| 13 Oct 2024 |
 emily | "Breaking news: Mozilla will support the 115 series until 115.21 in March 2025. Maybe Thunderbird 128 will be stable by then. We will ship further versions in the 115 series." 🤔 | 18:25:48 |
| emily | is Thunderbird getting an ESR Gecko that Firefox isn't?? | 18:25:59 |
 hexa | uh what | 18:26:03 |
| emily | https://thunderbird.topicbox.com/groups/planning/T6689f5ad30cc4731-Mf77a2c4c3ba54c23286a9d04 | 18:26:11 |
| emily | lol | 18:26:16 |
| emily |
As you may know, Firefox has decided to extend support of 115 only for Windows 7/8 and macOS 10.12-10.14 until March 2025.
We will not be extending support of Thunderbird 115 in the same way. It will end as normally scheduled, so the last version will be 115.15.x (there may be one more minor update after 115.15.0).
| 18:26:19 |
| emily | ok the betterbird guy is just wrong (and the Firefox extension doesn't apply to us) | 18:26:27 |
| hexa | https://whattrainisitnow.com/calendar/ | 18:26:35 |
| hexa | hrm 🫠 | 18:26:40 |
| emily | though there's already 115.16 | 18:26:52 |
| emily | so maybe they changed their mind? | 18:26:58 |
| hexa | annoying | 18:27:00 |
| emily | I wonder about "for Windows 7/8 and macOS 10.12-10.14 until March 2025", though | 18:27:10 |
| emily | is that the reason to extend the support, or are they only committing to fixes for Windows/macOS? | 18:27:22 |
| emily | https://support.mozilla.org/en-US/kb/firefox-users-windows-7-8-and-81-moving-extended-support | 18:27:39 |
| hexa | sounds like harm reduction | 18:27:40 |
| emily |
Mozilla is providing critical security updates through the Firefox ESR channel up until the end of ESR version 115, March 2025.
| 18:27:47 |
| emily | it will go EOL before 25.05 anyway | 18:29:07 |
| emily | so probably best not to ship | 18:29:11 |
| hexa | we yank releases mid-cycle all the time for firefox | 18:30:13 |
| hexa | but yeah, I don't want the additional load | 18:30:23 |
| 14 Oct 2024 |
| hexa | https://github.com/NixOS/nixpkgs/pull/348396 coturn hardening, any takers? | 01:46:33 |
| hexa | https://github.com/NixOS/nixpkgs/pull/348406 avahi maybe? | 02:25:52 |
| hexa | 💤 | 02:26:26 |
 mattleon | I recently learned about this, but you can prevent access to any binaries not in the dependency closure with the `confinement.enable` setting, which should be step #1 for just about any service imho. | 12:27:03 |
| mattleon | https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix | 12:27:09 |
 Sandro 🐧 | In reply to @hexa:lossy.network
https://github.com/NixOS/nixpkgs/pull/348406 avahi maybe? If I don't forget I can try later with pulse network discovery | 13:49:43 |
| 15 Oct 2024 |
| hexa | https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/ | 12:02:09 |
| hexa |
We are disclosing two high-severity vulnerabilities in matrix-js-sdk and matrix-react-sdk related to MSC3061, which specifies sharing room keys with newly invited users for message history access.
| 12:02:25 |
 Valodim | ugh | 12:02:36 |
