open a Terminal window and run the following command after upgrading to Endless OS 4.0.3 or newer:
pkexec ostree admin undeploy 1
This will remove the previous version of the OS.
Security fixes to xorg-server: CVE-2021-4008, CVE-2021-4009, CVE-2021-4010 and CVE-2021-4011.
Security fixes to WebKitGTK: WSA-2021-0007
Desktop shortcuts for Kolibri channels are now reliably displayed even if two versions of the Kolibri app are installed.
The expected format of codes used by our affordable access program has been clarified.
Since 3.9.2, Chromium has been distributed as a Flatpak app rather than built into the OS. Endless OS contains some hooks which are intended to allow /etc/chromium-browser to be used as before to provide system-wide browser configuration. Unfortunately an error meant that directory was instead emptied on every system startup.
This is corrected in Endless OS 4.0.3, and /etc/chromium-browser may be used for system-wide Chromium configuration.
Endless OS 4.0 supports the Kolibri app's new automatic sign in system. As a result, the Kolibri app no longer requires that users create separate Kolibri user accounts. Instead, it signs in automatically based on the current desktop user account. This is explained in more detail in the Endless OS Kolibri help page.
When making a custom build of previous versions of Endless OS which include a custom app grid layout, changing the position of the Hack icon was not fully supported: it could be placed in a folder, or omitted from the image entirely, but space would still be left for it at the top-left of the first page of the grid.
By popular request, this special exception has been removed in Endless OS 4.0.3: its position can now be controlled like any other app.
If you want to test beta releases of Endless OS, follow these instructions.