Below is a list of post-release service announcements.
📌 PSA 24/12/25
- PSA: Updated Authentication Policy. In the upcoming release, Nitrux is updating its default security policies to align with the newly published NIST Special Publication 800-63B Revision 4. Previously, our password policies (forced complexity and 90-day rotation) followed long-standing industry best practices intended to maximize theoretical security, as of May 2023, when we implemented them. However, the new NIST guidelines (last updated in Aug 2025) have confirmed that those rules actually make systems less secure in the real world. Forcing rotation and complexity just trains users to create predictable patterns. We are adopting the new scientific consensus: length and entropy supersede complexity and rotation. As the saying goes, “Complexity is mathematically superior, but biologically flawed.”
- ⚠️ Important: Despite the efforts and improvements in this and previous releases, we’re not claiming to be security or forensic experts or that the distribution is “impenetrable” or “unhackable,” so there is no misunderstanding. Suggestions for continuing to improve this area are welcome at our organization on GitHub (open a new discussion).
📌 PSA 06/12/25
- PSA: We’ve detected a problem with our greetd configuration that may prevent XWayland from working. To fix this problem, run the following commands.
- ⚠️ Important: The commands below create, copy, edit, or move files in the root directory; see XFS Features and Root Immutability in Nitrux.
sudo overlayroot-chroot
printf '\nxwayland {\n enabled = false\n}\n' | tee -a /etc/greetd/hyprland.conf
exit
- Reboot to load the changes into the overlay.
📌 PSA 28/11/25
- PSA: We’ve updated the NX AppHub CLI, daemon, and app definitions. Here’s a list of highlights:
- NX AppHub CLI
- Search & Repository Management
- Fixed search function
- Added ensure_repo_updated() to centralize repository clone/update logic
- Fixed invalid repository detection and prevented accidental deletion of backups/ directory
- Sandbox Improvements
- Refactored sandbox.py with safer quoting and consistent Path usage
- Fixed Bubblewrap sandbox block adding double quotes
- Corrected bwrap flag handling and unified environment variable handling
- Fixed missing keys in the sandbox configuration
- Fixed Firejail profile generation and quoting of profile paths
- Installation & Package Management
- Improved version parsing and installation flow
- Added termination check when the package doesn’t exist during download
- Fixed spacing on successful installation
- Error Handling & Code Quality
- Improved extractor and downloader error handling and archive detection
- Added exception chaining (from e) throughout codebase
- Cleaned up redundant code and improved lint compliance
- Improved output formatting
- Bug Fixes
- Fixed double-count bug in the show() function
- Reverted using shlex
- Various minor correctness issues resolved
- Cleaned up apprun header
- Search & Repository Management
- NX AppHub Daemon
- Desktop Integration & File Management
- Enforced XDG-compliant directory layout: moved icons to $XDG_DATA_HOME/icons/nx-apphub for safer isolation and predictable cleanup
- Used consistent, sanitized base names across desktop files, icons, and aliases to prevent mismatches and ensure reliable startup scanning
- Improved desktop file rewriting: removed unsupported quotes around Exec/TryExec for strict spec compliance
- Enhanced extraction directory naming using sanitized stems to avoid filesystem issues
- Notifications & User Experience
- Added notifications when an app is installed or removed
- Updated README and improved notification text
- Improved out-of-the-box experience by adding the aliases path on the first run
- Safety & Reliability
- Added ELF signature validation before running AppBoxes to prevent executing non-binary files
- Replaced unsafe os.chdir() usage with cwd= parameter in subprocess calls to avoid global working-directory races in threaded extraction
- Fixed a crash when files are still in use disk upon detection
- Cleanup & Stale Entry Detection
- Improved detection of existing integrations and stale entries
- Enhanced removal of stale desktop files and icons using quote-stripping-tolerant Exec parsing
- Improved cleanup of stale aliases with safer pattern matching
- Alias Management
- Ensured alias names use sanitized base names
- Guaranteed thread-safe writes using locks
- Strengthened overall alias logic
- Code Quality
- Added class-level documentation for AppBoxHandler
- Improved integration logic, sanitization, safety, and cleanup behavior throughout nx-apphubd
- Desktop Integration & File Management
- NX AppHub CLI
- To update both, run the following commands:
- ⚠️ Important: The commands below create, copy, edit, or move files in the root directory; see XFS Features and Root Immutability in Nitrux.
sudo overlayroot-chroot mount -t devtmpfs /dev dev pipx uninstall --global nx-apphub-cli pipx uninstall --global nx-apphubd pipx install --global git+https://github.com/Nitrux/nx-apphub.git pipx install --global git+https://github.com/Nitrux/nx-apphubd.git umount /dev sync exit
- Now run the command
touch $HOME/.config/nx-apphub/aliases.zshand Reboot to load the changes into the overlay.
📌 PSA 13/11/25
- PSA: We’ve updated the ISO files due to an issue caused by Casper that prevented the Live user password from working in software using PolicyKit, due to a Casper initramfs hook script that blanked the password. The problem didn’t affect user accounts in installed systems, only the Live user.
- The new ISO files are:
nitrux-contemporary-cachy-nvopen-0495596d-amd64.isonitrux-contemporary-liquorix-mesa-97d71fec-amd64.iso
- The new ISO files are: