Hello,
I was wondering why the recent Chromium and Firefox security updates arent fast tracked? Both contain a high rated CVE. I’m guessing you guys are aware of those releases but decided against a fast track release. I would like to understand why.
(Thanks for all the great work on Manjaro. Love this distro! <3 )
I couldnt find a release note explicitly for Chromium but the CVE is the same
They are. But even the team members are only human, and not everyone is always available at the same time.
Furthermore, we are following Arch, so if they don’t have the updated versions yet, then neither do we. 
P.S.: Firefox 119 is currently in Testing, but I see no updated version of Chromium yet in either of the three branches. So as I said, we’ll have to wait for Arch to catch up.
Thanks a lot for the fast reply! I imagined there is some kind of automation to handle security sensitive updates. But at the same time I have no understanding on how you guys orchestrate all this in the background. Glad to see this is already noticed.
At the time of writing Chromium and Firefox both have the recent update on Arch. Can you estimate how long the Firefox security update stays in testing usually?
https://archlinux.org/packages/extra/x86_64/chromium/
https://archlinux.org/packages/extra/x86_64/firefox/
If all goes well, then they should arrive in Stable somewhere within the next 48 hours, and then it’s only a matter of time anymore of the mirrors catching up.
If all goes well, that is. 
The updated chromium and firefox have now hit the mirrors. 
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.