I am still pondering wether to use flatpaks/snaps or to use native apps. One of my concerns is that sandboxed apps do not update vulnerable libraries quickly or at all.
Now i am not a programmer so i do not understand too much but i see that VLC for example as a snap and as a flatpak has not been updated for over a year.
I have no idea if it has vulnerable libraries in those sandbox that are not patched.
Is this a concern? Are there any vulnerable libraries in VLC flatpak/snaps? Again, i do not understand but maybe all of its libraries are ok from security point of view so that is why there are no updates?
VLC is just one example but there are many other snaps/flatpaks that have delayed app releases, which means that libraries could end up vulnerable for a long time.
1 Like
If there are no exploits that might use vulnerabilities in old libraries, if they exist or you don’t open infected media files, there’s no reason to be concerned
2 Likes
yes
idk, probably most people here won’t know either. Stick to up to date software for peace of mind. Use the distro package, as VLC’s flatpak is not verified.
1 Like
F-Droid had the same issue at some point VLC was not updated for 2 year, if I remember correctly.
No idea if it was also issue for play store.
1 Like
Not to answer your question but I have to share this:
I’ve been using Glide. Seems to play all video files. VLC has audio issues.
1 Like
According to the official videolan website, the latest VLC version is dated June 2024 so it’s likely not a flatpak problem.