Download links:

• Thorium.Setup.3.3.1-beta.1.22873692871.exe

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Download links:

• Thorium.Setup.3.3.1-beta.1.22873692871.exe

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Download links:

• Thorium-3.3.1-beta.1.22873692871.dmg

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Download links:

• Thorium-3.3.1-beta.1.22873692871-arm64.dmg

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Download links:

• EDRLab.ThoriumReader_3.3.1-beta.1.22873692871_amd64.deb
• Thorium-3.3.1-beta.1.22873692871.AppImage

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Download links:

• EDRLab.ThoriumReader_3.3.1-beta.1.22873692871_arm64.deb
• Thorium-3.3.1-beta.1.22873692871-arm64.AppImage

(build job: https://github.com/edrlab/thorium-reader/actions/runs/22873692871)

Summary

Version 3.3.0 was released on 09 December 2025.

THIS RELEASE FIXES A CRITICAL SECURITY BUG. There is no known exploit in the wild, but the risk does exist and must be taken seriously. It is therefore extremely recommended to update Thorium Desktop reader and to stop using previous releases. The bugfix will not be "backported" to earlier versions.

This is a high-severity vulnerability in the sense that a successful attack would require no user interaction other than opening and reading an EPUB file containing malicious Javascript (for example by double-clicking on the EPUB from the file explorer, or by clicking on a web link associated with Thorium Desktop reader). If such hypothetical attack occured, it would likely be silent and hard to detect.

The security hole would allow malicious Javascript to escape the web browser sandbox and to run programs on the victim's computer. This type of attack is known as RCE "Remote Code Execution", which could potentially result in personal information being exfiltrated, backdoors being installed, files being deleted, etc.

The security hole was first discovered by Thorium Desktop developers, immediately followed by a wider audit of the potential attack surface across the application's software stack. This led to further security fixes listed in the itemized changelog below.

The vulnerability was also reported by security researchers who provided an example script to demonstrate the method. This will be documented and the reporters will be credited for their input. A detailed technical report will be published and kept up-to-date directly in the source code repository. Maintainers of Thorium Desktop forks will be strongly encouraged to integrate fixes in their own codebase.

Note that when EPUB publications are distributed by trusted publishers, it is unlikely that users might fall victims of such malicious EPUBs / Javascript. However, many e-books are distributed via alternative channels that could be targeted by ill-intentioned actors to exploit the vulnerabilities present in older Thorium Desktop releases. For this reason, it is strongly recommended to update the application.

This release includes the following (notable) new features, improvements and bug fixes:

• Upgraded to Electron v38
• Updated translations
• New feature: "customization profiles". This offers an alternative to forking the Thorium Desktop codebase, via a plugin mechanism that declaratively expresses modifications to "vanilla" Thorium Desktop reader (color themes, bundled publications and feeds, application logo, etc.).
• Fix: more performant filesystem persistence of "notes" (annotations and bookmarks) via a dedicated SQLite database, backward compatibility with the JSON format of older versions of the application (this currently causes a delay when the software closes, but this will be fixed in a near-future revision)
• Fix: improved integration of OPDS with the local bookshelf, ability to navigate to the downloaded publication.
• Fix: HTML tables that are constrained by the viewport height now take into account the zoom / font size.
• Fix: pages.xml pagemap support, handling of encrypted resources (does not crash XML parser anymore)
• Fix: page list GUI was crashing because of missing link title (page break name).
• Fix(internationalization): locale-dependent date display.
• Fix(OPDS): filter buy/borrow/subscribe links based on supported content type.
• Fix(OPDS): authentication NONCE and ID handled identically, i.e. both present triggers the match check, any missing means that the check is skipped.
• Fix(PDF): persistent user configuration for zoom level, layout, etc.
• Feature(PDF): 2-page spread with even/odd user-configurable option.
• Feature(TTS): faster speech rates are now available.
• Fix(LCP): persisted hashed passphrase was not resolved correctly when importing from OPDS feeds due to lack of license provider information. Also fixed asynchronous filesystem input/output which was causing race conditions.
• Fix(TTS): readaloud voice selection was broken when no language was specified in the HTML markup.
• Fix(filesystem): cross-platform file naming rules / filename sanitization, was slugification which is for URLs and eliminates useful information (affects OPDS temporary file download, annotations and bookmarks notes export, publication save-as).
• Fix(notes): annotations and bookmark import/export, handling of CSSSelector and ProgressionSelector.
• Fix(OPDS): improved user interface, better catalog navigation experience.
• Feature(OPDS): added login/logout button in catalog entries.
• Fix(accessibility): screen reader detection was resulting in false positives because of keyboard utility apps (for example) so now assisitive technology continues to be automatically detected but users must explicitely activate support in global application settings.
• Fix(regression): password-protected PDF files are now supported again (Mozilla PDF.js integration).
• Fix(supply chain security): NPM packages now checked via Socket Firewall more regularly to verify direct and transitive dependencies. Also disabled package.json NPM install pre/post scripts execution to protect developer environments.
• Fix(security): Electron Fuses cookie encrypt-on-write (Chromium store) and ASAR integrity check (Windows and Mac, no Linux support)
• Fix(security): stricter permissions for notifications, clipboard, fullscreen, etc. in HTML webview renderer.
• Fix(security): HTTP requests safeguard fence with isURL utility which explicitly prevents non-HTTP(S) links.
• Fix(security): some type of hyperlink activation was causing the external web browser to open (keyboard modifiers).
• Fix(security): stricter Electron webview partionning to manage individual browsing sessions.
• Fix(security): disabled Javascript entirely in PDF files (Mozilla PDF.js integration).
• Fix(security): additional downstream safeguards to prevent filesystem access above root folder for protocol handlers of ReadiumCSS and PDF.js (URL syntax is already implicitly normalised upstream to prevent ../../ backpaths, but better include some explicit redundancy)
• Fix(security): serve publication UUID to webview instead of base64-encoded filesystem path in order to avoid leaking user home folder name in scripted contexts such as EPUB HTML documents (window.location).
• Fix(security): more secure extraction of PDF cover images, via an Electron sandboxed webview and a context-isolated preload script.
• Fix(security): OPDS feed authentication now defaults to the user's installed web browser instead of the internal webview (which remains available as a less-secure alternative fallback authentication flow, just in case operating-system integration of OPDS callback URL from external web browser into Thorium Desktop does not work as intended).
• Fix(security): added redundant safeguards for Electron shell.openExternal() in application code, to prevent injection of unwanted behaviour from third-party content (e.g. publication metadata).

Summary

Version 3.2.2 was released on 19 August 2025

This release includes the following (notable) new features, improvements and bug fixes:

• Upgraded to the Electron v37 revision which fixes the screen reader detection regression introduced in Thorium v3.2.1
• Fixed accessibility issues related to previous/next backward/forward GUI buttons (labelling and semantic region containers for screen readers, and inert/disabled commands)
• Updated translations

Summary

Version 3.2.1 was released on 11 August 2025

NOTE: version 3.2.0 was published as a pre-release with only Linux and Windows installers (MacOS was missing at that point). This pre-release was removed when a fixed-layout zoom bug was discovered. This bug is now fixed and will be published in patched version 3.2.1. Apologies for the inconvenience, especially to the few Linux or Windows users who downloaded Thorium version 3.2.0. You will get the notification when 3.2.1 is available.

This release includes the following (notable) new features, improvements and bug fixes:

• Thorium is now based on Electron v37 (and its updated Chromium version). Version 37 introduced a regression bug with audio/video streaming (time seeking) but this was fixed in time for this Thorium release.
• Localisation: added and updated translations, fixed Chinese handling (was incorrectly triggering RTL)
• PDF: new print feature, updated PDF.js rendering library
• Annotations/bookmarks: exports raw data (JSON format, W3C standard) as well as HTML template. Export is possible outside of a reader window (from the library / local bookshelf)
• Annotation highlights: support for EPUB CFI in data import/export (Colibrio open-source lib)
• Annotations/bookmarks: added a warning message when a publication that contains bookmarks/annotations is about to be removed (suggestion to export the notes)
• Annotations/bookmarks: harmonized models, editor GUI for textual notes, tag, etc.,
• Annotations/bookmarks: support for emojis via GitHub-flavoured Markdown
• Annotations/bookmarks: rendering engine displays floating popup with text excerpt on mouse hover
• Annotation highlights: now with named colours as opposed to just arbitrary RGB triplets
• Bookmarks: new visual indicator in document margins
• Bookmarks: fine-grain "current reading location" detection (mouse click) for precise character-level bookmarking (still default to implicit leading text position in visible text)
• Annotations: when highlights are hidden (not even in margin), and the user selects text + creates annotation, nothing was displayed which was causing confusion and multiple user attempts to create (duplicates). This forces the display of annotations when the user creates.
• GUI: improved the horizontal publication strips in the library window, now scrolls natively and snaps to publication covers boundaries (panning works with mouse wheel, touch swipe, arrow keys etc.)
• TTS: new highlight styles configuration GUI
• TTS readaloud fixes: on last spine item natural play ending (publication finish), turn off TTS "play on click" behaviour, also: hide annotations while playing, restore after stop. Also fixed race condition during play, click, auto forward progression, switch document backwards/forwards, and natural document/publication end (handles annotations hide/restore, continues to ignore hyperlink clicks during active readaloud, until stopped by user or automatically by TTS engine)
• TTS: fixed potential crash in Linux when selecting synthetic speech voices
• TTS: horizontally-centered TTS utterance with minimal jittering in scrolling mode
• TTS: improved readaloud mouse tracking with paragraph spanning across page boundary
• TTS: fixed pause/stop event which was causing GUI flicker
• TTS: voice selection supports multiple per-language user preferences
• Keyboard shortcuts: list / editor now with search filtering by keyword, duplicate detection, and localized labels.
• Keyboard shortcuts: user overrides now persist correctly in json partial data structure on filesystem (was incorrecty serialising all shortcuts including defaults).
• Keyboard shortcuts: display correct characters for non-QWERTY keyboard
• Navigation: fixed hyperlinking into search results which wasn't inserting history events for go back/forward
• Navigation: fixed popup footnotes back/forward hyperlinking history
• OPDS: fixed the OAuth flow which needed to be restarted when a refresh token was revoked or invalid
• Accessibility: updated support for the display guide specification
• LCP: improved LSD network timeout, added async loading spinner (GUI)
• DAISY import: fixed virtual zip archive handling of subfolders (DAISY2.02 NCC.html non-zipped publication folder, for example)
• EPUB3 Media Overlays: fixed playback of precorded audio clips with implicit natural stream ending, also fixed edge case of HTML documents that start with markup that doesn't participate in SMIL synchronization (seek ahead algorithm)
• EPUB3 Media Overlays: added GUI control checkbox for "ignore MO and read with TTS instead"
• EPUB3 Media Overlays (and DAISY2.02 DAISY3.0): improved synchronised text-audio talking books, which now fallback on TTS when pre-recorded audio clips are not present in SMIL par pairs (only text reference). Can be full SMIL-TTS book, or partial interspersed / mixed TTS / audio-clips.
• GUI: fixed the bottom progression bar which was not capable of handling great numbers of spine items, now minimum mouse cursor hit size (width) required
• Accessibility: fixed keyboard focus handling inside HTML documents, screen reader detection to avoid interfering during scroll repositioning, also avoiding element focus during selection change.
• Screen reader fix: left/right arrow hot key binding to "page turn" interferes potentially with current reading location during screen reader usage
• Accessibility fix: "skip link" in reader window is equivalent to FocusMainDeep CTRL F10 with SHIFT
• Fixed TTS Japanese Ruby handling, baseline text DOMRange-rendered but not spoken, unless Ruby is hidden/disabled. Also increased underline gap hoping to eliminate rendering artefacts in Windows
• Fix: DAISY3 DTBOOK parser was choking on 60,000 lines / 8MB frontmatter
• LCP fix: PDF import workaround for servers that respond with HTTP header content-disposition for PDF filename instead of LCPDF
• Fixed Windows publication export filename which cannot contain ":" colon
• Added support for PNLD EPUB extension (in addition to .epub and .epub3)
• Accessibility fix: automatically disable pagination (CSS columns in reflowable documents) when screen reader is detected
• Fixed AccessibleDfA typeface (dyslexic)
• Adopted ReadiumCSS font-size / zoom fix
• Image zoom/pan GUI now implemented in Thorium via localizable React GUI
• Fixed Arabic and other Right To Left metadata accessibility summary and author/publisher/contributor in publication info dialog
• Fixed zoom in pre-paginated / fixed-layout EPUB, and keyboard shortcuts for zoom in/out/reset which were not working in "zen mode"
• Fixed HTTP header content-disposition filename handling (sanitization for cross-platform Windows, Linux, Mac filesystems)

Summary

Version 3.2.0 was PRE-released on 01 August 2025.

UPDATE: version 3.2.0 was published as a pre-release with only Linux and Windows installers (MacOS was missing at that point). This pre-release was removed when a fixed-layout zoom bug was discovered. This bug is now fixed and will be published in patched version 3.2.1. Apologies for the inconvenience, especially to the few Linux or Windows users who downloaded Thorium version 3.2.0. You will get the notification when 3.2.1 is available.