Hi, In my opinion security for users takes precedence. Of the ones listed, there's one with a high category:
https://ubuntu.com/security/CVE-2026-43618 https://ubuntu.com/security/notices/USN-8283-1?_gl=1*frdety*_gcl_au*MTEzMTUzMDc4MS4xNzgwMjQyNzAz https://security-tracker.debian.org/tracker/CVE-2026-43618 Maybe Debian backported a fix which you could use (I didn't check in detail), according to the tracker Trixie Security update is 'fixed' but it's 3.4.1: https://sources.debian.org/src/rsync/ Steve / Futurile On Sat, May 30, 2026 at 12:19:16AM +0900, Nguyễn Gia Phong via Development of GNU Guix and the GNU System distribution. wrote: > Hello Guix, > > As mentioned by Dariqq on Codeberg [1], the latest rsync version > comes with some regressions [2, 3, 4, 5] > while fixing some security issues [6]. > > 4 and 5 are particularly concerning to me as they can lead > to full disks and thus a tricky situation on BTRFS > (though I'd assume BTRFS users don't use rsync for backups?). > > I'd love some advices and opinions to navigate this situation. > > 1: https://codeberg.org/guix/guix/pulls/8817#issuecomment-16081154 > 2: https://github.com/RsyncProject/rsync/issues/897 > 3: https://github.com/RsyncProject/rsync/issues/922 (absolute source path) > 4: https://github.com/RsyncProject/rsync/issues/915 (--link-dest) > 5: https://github.com/RsyncProject/rsync/issues/910 (--delete-missing-args) > 6: https://github.com/RsyncProject/rsync/blob/v3.4.3/NEWS.md > > Best wishes, > Phong >
