XDG-Desktop-Portal 1.20.4 was released yesterday, April 7, 2026, to address a security vulnerability. This update prevents sandboxed applications from being able to delete arbitrary host files on the system. The Phoronix report stated that the update includes "another security fix of its own to prevent sandboxed apps from being able to trash arbitrary host files." This release coincides with the Flatpak 1.16.4 update, which was also released yesterday. Flatpak 1.16.4 included its own set of security fixes, specifically addressing a sandbox escape vulnerability and similar issues related to applications deleting host files. The coordinated updates aim to enhance the security posture of Linux desktops utilizing sandboxed applications.