Flatpak just shipped version 1.18. The update arrives more than a year after 1.16. It tightens sandbox controls. It opens new doors for hardware acceleration. And it makes sideloading simpler than before.
Developers behind the project spent months refining the codebase. Sebastian Wick took a larger role in maintenance. He noted the backlog shrank once Alex Larsson and Owen Taylor carved out time for reviews. The result? A stable release packed with targeted fixes and features that address real user requests. One such request dates back to 2023. It called for better AMD GPU compute access inside sandboxes. Flatpak 1.18 answers that call directly.
The headline addition grants sandboxed applications access to AMD’s vendor-specific compute interface. This happens through the /dev/kfd device exposed by the AMDKFD kernel driver. Instead of forcing users to grant broad device permissions, the team added support via the existing DRI device permission system. Applications can now request /dev/kfd without opening the entire device namespace. The change matters for scientific computing, machine learning workloads, and any ROCm-dependent software distributed on Flathub or elsewhere. Phoronix first highlighted the integration in its coverage of the release (Phoronix).
But the improvements run deeper. Installers gain the ability to pull from flatpak+https:// URIs when using flatpak install –from. Users can also install directly from an OCI image. These options reduce friction for offline deployments and custom repositories. Support for zstd-compressed layers in OCI bundles arrived earlier in the 1.17 development series yet lands in this stable version. The combination points to a clearer path toward container-like distribution on the Linux desktop.
Error handling saw careful attention. The flatpak-coredumpctl command now prints clearer output. Messages from flatpak update became more informative. Fish shell startup times dropped thanks to optimizations in how Flatpak initializes its environment. Small wins. Yet they accumulate for daily users who launch dozens of sandboxed apps.
Permissions received granular controls. New conditionals has-usb-device and has-usb-portal let applications drop the heavy-handed –device=all or –device=usb flags. Conditional permissions now apply to shared subsystems and features. Directories can forward to the sandbox as command-line arguments. The –clear-env option for flatpak run gives tighter control over the runtime environment. And device permissions propagate correctly into portal-based sub-sandboxes.
Hardware support expanded in other areas too. VA-API decoding works for Intel Xe graphics. OS information appears in the Flatpak-Os-Info header during pulls. Reinstallation from bundles happens more reliably. The update command avoids displaying “Nothing to do” in certain edge cases. Progress escape sequences are enabled by default. Support for libsoup2 disappeared in favor of libcurl, which brings better cancellation handling during downloads.
These changes didn’t appear overnight. Wick released Flatpak 1.17.0 in November 2025 as the first unstable snapshot after a six-month gap. He signaled then that another development release would follow soon, with a stable version targeted for the same year. That timeline held. In his blog post he described how the team merged a backwards-compatible permission system. The work aids transitions such as PipeWire policy handling and prepares for future nested sandboxing efforts (Sebastian Wick’s blog).
9to5Linux captured the full scope hours after the tags went live. The site listed direct installation from OCI images, the AMD compute interface via DRI, and the flatpak+https:// URI support as primary additions. It also noted the 17-month gap from 1.16, underscoring how much accumulated in that window (9to5Linux).
Security and correctness fixes accompany the features. Checks for –filesystem paths pointing to parent directories tightened. Automatic branch following for extensions ensures “no-autodownload” extensions survive updates that bump required branches. NTSync can enable unconditionally. Internationalization for progress reporting improved. The GitHub release page for 1.18.0 documents the full commit list and links to the detailed notes.
Distributions will begin packaging the update shortly. Ubuntu, Fedora, and other major desktop releases already ship recent Flatpak versions. Enterprises that rely on immutable OS images or pre-installed application sets stand to benefit from the OCI and system-definition work Wick mentioned. Red Hat Enterprise Linux 10 integration was one stated motivation during the 1.17 cycle.
Yet the project isn’t done. Wick has been clear that a full rewrite isn’t the priority. “If we redid Flatpak now, it would not be significantly better than the current Flatpak,” he wrote. The real gains lie in surrounding technologies. Systemd-appd for instance management. Varlink interfaces. D-Bus filtering. Pasta for network sandboxing. New portals. These pieces must integrate with the existing Flatpak foundation.
For now, 1.18 ships concrete value. AMD users running ROCm inside sandboxes no longer face awkward workarounds. Developers packaging complex scientific tools gain finer permission controls. End users see snappier shell integration and clearer feedback from the command line. The release demonstrates how steady, focused maintenance compounds over time. One permission here. One hardware path there. The cumulative effect keeps Flatpak relevant as the primary vehicle for cross-distribution Linux applications.
Adoption continues to climb. Flathub remains the largest repository. More projects ship both traditional packages and Flatpak builds. The tooling around building, signing, and updating those bundles keeps evolving. Version 1.18 won’t grab every headline. Its changes are too technical, too specific. But for the engineers who ship software to millions of Linux desktops, the improvements register immediately. They remove friction. They close gaps. They let developers focus on their applications rather than distribution quirks.
WebProNews is an iEntry Publication