Firefox security updates delayed on Ubuntu 21.10/22.04 by 2 weeks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
New
|
Undecided
|
Unassigned |
Bug Description
On home user machines running Ubuntu the Firefox snap security updates are being delayed by 2 weeks due to the way snap updates currently work (after sig). This is not acceptable security-wise.
The alternative is not acceptable from the user-experience point of view. Ask Ubuntu recommends manually killing firefox and running snap refresh from in order to get what is (generally) the latest point release: https:/
The experience in 20.04 (where the Firefox snap would crash upon the background snap update) is preferable to the current status from the security point of view.
Best Regards,
Ciprian Enache
How snap updates work:
1. If Firefox is running the user is notified that "Pending update of "firefox" snap. Close the app to avoid disruptions. (13 days left)"
2. If the user closes Firefox and reopens it 5-10 minutes later, or even 1-2 hours later, the Firefox snap will not be updated since the snap updates only happen at 2-4 times per day at specific times.
summary: |
- Firefox security updates delayed on Ubuntu 21.10/22.04 by at least 2 - weeks + Firefox security updates delayed on Ubuntu 21.10/22.04 by 2 weeks |
description: | updated |
information type: | Private Security → Public Security |
Hi, thanks for opening a bug report. There is ongoing work to ensure that, after the user is notified, the snap is refreshed once the user closes it (https:/ /bugs.launchpad .net/snapd/ +bug/1980271). This is currently considered the best compromise, since so that applications don't crash and refreshes happen as soon as the user allows them. Since there is no action to be taken here besides the continuing that work, I'll mark this bug as a duplicate of the one I linked previously. Thanks.