On 25/04/16 04:51, ToddAndMargo wrote: > On 04/24/2016 07:43 PM, ToddAndMargo wrote: >>>> On Apr 24, 2016 20:32, "ToddAndMargo" <toddandma...@zoho.com >>>> <mailto:toddandma...@zoho.com>> wrote: >>>> >>>> Hi All, >>>> >>>> Seems like SL7 is not keeping up with Firefox and Thunderbird >>>> updates anymore. EL Linux is suppose to keep up with security >>>> updates >>>> but Red Hat obviously picks and chooses: Firefox and Thunderbird >>>> are typically left unpatched. >>>> >>>> Is there some repo out there for Firefox and Thunderbird to >>>> fills the gap? Or, should I go back to using the binaries >>>> from releases.mozilla.org <http://releases.mozilla.org>? >>>> >>>> Many thanks, >>>> -T >> >> On 04/24/2016 07:13 PM, Stephen John Smoogen wrote: >>> Why do you think they are unpatched? The Firefox and Thunderbird are >>> based off the upstream extended release cycle versions and not the >>> latest type. So the security fixes which are in ESR are there but new >>> features are not. If you need new features then you will need to work >>> from the upstream tar balls >> >> Hi Steven, >> >> That is just wishful thinking. As vulnerabilities are discovered >> they are not added to the ESR, or if the are, we don't see them. >> Have you seen a single update come through to the current ESR? >> It is set and forget. EL picks and chooses what they will keep >> up to date. Firefox and Thunderbird ain't one of them. >> >> Do you know of a repo that does keep Firefox and Thunderbird >> up to date? Or am I stuck with the binaries? >> >> -T >> > > > We are currently 38.7.0 ESR. As far as ESR goes, it is on > 45.0 > > http://releases.mozilla.org/pub/firefox/releases/45.0esr/
Please have a look at the "What does the Mozilla Firefox ESR life cycle look like?" section in the ESR faq. 38.7.0 is still a release being up-to-date on the Firefox 38 base release. <https://www.mozilla.org/en-US/firefox/organizations/faq/> -- kind regards, David Sommerseth