Snapd cannot find latest Firefox updates

Reinstalling Firefox indeed fixed the problem - but, again, that shouldn't be necessary for a fresh install, so I'll leave the issue open.

Same problem here, I have currently the laptop in this state and can offer it for debugging for a week or so (offered on #snappy).

In journal there is this line:
snapd[755]: storehelpers.go:748: cannot refresh: snap has no updates available: "bare", "core20", "firefox", "gnome-3-38-2004", "gtk-common-themes", "snap-store", "snapd", "snapd-desktop-integration"

However some of the other snaps did update before that, but firefox is stuck.

Can you please share the output of `snap info firefox` ?

I have the same problem, except the version I'm stuck on is 106.0.5-1, as reported by Firefox -> Help -> About, and by `snap info firefox`.

I have heard others say they have been upgraded to Firefox 107.0-2 but even though my system seems aware that version is available, a `sudo snap refresh` or `killall firefox && sudo snap refresh` informs me that all snaps are up to date.

The output of `snap info firefox`:-

name: firefox
summary: Mozilla Firefox web browser
publisher: Mozilla✓
store-url: https://snapcraft.io/firefox
contact: https://support.mozilla.org/kb/file-bug-report-or-feature-request-mozilla
license: unset
description: |
  Firefox is a powerful, extensible web browser with support for modern web application
  technologies.
commands:
  - firefox
  - firefox.geckodriver
snap-id: 3wdHCAVyZEmYsCMFDE9qt92UV8rC8Wdk
tracking: latest/stable
refresh-date: 11 days ago, at 12:55 GMT
channels:
  latest/stable: 107.0-2 2022-11-15 (2088) 249MB -
  latest/candidate: 107.0-2 2022-11-11 (2088) 249MB -
  latest/beta: 107.0b9-1 2022-11-04 (2062) 187MB -
  latest/edge: 109.0a1 2022-11-16 (2106) 193MB -
  esr/stable: 102.5.0esr-1 2022-11-15 (2077) 183MB -
  esr/candidate: 102.5.0esr-1 2022-11-08 (2077) 183MB -
  esr/beta: ↑
  esr/edge: 102.2.0esr-2 2022-09-02 (1793) 182MB -
installed: 106.0.5-1 (2067) 213MB -

I forgot to state I am using Kubuntu 22.04.1.

This is most likely because the updates have been throttled to ease the load on the snap store. So this is working as intended, although the UX is slightly confusing. Perhaps it would be better if snapd knew how to communicate this more clearly to the user.

On my system, it's been stuck on the old version for well over 24 hours now. If that's due to throttling on the Snap store, that really doesn't give me a whole lot of confidence in getting timely security updates.

If the actual reason could be communicated clearly to the user, that would be good. If less severe throttling could be done, that would be even better.

I think it's a good point that 1. Should be communicated clearly to the user, that there's throttling, but I'd like to make another point 2. People after fresh install should get a priority in the queue. I get that people might stay for a day or two on 106 when 107 is released, but staying on 103 (or earlier) for several days is not very acceptable.

$ snap info firefox
name: firefox
summary: Mozilla Firefox web browser
publisher: Mozilla✓
store-url: https://snapcraft.io/firefox
license: unset
description: |
  Firefox is a powerful, extensible web browser with support for modern web application
  technologies.
commands:
  - firefox
  - firefox.geckodriver
snap-id: 3wdHCAVyZEmYsCMFDE9qt92UV8rC8Wdk
tracking: latest/stable/ubuntu-22.04
refresh-date: tänään 09:20 EET
channels:
  latest/stable: 107.0-2 2022-11-15 (2088) 249MB -
  latest/candidate: 107.0-2 2022-11-11 (2088) 249MB -
  latest/beta: 107.0b9-1 2022-11-04 (2062) 187MB -
  latest/edge: 109.0a1 2022-11-16 (2103) 193MB -
  esr/stable: 102.5.0esr-1 2022-11-15 (2077) 183MB -
  esr/candidate: 102.5.0esr-1 2022-11-08 (2077) 183MB -
  esr/beta: ↑
  esr/edge: 102.2.0esr-2 2022-09-02 (1793) 182MB -
installed: 103.0.1-1 (1635) 171MB -
$ snap refresh
Kaikki snapit ovat ajan tasalla.

As an interesting detail my channel is latest/stable/22.04, not latest/stable like in comment #5.

If this is the result of a phased rollout as suggested, then the feature seems a little *ill-advised*

1. My impression was the entire point of having a build of Firefox supplied by Mozilla directly was to ensure timely security updates. Does the snapd team have any protocol for if a critical security update? Would there be a few hours/days of delay like now? And would the vulnerability then reoccur any time someone installs Ubuntu from an ISO produced before the vulnerability was fixed?

2. The app should have some way of communicating this to the user, otherwise it just creates a confusing experience. I'm not the only one who's filed a bug in the past few days over this behaviour (see #1996626).

3. The rollout ideally shouldn't occur if the user is running `snap refresh` manually. If a user is doing that, they may have a good reason why they want the latest release.

I believe the throttling was put in place as a temporary measure to prevent the snap store from going down due to the large amount of firefox snap active installs that were requesting a refresh all at the same time.

I believe that if one runs `snap refresh firefox` enough times, they will eventually get the update downloaded and installed.

Regardless, there is clearly room for improvement of the user experience here.

For what it's worth, my Firefox snap finally updated this morning, nearly two days after release.

Hi there,

I can confirm that Firefox is not released progressively. Once the release is out, all clients will get it on their next refresh (i.e. as fast as possible).

That said, in this case we were experiencing abnormally high network load which together with an actual network issue, required applying an emergency rate-limiting mechanism to allow us to cope with the extra traffic.

Since this mechanism is used only in emergencies, it's a bit rough around the edges, and I would prefer to devote our energies to improving the official progressive release system; with that in mind, some of the suggestions in this bug make sense and we'll be sure to take them into account as we make the progressive release feature more widely available.

One other thing: Liam said:

"The rollout ideally shouldn't occur if the user is running `snap refresh` manually. If a user is doing that, they may have a good reason why they want the latest release."

Doing a manual "snap refresh" should work as you describe and fully bypass throttling, however we just discovered that this feature was disabled on our side due to snapd not being compatible with it yet. As it happens, a snapd version that properly supports this was released last week, so we will be able to activate the "snap refresh bypasses throttling" thing at some point next week.

Per the above I'm marking this bug won't fix, but we plan to keep these requests in mind as I mentioned.

I was also being repeatedly told that there was an update, and could see that there were seven security issues rated 'high impact' in the version I was on, all of them available to any bad actor who looked at what had changed, and yet was denied access to it for two days.

Doing 'snap info firefox' told me 107.0 was the current latest/stable, but 'snap refresh firefox' repeatedly denied that any updates were available.

"we just discovered that this feature was disabled on our side"

Oops.

So the end result was that Ubuntu both deliberately (not letting automatic updates work) and accidentally (not realising manual updates were also blocked) withheld published security fixes to a large chunk of its desktop users that it had more or less forced to use the snap store for a critical application.

That's Not Very Good At All, is it?

I don't think this is the first time this has happened either, albeit not for as long as two days.

About the only positive outcome is that I know that, yes, I really do prefer Firefox to the Chromium-based browsers that I was using for those two days, but it's making me wonder just how much Ubuntu values its desktop users. (You know, the sort of people who get their organisation to use Ubuntu on the servers.)

.. and today, literally seconds apart:

me@pc:~$ sudo snap refresh
All snaps up to date.
me@pc:~$ sudo snap refresh firefox
firefox 108.0.1-1 from Mozilla✓ refreshed

I am not checking each and every application individually just in case security updates are being "rationed" and 'sudo snap refresh' is lying to me about everything being up to date.

Having to add that line to update scripts was annoying, this is unacceptable.

No more snap store here or on any of the servers: I simply cannot trust it.