Currently, we are shipping Flatpak 1.8.5 and a few patches cherry-picked from the upstream Git tree. I am working upstream on a new stable bug-fix release (ie., 1.8.6). This will have everything that we are carrying right now, plus a few memory leak, Coverity, regression, etc. fixes that haven't been reported against RHEL yet. These are very safe bug-fixes that have already been shipping every where for a while already. It will be good to get them into RHEL 8.6. (Note that the upstream flatpak-1.8.x branch is currently advertised as supported, purely because of RHEL 8. So these fixes are tailor made for us.)
I've finished reviewing and testing a batch of upstream backports, which should let us roll the bug-fix 1.8.6 release: https://github.com/flatpak/flatpak/pull/4474
Built flatpak-1.8.6-1.el8: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42637149
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: flatpak security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1792