Qubes OS 4.3.0 has been released with several significant updates that improve security, usability, and performance. Key changes include an upgraded base system using Fedora 41 and the latest Xen Hypervisor version, which powers Qubes' isolation model, as well as improved support for Linux templates and Windows tools integration. The update also brings new features such as preloaded disposable qubes, simplified device handling through a New Devices API, and enhanced GUI with flat icons and customizable background colors. 

Qubes OS 4.3.0 released

The privacy-focused Qubes OS 4.3 release brings several noteworthy changes to the table after upgrading core components and refining existing features.

First, users who rely on tight security will find the base system, called Dom0, now uses Fedora 41, offering a familiar and robust foundation. Xen Hypervisor has moved from version 4.x to its own latest stable iteration, version 4.19. Crucially, this update affects the underlying environment that powers Qubes' isolation model.

For those using standard Linux templates within their virtual compartments, or qubes, the defaults have been refreshed for better support: Fedora now uses templateVMs based on 42, Debian users get 13 as their baseline, and privacy-focused Whonix templateVMs are built upon version 18. These updates ensure compatibility with modern distributions.

The Qubes Windows Tools (QWT) suite has returned, but this time it comes fully integrated into the system itself – a welcome addition for interacting with Windows resources securely. Also new is 'preloaded disposables' functionality; think of disposable qubes that spring up ready-made, perfect for quick tests or specific tasks without manual setup each time.

Device handling received significant attention too. Forget trying to match hardware specifics; the New Devices API allows assigning physical devices by their self-proclaimed identity within a qube. This streamlines management considerably. To implement this new system, the Global Config's Device Assignments section now offers central control and configuration options for device setup across different qubes.

The graphical user interface has also received significant enhancements. New flat icons replace older ones throughout Qubes OS 4.3, making navigation clearer and perhaps a bit less retro in feel. The redesigned Qubes Devices widget provides visual cues about available hardware assignments, while the AppMenu now includes options to add Windows tools directly from within this menu.

Elsewhere, minor usability tweaks improve things like keyboard shortcuts for navigating menus and offer confirmation via a 'Saving changes...' dialog during Global Config updates. For users customizing their look with dark themes, there's more flexibility thanks to updated GUI Daemon/Agent components, including customizable background colors where relevant.

Under the hood, hardware support is also bettered slightly: improved compatibility with newer hard drives using Advanced Format standards (AF) and refinements in filtering input devices via udev rules. New tools for managing external hot-pluggable audio devices through dynamic switching to dedicated AudioVMs may also enhance Bluetooth usability.

Security continues to evolve incrementally but thoughtfully. Template system administrators can now fine-tune security further by allowing specific qubes (templateVMs) to request custom kernel command line parameters, useful particularly when using templates needing specialized boot options like Kicksecure or Whonix setups. Users can also explicitly mark certain boot modes as restricted, perhaps intended only for AppVMs or trusted template environments.

Privacy gains a new layer thanks to the integration of the Kloak kernel into Qubes 4.3. This allows for keystroke-level anonymization without needing dedicated disposable qubes, think of typing in one environment being different from another where privacy needs are higher, effectively filtering input at a granular level.

Performance-wise, there's an option of bypassing some traditional snapshot-based volume operations directly; using volumes un-snapshotted might speed things up or reduce overhead. Qubes now saves certain system information used for checking qrexec policies, which should make running applications in virtual environments faster and more responsive.

Administrative convenience features include a setting to automatically hide selected templateVMs and StandaloneVMs from common update tools, preventing accidental modifications outside the designated control panel or dedicated disposable qubes. Standard installation processes have also seen improvements in this latest version.

Beyond these core enhancements, Qubes OS 4.3 introduces some experimental projects aimed at expanding the system's capabilities further down the line: support for Ansible integration (for automation tasks), work on Qubes Air (likely a companion project or remote functionality), and an extension to the qrexec protocol focused specifically on data transfer, handling sending source information differently perhaps.

It's also worth noting that not all potential features landed this time. Some have been retired, including Windows 7 support within the older Qubes Windows Tools package. Additionally, by default, Fedora template VMs no longer automatically use XScreenSaver for screen locking upon login; instead, xfce4-screensaver becomes the standard lock mechanism unless customized otherwise.

Qubes OS 4.3.0 has been released!

We’re pleased to announce the stable release of Qubes OS 4.3.0! This minor release includes a host of new features, improvements, and bug fixes. The ISO and associated verification files are available on the downloads page.

Qubes OS 4.3.0 has been released!