CM 13.0 Release – ZNH5Y

DEF CON 24 is officially in the books, so what better time to release a new CM snapshot, full of new features and security updates? These releases were branched on August 1st, 2016 (branch stable/cm-13.0-ZNH5Y) and bring our snapshot releases up from Android 6.0.1 r17 to Android 6.0.1 r61.

The first thing you should notice is our new custom boot & dexopt screen, getting rid of that bright white for something a bit prettier and informative to look at while your phone upgrades; AMOLED users rejoice! Shoutout to Asher, Joey and Alexander M. for the awesome work!

On the features front, the full change log is linked off below, but we’ll call out some of the big ticket items:

  • Wi-Fi Tethering – automatically turn off hotspot after X minutes of inactivity
  • Profiles – add notification light controls
  • Do Not Disturb/Priority Mode – add notification light controls
  • Privacy Guard/App data usage – Restrict apps to Wi-Fi or Cellular data only or block all internet access, per app
  • Bluetooth Devices battery support – For compatible devices, a new battery icon will appear in the status bar to show the paired devices’ battery level
  • Lockscreen Wallpaper picker makes its return
  • Lockscreen Weather and new Weather plug in support – see weather blog post
  • Lockscreen Blur support (on a per device basis) and the ability to disable the effect
  • Live Lockscreen support
  • New LiveDisplay hardware enhancements and API
  • Snap Camera (per device basis)
  • Gello Browser (per device basis)
  • Lots of translations – shout out to the CM translations team on CrowdIn
  • Cyanogen Apps support (see blog post, x86 is not supported yet)
  • Additional CM SDK APIs
  • Security fixes galore

Full change log: http://pastebin.com/ptatg6kh

Speaking of security, let’s touch on a few items. First, this release incoporates every Android security bulletin this year to-date, with a reported security patch level of August 5th, see https://source.android.com/security/bulletin/2016-08-01.html and prior bulletins on what this entails.

Second, many users have likely read about the Quadrooter vulnerability coming out of DEF CON. Here, we have a bit of bad news. Of the four reported CVEs, we’ve been able to plug the ones that affected OSS code (ie the kernel), specifically CVE-2016-2059 and CVE-2016-5340. However, some of the reported vulnerabilities lie within OEM binary blobs, meaning we don’t have source access to resolve them.

So what does this mean? Unfortunately, for many devices we may never be able to completely resolve the outstanding issues, as OEMs are unlikely to release updated blobs across the generations of devices CM 13.0 supports, many of which were end of lifed on Lollipop or even earlier. We’d like to take this opportunity to remind you to be smart about where you source your applications, whether the Play Store, a FOSS equivelent or elsewhere on the internet – we’ve done our part to ensure the security of your device, but this and other parts are entirely up to you.

Builds will be rolling out as they complete from the build bots, with today’s roster below. As a reminder, you can flash this safely on top of the previous CM 13.0 ZNH0E releases without wiping. For further flashing instructions, see the wiki and the previous release post’s information.

Roster:

  • acclaim
  • angler
  • bacon
  • bullhead
  • cancro
  • crackling
  • d800
  • d801
  • d802
  • d803
  • deb
  • falcon
  • flo
  • flounder
  • flounder_lte
  • hammerhead
  • himaul
  • himawl
  • huashan
  • i9300
  • jflteatt
  • jfltespr
  • jfltetmo
  • jfltevzw
  • jfltexx
  • kipper
  • klte
  • kltechn
  • kltechnduo
  • klteduos
  • kltedv
  • kltekdi
  • kltespr
  • klteusc
  • kltevzw
  • lt03lte
  • m8d
  • maguro
  • mako
  • manta
  • maserati
  • mt2
  • otus
  • peregrine
  • serrano3gxx
  • serranoltexx
  • shamu
  • sprout4
  • sprout8
  • spyder
  • targa
  • thea
  • titan
  • toro
  • toroplus
  • umts_spyder
  • xt897
  • Z00L
  • Z00T

Happy Flashing,
The CyanogenMod Team

  • (kakshi360)

    what about Z00A zenfone 2 ???

  • Sangreal Arnica

    Exactly. Spoke at length with a Sony developer who said that the Android contracts were deliberately structured to create tiers of forced purchase, for example, Tablet Z Wi-fi Lollipop 5.1.1 users must purchase a new device, rather than get a Sony-supported upgrade to Marshmallow 6.0.