Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Gabriel Aguiar Noury
on 27 January 2023

ROS 2 Foxy and ROS Melodic EOL – Keep your robots up and running


ROS Melodic EOL is around the corner. With more than 1,004 repositories in rosdistro, Melodic is among the top 3 ROS distributions (with Indigo and Kinetic). Together with Ubuntu 18.04 LTS, Melodic was widely used by many pioneering companies who deployed the first ROS devices to market. By the end of April, both distributions will reach EOL.

ROS 2 Foxy is also approaching EOL this year. While the number of devices deployed with Foxy is low, Foxy’s EOL will also impact some of us. In this blog, we will cover the implications for robot makers and the different options you have to keep your machines running smoothly.

Implications of ROS Melodic EOL and ROS 2 Foxy EOL 

From April 2023, ROS Melodic EOL and ROS 2 Foxy EOL will stop getting any maintenance. For companies with deployed devices, this could become a major obstacle. For those using ROS Melodic, Ubuntu 18.04 will also reach the end of the standard support

Most organisations using robots need to comply with cybersecurity requirements. Using the company network for a device with software no longer supported is a breach of these requirements (from a simple laptop to a robot). As such, robotics users will reasonably demand their robotics suppliers to update their devices. The consequences of failing to do so could vary and they cannot be taken lightly. 

Take for instance ROS Kinetic EOL, which entered EOL in April 2020. Canonical has released more than 1,400 CVE patches for our ESM customers using ROS Kinetic and Ubuntu 16.04 ESM. Companies that have not updated their fleet of devices are missing patches for critical, high and medium Common Vulnerabilities and Exposures (CVEs). This makes their devices and users a target.

What can you do if you’re impacted by ROS 2 Foxy and ROS Melodic EOL?

Companies with deployed devices in the market should migrate to a supported distribution. 

If you have major dependencies that rely on ROS 1, then the most reasonable step is to stay in ROS 1. The latest LTS distribution for ROS 1 is Noetic. But please keep in mind: 

  • Some of your ROS packages may still need to be supported in newer distributions of ROS.
  • Some APIs from your current configuration might depend on specific versions of the applications and libraries of Ubuntu Xenial. For example, Python 2.7 is no longer supported by ROS 1 Noetic or ROS 2 (For more information please read transitioning to Python 3). 

You can also move to ROS 2. If you are already using Foxy, you know that ROS 2 provided several benefits over ROS 1. However, migrating is not a straightforward process. ROS 2 comes with a learning curve, a different build environment, more C++ 11, a higher number of built-in functions and support for Python 3 only. Here you can find a complete migration guide for ROS 2 Humble. 

Keep in mind that you will also need to address your migration path for Ubuntu. We advise you to have a look at Ubuntu Core. While Ubuntu Desktop and Server can be used for robotics, Ubuntu Core is optimised for these kinds of devices. With out-of-the-box features such as OTA update control, low-touch device recovery, strict confinement, secure boot, and more, Ubuntu Core makes it easier to deploy and manage devices. It also comes with a longer window of standard support: 10 years. That’s ideal for robots that have to be out there in the field for a while. 

The migration shouldn’t be painful. Bundling all your dependencies using snaps, you can move from your Desktop or Server system to Core. 

Can’t migrate? Get Canonical’s ROS ESM

Sometimes migration is not straightforward. Migrating a vast code base of robots takes time and resources. Dealing with dependency changes can be troublesome. It also implies redoing the whole test phase as well as re-experiment the stability. Besides, simply recalling devices from the field could represent a major task for your organization. Sometimes, robots might operate in mission-critical systems where downtime could create major losses.

While the aim is to migrate eventually, you might need some time. ESM gives you 5 extra years before ROS Melodic EOL and ROS 2 Foxy EOL.

Canonical’s ROS ESM (short for Expanded Security Maintenance) addresses these issues. As part of the Ubuntu Pro subscription, ROS ESM gives you up to 5 more years of security maintenance for ROS 1 Kinetic and Melodic, and ROS 2 Foxy. 

ROS ESM covers REP-142 ‘ros_base’ for ROS 1 Kinetic and Melodic and its equivalent ‘ros core’ for ROS 2 Foxy. This includes packages as python-catkin, python-rosdep, ros-${ROS_DISTRO}-ros-core…, ros-${ROS_DISTRO}-genmsg/rosbag…, per supported ROS distribution. 

Get ROS ESM

For more information about ROS ESM:

Beyond ROS 2 Foxy and ROS Melodic EOL

While ROS 2 Foxy is not a widely adopted ROS distribution, ROS Melodic is. Paired with Ubuntu 18.04, Melodic is built on top of more than 2,300 packages from Ubuntu Main repositories. You find packages such as Python, OpenSSL, OpenVPN, network-manager, sed, curl, systemd, udev, bash, OpenSSH, login, libc… Packages that will stop getting standard support for Ubuntu 18.04. 

Beyond Ubuntu Main, companies also leverage packages from Ubuntu Universe. More than 23,000 packages are in this category. For example, Boost, Qt, OpenCV, PCL, python-(argcomplete, opencv, pybind11, png…), cython, eigen, GTK, FFMPEG… Some of these packages will also reach their EOL. For the whole list of what’s included in Main, you can visit the Ubuntu Packages Search tool

Ubuntu Pro now covers the whole stack; ROS, Main and Universe to provide companies with a definitive solution. All of these are under a single subscription for up to 5 extra years.

ROS ESM is part of Ubuntu Pro

ESM is part of the Ubuntu Pro subscription. Besides getting ESM, customers can also enjoy other services like:

For more information about the Ubuntu Pro subscription visit the webpage, and the service description.

Consuming ROS ESM updates 

You can consume only security-related updates, or both security updates and bug fixes when you purchase Ubuntu Pro. This user introduction document has all you need to get started. In essence, you do not have to make changes to your current ROS application. ROS ESM simply enables a new PPA for you to consume updates. This reduces the downtime or resources needed to migrate to ROS ESM. 

For more information read our FAQ blog about ROS ESM

Moving forward

ROS ESM extends the support window of ROS and Ubuntu an extra 5 years. While ROS ESM allows you to be compliant for the time being, you can also explore your migration path. 

For instance, you can use tools like the ROS 1 – ROS 2 bridge. This can help you develop new features on ROS2 while keeping your current ROS1 with the security offered by ESM. It gives you some latitude to plan your next move.  

Summary- ROS 2Foxy and ROS Melodic EOL implications

As ROS Melodic, ROS 2 Foxy and Ubuntu 18.04 reach EOL in April of 2023, companies that have deployed devices with this LTS need to take action. Staying on an EOL distribution is a security risk that device manufacturers can’t afford. While migration to a supported LTS is the main recommendation, we understand this is not possible for everyone. If that’s the case for you, you can rely on ESM to get extra time.  
Get in touch if you need advice on the best path for your company.

Related posts


gbeuzeboc
25 September 2024

TurtleBot3 OpenCR firmware update from a snap

IoT Article

The TurtleBot3 robot is a standard platform robot in the ROS community, and it’s a reference that Canonical knows well, since we’ve used it in our tutorials. As a matter of fact, we use it to demonstrate some of our work, such as distributing a ROS stack through snaps. This robot embeds two boards, a ...


gbeuzeboc
15 June 2023

ROS architectures with snaps

Robotics Article

Choosing the right architecture can be hard, but we want to help. In this blog, we’ll look at different architectures and their pros and cons. We’ll also show you how to apply the chosen architecture to a mobile robot software stack with three essential apps. With this blogpost, we will see the different ROS architectures ...


Jeremie Deray
5 May 2023

ROS development on Linux, Windows and macOS

Robotics Article

Historically ROS has been developed on top of Ubuntu, relying on the distribution as a stable base providing tools (like GCC, CMake, Python to name a few) and libraries (such as Boost, Eigen, PCL) and following its release cycle (a distribution per year, an LTS every two years). This synergy has worked great for more ...