On Mon, 25 Apr 2016, Jarek Polok wrote:
On 04/25/2016 02:32 AM, ToddAndMargo wrote:
Hi All,
Seems like SL7 is not keeping up with Firefox and Thunderbird
updates anymore. EL Linux is suppose to keep up with security updates
but Red Hat obviously picks and chooses: Firefox and Thunderbird
are typically left unpatched.
That is incorrect, see:
# rpm -q firefox --changelog
shows:
* Thu Mar 03 2016 Jan Horak <[email protected]> - 38.7.0-1
- Update to 38.7.0 ESR
We are in an awkward edge case at the moment.
We are in the overlap when there are two versions of Firefox ESR
supported by Mozilla: 45 and 38.
As to which minor versions are current, it may be about to get simpler as
https://calendar.google.com/calendar/embed?src=mozilla.com_2d37383433353432352d3...@resource.calendar.google.com
suggests that we should see 38.8 esr and 45.1 esr from Mozilla tomorrow
(Tuesday 26th April).
As things stand on Monday, the *source* of almost any mozilla web page
includes (near the very top) the line:
<html class="windows x86 no-js" lang="en" dir="ltr"
data-latest-firefox="45.0.2"
data-esr-versions="38.7.1 45.0.2">
https://www.mozilla.org/firefox/38.7.1/releasenotes/
Version 38.7.1, first offered to ESR channel users on March 16, 2016
Fixed
Loading from history can show the wrong url in the location bar (Bug
1256194)
Changed
Disabled Graphite font shaping library
As I understand it, neither of these fix known security issues.
38.7.0 does fix a security issue in graphite, the change in 38.7.1
is to disable graphite in case there are more issues.
I am not clear whether graphite is installed on Red Hat systems.
So, Red Hat and SL are not shipping the latest version of Firefox ESR 38.7
but the missing patches do not cause known security issues.
In my experience of previous Firefox ESR major releases,
Red Hat stay with the older supported version as long as possible,
ie until a security update is released for the new version,
but not for the old version.
I'd expect Red Hat to stay with Firefox ESR 38 until mainline 47.0.1 is
released.
*** Thunderbird isn't as actively developed as Firefox,
*** so doesn't have the "release early, release often" mainline releases
*** and releases work differently from Firefox.
--
Andrew C Aitchison
