I’m on Ubuntu 22.04. Stock Thunderbird is behind in updates now.
$ apt policy thunderbird thunderbird: Installed: 1:102.2.2+build1-0ubuntu0.22.04.1 Candidate: 1:102.2.2+build1-0ubuntu0.22.04.1 Version table: *** 1:102.2.2+build1-0ubuntu0.22.04.1 500 500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages 100 /var/lib/dpkg/status 1:91.8.0+build2-0ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
The current release is 102.4.1. I understand that Thunderbird updates only occasionally. I did notice that Thunderbird updated immediately to include the patch for the zero day exploit unearthed at pwn2own.
If you look at the Thunderbird Security Advisories page the recent exploits have this message included.
So the fact that Thunderbird is behind in updates doesn’t really matter. There is also this excerpt from a post.
I guess what I’m really wondering is if maybe the maintainers are strategically updating Thunderbird when it really needs it such as with the pwn2own zero day but letting it slide when the danger is not so great? Or is it just that they get to it when they can?
EDIT: Forgot to add that I’ve seen other posts in the forums saying that Ubuntu 22.04 is a LTS and updates are only when needed. Which would seem to imply that Thunderbird is indeed updated when needed.