After nearly two years in development and countless hours of testing, we’re pleased to announce the stable release of Qubes OS 4.0!
Major changes in version 4.0
Version 4.0 includes several fundamental improvements to the security and functionality of Qubes OS:
- The Qubes Admin API
- Qubes Core Stack version 3
- Fully virtualized VMs for enhanced security
- Multiple, flexible Disposable VM templates
- A more expressive, user-friendly Qubes RPC policy system
- A powerful new VM volume manager that makes it easy to keep VMs on external drives
- Enhanced TemplateVM security via split packages and network interface removal
- More secure backups with
scryptfor stronger key derivation and enforced encryption
- Rewritten command-line tools with new options
This release delivers on the features we promised in our announcement of Qubes 4.0-rc1, with some course corrections along the way, such as the switch from HVM to PVH for most VMs in response to Meltdown and Spectre. For more details, please see the full Release Notes. The Qubes 4.0 installation image is available on the Downloads page, along with the complete Installation Guide.
Current 4.0 release candidate users
In our Qubes 4.0-rc5 announcement, we explained that if the testing of 4.0-rc5 did not reveal any major problems, we would declare it to be the stable 4.0 release without any further significant changes and that, in this scenario, any bugs discovered during the testing process would be fixed in subsequent updates. This is, in fact, what has occurred. We found that, with the fifth release candidate, 4.0 had finally reached a level of stability that met our standards such that we were comfortable designating it the stable release. Accordingly, current users of 4.0-rc5 can upgrade in-place by downloading the latest updates from the stable repositories in both dom0 and TemplateVMs.
We know that this stable release has been a long time in coming for many you. We sincerely appreciate your patience. Thank you for sticking with us. We’re especially grateful to all of you who have contributed code and documentation to this release, tested release candidates, and diligently reported bugs. This stable release would not have been possible without your efforts. Your involvement makes Qubes a truly open-source project. Your energy, skill, and good will make this project a joy to work on. We are lucky to have you.
The past and the future
Since first announcing extended support for Qubes 3.2, we determined that users would be better served by having a version of Qubes 3.2 with updated TemplateVMs and a newer kernel. We’ve designated this release Qubes 3.2.1. As the name suggests, this is a patch release for Qubes 3.2 that does not contain any major changes, and it is this release to which the extended support period will apply. We intend for Qubes 3.2.1 to be a viable alternative to version 4.0 for those who wish to use Qubes on hardware that does not meet the system requirements for Qubes 4.0. While our standard policy is to support each Qubes release for six months after the next major or minor release, the special extension for 3.2.1 raises this period to one full year. Therefore, the stable release of Qubes 4.0 sets the EOL (end-of-life) date for Qubes 3.2.1 at one year from today on 2019-03-28. We expect 3.2.1 to be available soon, after Kernel 4.9 testing is completed.
Looking forward, our work on Qubes 4.x has only just begun. Our sights are now set on Qubes 4.1, for which we have a growing list of planned enhancements to nearly every aspect of Qubes OS. Whether you’re new to Qubes or have been here for years, we welcome you to join us and get involved. We’ve personally chosen to devote our time and skills to making Qubes freely available to the world because we believe that being open-source is essential to Qubes being trustworthy and secure. If Qubes is valuable to you, we ask that you please consider making a donation to the project. With your support, we can continue to make reasonable security a reality for many years to come.