Linux News Today: Shotwell 0.23.0 Is the First Major Release in a Year, Comes with a Warning
After informing the community two weeks ago that he picked up the maintenance of the well-known Shotwell open-source image viewer and organizer software, developer Jens Georg now released the first major version since Shotwell 0.22.0.
It has been more than a year since Shotwell 0.22.0 was released, back on March 24, 2015, and on April 16, 2016, the new maintainer pushed a very small point release, version 0.22.1, updating some translations and making sure everything is OK for him to continue the development of the acclaimed software.
Before we tell you what’s new in Shotwell 0.23.0, we’d like to inform our readers that Jens Georg warns the community to immediately change their passwords for the image hosting services supported by the software, as previous versions came with a security issue related to the verification of Transport Layer Security (TLS) certificates, which could lead to your publishing sessions being intercepted by a third party.
However, the issue applies only to those GNU/Linux users who have used Shotwell from sources or third-party repositories other than the ones officially recognized by the maintainers of their Linux kernel-based operating systems. So if you’ve used Shotwell directly from your distro’s repositories, you need not worry about anything, as most OS vendors have patched the issue a long time ago.
“There was an issue with verifying TLS certificates in previous versions of Shotwell so it might be possible that publishing sessions were intercepted. If you did not use a Shotwell delivered by any of the major distributions it is strongly recommended to change your passwords for those online systems you published to,” said Jens Georg. “Most distributions should have had this patched since about end of last year.”
What’s new in Shotwell 0.23.0
There are quite some changes implemented in Shotwell 0.23.0, and we would like to start by telling you that there’s now support for using a thinner minimum sidebar, support for the WebKit2GTK+ 4.0 open-source WebKit rendering engine, support for checking the .cache directory for read and write permissions, as well as improvements to the Crop Ribbon / Control functions.
As noted above, all online publishing sessions now validate TLS (Transport Layer Security) certificates, the documentation received much-needed enhancements, calls to the Posix.system() function have been removed, along with the shell magic from Makefile, the application should no longer crash when updating the metadata, and a CSS issue was addressed.
Lastly, Shotwell 0.23.0 no longer uses the GtkHeaderBar widget from GTK+ on dialogs if there’s no gtk-dialogs-use-header setting set, it doesn’t build the plugins twice when it is compiled, calls the pkg-config tool only once during compilation, and uses a proper umask for the creation of the XDG_USER_DATA and XDG_USER_CACHE directories. You can download the Shotwell 0.23.0 sources via our website, but please note that Facebook and Yandex publishing doesn’t work yet.