Confirmed users
2,816
edits
Release Management/Chemspill: Difference between revisions
m
Formatting changes
m (→Past chemspills: added details for most recent issues) |
m (Formatting changes) |
||
| Line 1: | Line 1: | ||
==Definition== | |||
"Chemspill" is a term used to describe a security-driven rapid release. | "Chemspill" is a term used to describe a security-driven rapid release. | ||
| Line 11: | Line 12: | ||
==Past chemspills== | ==Past chemspills== | ||
===2019 Jun "Coinbase hack"=== | |||
2 chemspills during all hands work week. | |||
* Versions: | |||
** Jun 18 - [https://www.mozilla.org/firefox/67.0.3/releasenotes/ 67.0.3], 60.7.1esr, Firefox for Android 67.0.3 | |||
** Jun 20 - [https://www.mozilla.org/firefox/67.0.4/releasenotes/ 67.0.4], 60.7.2esr, Firefox for Android 67.0.4 | |||
* Bug(s): {{Bug|1559845}}; {{Bug|1544386}}; {{Bug|1559858}} | |||
* Notes: [https://docs.google.com/document/d/1sU_fTnDqcsGtQ4DFPybnz0Xfl7FD1xbV5XuKOwfZPk0/edit Incident doc]; [https://docs.google.com/document/d/1lhGq1H-ErCZBLgS3UPTzT60T0BjIlPNvEydY676YPQo/edit retrospective] | |||
===2019 May "Armagadd-on 2"=== | |||
Not a security breach but a rapid and focused single-issue dot release, which we treated as a chemspill in some ways. | |||
* Versions: [https://www.mozilla.org/firefox/66.0.4/releasenotes/ 66.0.4], 60.6.2esr, 67.0b17 | |||
* Bug(s): {{Bug|1548973}} | |||
* Notes: Incident doc; [https://docs.google.com/document/d/1zW3RS1YGQ2caO5zi_yIbocc5U-PEvoy86oG6ICjMj5E/edit?ts=5cf84366 Technical report]; [https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/ ESR's Mozilla Hacks post] | |||
===pwn2own 2019=== | |||
* Versions: 66.0.1, | |||
* Bug: | |||
* Notes: | |||
===pwn2own 2018 Mar 15=== | |||
* Versions: 59.0.1 | |||
* Bug: | |||
* Notes: [https://docs.google.com/document/d/1LMDCDBPeE6GIi54nlqbo3alyQg25bVcmiUa_QSlA20k/edit?disco=AAAABtlQJ18&ts=5aab2838 Incident doc] - [https://hacks.mozilla.org/2018/03/shipping-a-security-update-of-firefox-in-less-than-a-day/ Mozilla Hacks post] on this chemspill | |||
===2018 Jan: Spectre/Meltdown=== | |||
* Versions: 58.0.1 , 57.0.4. | |||
* Bug(s): | |||
* Notes: [https://docs.google.com/document/d/1etb_MY4MZoIVOdcEjHFicTCTC6TvyhKGTLqz3q2yg3w/edit incident doc] | |||
===2017 Dec: tab crash issue=== | |||
Not quite a chemspill but was treated as such | |||
* Versions: 57.0.3, | |||
* Bug(s): [https://bugzilla.mozilla.org/show_bug.cgi?id=1424373 Bug 1424373] | |||
* Notes: [https://docs.google.com/document/d/1yXvxmEAV96k5fYknuCnm5NTfyk-vCpll2N_jMz7FRkw/edit?ts=5a3abcf3 incident doc] | |||
===2017 Mar, pwn2own=== | |||
* Versions: 52.0.1 | |||
* Bug(s): [https://bugzilla.mozilla.org/show_bug.cgi?id=1348168 Bug 1348168] | |||
* Notes: | |||
===2016 Nov 30, SVG 0day=== | |||
* Versions: 50.0.2, 51.0b5, and 45.5.1esr. | |||
* Bug(s): [https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 Bug 1321066] | |||
* Notes: | |||
===2016 , "Armagadd-on"=== | |||
* Versions: | |||
* Bug(s): | |||
* Notes: https://public.etherpad-mozilla.org/p/bug-1267318 | |||
* | ===Feb 2016 Service workers issue=== | ||
* Versions: 44.0.2 | |||
* Bug(s): [https://bugzilla.mozilla.org/show_bug.cgi?id=1245724 1245724] | |||
* Notes: | |||
===Aug 2015, Graphite2=== | |||
* Versions: ESR 38 | |||
* Bug: | |||
* Notes: | |||
===Aug 2015, pdf.js issue=== | |||
* Versions: 39.0.3, 38.1.1 | |||
* Bug(s): [https://bugzilla.mozilla.org/show_bug.cgi?id=1191284 1191284] | |||
* Notes: | |||
* Mar 2015 | ===Apr 2015=== | ||
* Versions: 39.0.3. | |||
* Bug(s): | |||
* Notes: | |||
===Mar 2015=== | |||
* Versions: 36.0.3/36.04 and 31.5.2/31.5.3 | |||
* Bugs: 1144988, 1145870 | |||
* Notes: (these were at https://etherpad.mozilla.org/36-0-chemspill-Post-Mortem) | |||