Qubes OS 4.3.0 has officially landed—and it looks awesome. Big step forward for privacy and security through isolation and compartmentalization.
Time to upgrade.
Release notes:
Main improvements (from the 4.3 release notes):
Core upgrades
• dom0 upgraded to Fedora 41
• Xen upgraded to 4.19
• Default templates upgraded: Fedora 42, Debian 13, Whonix 18 (with older minimum-supported versions enforced)
• Preloaded disposables for faster DisposableVM startup
• New Devices API (“self-identity oriented” device assignment)
• Qubes Windows Tools (QWT) reintroduced with improved features
UI/UX polish
• New device workflow built around the new Devices API, plus a dedicated Device Assignments page and a redesigned Devices widget
• New/improved flat icons across GUI tools
• Qube Manager cleanup (far-left icons removed)
• Application icons now show in VM Settings
• Option to add the Qubes video companion to the AppMenu
• Better AppMenu keyboard navigation
• Clearer updater wording/settings
• Centralized tray notifications
• Quick-launch root terminal or console terminal from the Domains widget
• Global Config improvements (deep-link to sections, plus a “Saving changes...” dialog)
GUI daemon/agent improvements
• Configurable GUI daemon background color (nice for dark themes)
• Audio daemon won’t connect to recording streams unless recording is explicitly enabled
• Legacy X11 app icons display properly
• Virtual pointing device labeled as absolute (not relative)
• Better global clipboard notifications, plus configurable clipboard size
• Better support for Windows qubes on systems using sys-gui*
Hardware support improvements
• Better support for Advanced Format (4K sector) drives
• Device assignments use full PCI paths instead of bus/slot/function
• Filter input devices with udev rules
• Fixes for graceful reboot on some buggy (U)EFI firmware
• Better Bluetooth + hot-pluggable audio support with dynamic AudioVM switching
Security features
• Templates can request custom kernel cmdline parameters (currently used for Kicksecure/Whonix user-sysmaint-split)
• VMs can specify boot modes intended only for AppVMs or templates
• GRUB2 from Fedora shipped with security patches + Bootloader Specification support
• SSL client cert + GPG key support for private template repositories
• Prevent unsafe third-party template installs via rpm/dnf
• Ability to prohibit start of specific qubes
• UUID support for qubes, including using UUIDs in policies
• “Custom persist” feature to reduce unwanted persistence
Anonymity improvements
• Whonix-Workstation qubes can’t open files/URLs/apps in non-Whonix disposables
• Prevent changing Whonix Workstation netvm to sys-firewall (or other clearnet netvms) to reduce IP leak risk
• kloak: keystroke-level online anonymization kernel
Performance optimizations
• Option to use volumes directly without snapshots
• Retire qubes-rpc-multiplexer and execute commands directly from C
• Cache “system info” for qrexec policy evaluation
• Minimal state qubes to reduce RAM usage for NetVM/USBVM
Updating & upgrading
• Always hide specific templates/standalones from update tools
• pacman hook to notify dom0 after successful manual Archlinux upgrades
• Improved 4.2→4.3 upgrade tool (including using lvmdevices instead of device filter)
New/improved experimental features
• Ansible support
• Qubes Air support
• qrexec protocol extension to send source info to destination
• Better GUIVM support (GUI/Admin split, auto-remove nomodeset when GPU attached)
• Initial steps toward Wayland session-only support in GUIVM (not full GUI agent/daemon Wayland yet)
Other quality-of-life
• Free-form notes on qubes (descriptions/reminders/etc.)
• Auto-clean QubesIncoming if empty
• vm-config.* features to pass external config into a qube
• Admin API to read/write the denied device-interface list
• New Devices API support for salt
Dropped/replaced
• Default screen locker switched from XScreenSaver to xfce4-screensaver
• “Create Qubes VM” retired in favor of “Create New Qube”
• Windows 7 support dropped from QWT
Overall, this feels like a more mature, refined release—better usability and device handling, real performance wins, and tighter guardrails where it matters.
#IKITAO #OPSEC #QubesOS
Qubes OS
Qubes OS 4.3.0 has been released!
We’re pleased to announce the stable release of Qubes OS 4.3.0! This minor release includes a host of new features, improvements, and bug fixes. ...
Qubes OS
Qubes OS 4.3 release notes
Major features and improvements since Qubes 4.2: Dom0 upgraded to Fedora 41 (#9402)., Xen upgraded to version 4.19 (#9420)., Default Fedora templat...
