Please put the complete date of the security patch date in the release notes

Hi,

in your release notes it just says :

Security fixes

This /e/OS 3.0.4 version includes the Android security patches available as of June 2025.

Please give the complete date in the documentation as this is important for the anti rollback feature that may brick the phone.

Example:
e/OS Version 3.04 has the patch date of 01.06.2025
Latest Fairphone OS has the patch date 05.06.2025

In this case i can not lock the bootloader as the e/OS patchdate is older than the official FairphoneOS that was installed previously.

I needed to install several tools to extract the flashfile to find this out. Please put the exact date into the documentation - would be very helpfull and cost no efford.

Thank you
Oliver

Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online servicesphone

3 Likes

Have passed on the feedback to the team.

5 Likes

I have added the tag documentation-inputs @Manoj.

Since about early this year there has been a change in the way that the Android Security Bulletins https://source.android.com/docs/security/bulletin/2025-06-01 are dated as per example in OP.

How does this affect users in the “Can I lock my Fairphone” decision ?

Does the Anti rollback index rely on

  • day - month - year
  • or is the month of the Android SPL sufficient?
1 Like

if you mean the 1st vs 5th of date distinction framework vs vendor, it was introduced July 2016 or even earlier

examples of ril index integers I’ve seen are unix epoch derived from the date, so the full date matters

1 Like

Thanks for the clarification. Sloppy wording on my part but I guess I was just drawing attention to the bulletin’s date of publication where I gave a recent example of the bulletin itself containing the date 01-06-2025.

It seemed to me as if Google have become more upfront about dating as many of us have got used to seeing Android SPL consistently 5th of the month until more recently.

the implicit meaning of what the OP presents is: /e/ v3.0.4 doesn’t include the vendor firmware partition updates that fairphone currently ships. Or one forgot to set the string.

1 Like

I struggle with assessing how out of date (or not) /e/OS is for the different Fairphones… how would one properly assess this?

Also, one step further, if Fairphone provides security updates, it does mean all base hardware issues should be addressed, right? So as long as Fairphone still supports the device (update latency notwithstanding), the device should be patched, right?

“assessing”: SPL dates aren’t inherently wrong though intransparent. There was a CVE checker that did analysis on-device (SnoopSnitch), but I don’t think its kept updated.

“the device should be patched”: someone at /e/ has to bundle the firmware, do kernel vendor fixes, it’s not automatic

1 Like

Yes, alright.

Assuming Fairphone pushes out a new FP OS version, and /e/OS gets the relevant bits from there, we’re ok?

if you want to dig into it, look at the device kernel repo, firmware version strings and framework base. But it is another thread. This here is just about some help in knowing the SPL of the image offered to prevent rollback bricks.

1 Like

How very right you are.