Qubes OS 4.1 release notes
New features and improvements since Qubes 4.0
Optional qubes-remote-support package now available from repositories (strictly opt-in, no package installed by default; no new ports or network connections open by default; requires explicit connection initiation by the user, then requires sharing a code word with the remote party before a connection can be established; see #6364 for more information)
Qubes firewall reworked to be more defensive (see #5540 for details)
Xen upgraded to version 4.14
Dom0 operating system upgraded to Fedora 32
Default desktop environment upgraded to Xfce 4.14
Upgraded default template releases
Experimental support for GUI running outside of dom0 (hybrid mode GUI domain without real GPU passthrough; see #5662 for details)
Experimental support for audio server running outside of dom0 (“Audio domain”)
sys-firewall and sys-usb are now disposables by default
UEFI boot now loads GRUB, which in turn loads Xen, making the boot path similar to legacy boot and allowing the user to modify boot parameters or choose an alternate boot menu entry
New qrexec policy format (see #4370 for details)
qrexec protocol improvements (see #4909 for details)
New qrexec-policy daemon
Simplified using in-qube kernels
Windows USB and audio support courtesy of tabit-pro (see #5802 and #2624)
Clarified disposable-related terminology and properties
Default kernelopts can now be specified by a kernel package
Improved support for high-resolution displays
Improved notifications when a system drive runs out of free space
Support for different cursor shapes
“Paranoid mode” backup restore option now properly supported using disposables
Users can now choose between Debian and Fedora in the installer
Certain files and applications are now opened in disposables, e.g., Thunderbird email attachments
New graphical interface for managing testing repository updates
New “Cute Qube” icon family (replaces padlock icons)
Disposable qube types now use the disposable icon
New Template Manager tool for installing, removing, and updating templates (meanwhile, the tool previously known as the “Template Manager,” which was for mass template switching, has been integrated into the Qube Manager)
The “file” storage driver has been deprecated in Qubes 4.1 and will be removed in Qubes 4.2
property-del
event renamed toproperty-reset
to avoid confusionqrexec no longer supports non-executable files in
/etc/qubes-rpc
qrexec components have been reorganized into the core-qrexec repository
The
qvm-pool
argument parser has been rewritten and improvedRemoved the need for the out-of-tree u2mfn kernel module
Qrexec services can now run as a socket server
Improved template distribution mechanism
Now possible to restart qrexec-agent
The term “VM” has largely been replaced by “qube”
GUI daemon is now configured using
qvm-features
tool,/etc/qubes/guid.conf
file is no longer usedqvm-run
tool got--no-shell
option to run a single command without using a shell inside the qubeMAC Randomization for iwlwifi (see #938)
For a full list, including more detailed descriptions, please see here.
Known issues
For a full list of known 4.1 issues with open bug reports, please see here. We strongly recommend updating Qubes OS immediately after installation in order to apply any and all available bug fixes.
Download
See downloads.
Installation instructions
See the installation guide.
Upgrading
Please see how to upgrade to Qubes 4.1.