Kdenlive 26.04.1 released

The first maintenance release of the 26.04 series is now available, with the usual batch of stability fixes and workflow improvements.

This release also contains an important security fix , so we strongly advise all users to upgrade to the latest 26.04.1 version.

Thanks to an NLnet/NGI0 grant, we had a security audit provided by Radically Open Security. The audit found one serious vulnerability that can happen when opening a malicious project file, allowing remote code execution. This is fixed with Kdenlive 26.04.1. Thanks to Edoardo Geraci and Radically Open Security for helping us make our software safer!

We are not aware of the vulnerability being exploited so far. It is important to understand that this security issue is about a manipulated .kdenlive project file containing potentially malicious code. Therefore, it is only relevant if you open a .kdenlive project file that you received from someone else or downloaded from the internet. If you are working only with your own projects or with shared projects in collaboration with fully trusted partners, there is no security risk.

If you cannot upgrade, do not open a project file that was not created by you.

Although the vulnerability is fixed in 26.04.1, we have also implemented another layer of security checks for the upcoming 26.08.0 to warn the user if some other unexpected input is detected in a project file.

Head to our download section to get the latest binaries, or check the updates from your package manager. Please note that for Linux only AppImage and Flatpak are supported by the Kdenlive team.

For the full changelog continue reading on kdenlive.org.