We are currently shipping the flatpak-1.8.x series in RHEL 8.6, which is no longer actively maintained upstream. Meanwhile upstream has moved forward quite a bit. eg., there's the flatpak-1.10.x series (in Fedora 34 and RHEL 9 Beta) and the flatpak-1.12.x series (in Fedora >= 35 and RHEL 9). Later this year, around September, another new stable series will come out, which we will have in Fedora 37. I propose that we update the Flatpak stack in RHEL 8 by at least one step. Such as, rebasing flatpak to the 1.10.x series, which is still actively maintained upstream. There are some practical benefits to this: (a) It's a lot easier to backport patches to a newer branch. (b) We will get a lot of bug-fixes and improvements for free, including the fixes for moderate CVEs. (Important CVEs will still have to be backported all the way to RHEL 7.9z, so this won't reduce the work for those.)
Scratch build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43690739
Built flatpak-1.10.7-1.el8: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43709087
*** Bug 1888399 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (flatpak bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7459