Greetings from the Mozilla Add-ons team!

Mozilla has upgraded the signing for Firefox extensions, themes, dictionaries, and language packs to provide a stronger signature for a more secure add-ons ecosystem. This upgrade may impact add-on versions uploaded to https://addons.mozilla.org (AMO) differently depending on the date they were uploaded and whether they are self-distributed or distributed via AMO. Please see below for which add-ons will be affected.

For developers of add-on versions hosted on AMO that were uploaded prior to April 5, 2019.

  • No action will be required; the most recent public version of your add-on will be re-signed automatically April 25, 2024 resulting in a version bump

  • Developers will receive a confirmation email once the auto re-signing of their add-on is complete

For developers of add-on versions self-distributed that were uploaded prior to April 5, 2019.

  • Action will be required as Mozilla is not able to automatically re-sign unlisted versions since the distribution is controlled by the developer and thus the AMO team cannot determine which version(s) to re-sign

  • Action required: To continue to distribute any self-hosted versions uploaded to AMO prior to Apr 5, 2019, developers will need to submit new versions to AMO.

Self-distributed add-on versions that are not re-submitted by Apr 15 will no longer be installable on any version of Firefox 127: Nightly (Apr 15), Beta (May 13) or Release (Jun 11). Add-ons installed prior to Firefox 127 will continue to work for now, but we ask that you encourage your users to upgrade to the new, re-signed version of your add-on once you have re-submitted it to AMO. Any previous versions that are no longer in use do not need to be re-submitted to AMO.

Please feel free to reply to this email if you have any questions.

Regards,

Mozilla Add-ons team

  • 𝘋𝘪𝘳𝘬@lemmy.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    8 months ago

    Then you’re crewed.

    You either have all your extensions scanned and verified, or you need to disable extension verification completely and for all extensions.You can upload the extensions as unlisted. They’re still get a generic hash/ID though. In this case the scanning and verification is done automatically and you then can go to the back-end and manually download the verified package and install it locally.

    It’s not as easy as in all other browsers available in the world, but that is how it is.