Open source browser vendor Mozilla changed its development roadmap this year with a move toward a rapid release cycle for their Firefox browser. Firefox releases now come out every 6 weeks, which has been cause for some concern from enterprise users that cannot keep up with accelerated pace.
In an effort to help meet the needs of the enterprise user community, Mozilla has formed an Enterprise Working Group (EWG) to help find some common ground between the development need for rapid releases and enterprise need for longer cycles of support.
“The faster release cadence gives organizations a shorter period of time to certify and use new releases, and the lack of maintenance on older releases can expose organizations using them to security risks,” Mozilla developer Kev Needham wrote in a mailing list posting.
As such, Mozilla has now come up with a proposal for what they refer to as an Extended Support Release (ESR). Instead of the current six week cycle, the ESR release of Firefox will be maintained for 42 weeks.
“Maintenance of each ESR, through point releases, would be limited to high-risk/impact security vulnerabilities and would also include chemspills (off-schedule releases that address live security vulnerabilities),” Mozilla’s proposal states. “Backports of any functional enhancements and/or stability fixes would not be in scope.”
That maintenance cycle also represent a risk for those enterprises that choose to adopt the ESR release. Mozilla admits that an ESR release will become less secure than the current release of Firefox over time. The reason is that only high-risk security patches are set to be backported and new features that have the potential to improve security are not.
Currently the latest Firefox release is version 6, with version 7 set to be released next week. The first ESR release will be either Firefox 8 or 9 later this year. As it stands, Mozilla is already delivering an extended support release of sorts with Firefox 3.6 which was first released in January of 2010.
The ESR proposal currently indicates that Firefox 3.6 will be end-of-lifed 12 weeks after the initial ESR is offered.
Mozilla’s efforts to try and satisfy enterprise user demands is also part of Mozilla’s overall strategy to unseat Microsoft’s Internet Explorer browser.
“In keeping with the Mozilla Mission, the ESR will give deployment groups an alternative to IE for their users while maintaining/extending Firefox’s footprint in a managed environment, which is in the tens of millions of users (or more!),” Mozilla’s ESR proposal states.