Ubuntu Pro was made available on January 26, 2023, and from this day users would be notified that they can now get security packages for ESM Apps with an Ubuntu Pro account.
Canonical later on February 21, 2023, published an official FAQ about Ubuntu Pro.
In short, the previous Ubuntu Advantage subscription offered the following:
... continued security fixes for high and critical common vulnerabilities
and exposures (CVEs) for the packages in the Ubuntu main and
restricted archives for x86-64 architectures ...
However, with the new Ubuntu Pro subscription, this area of coverage has been expanded:
Pro
Main + Universe: 10 years
2,300 packages in the Ubuntu Main repo included in Infra-only, plus an
additional 23,000+ packages in the Ubuntu Universe repository for 10
years
As an interesting side note, there was a bug, where all users would get this notification, even if they're on an unsupported architecture (like arm64 etc.).
So ESM Apps is the designation used by Canonical for the packages in the universe repository that gets 10 years of security updates with an Ubuntu Pro subscription.
Ubuntu Pro access is a paid service for companies, but individual users can get a free token for up to 5 machines (including either physical or virtual machines) by logging in to the Ubuntu Pro Dashboard.
To remove the additional nag screens from the apt update dialogue, please see this Q&A.
Clarification from Thomas Ward concerning security updates for Universe packages:
Some applications are only 'updated' in the ESM repositories, but if
you don't want to enroll in free ESM you can still update your system
as normal with -updates and -security but you won't get 'newer'
updates for things. ... You can
ignore the ESM message if you don't want ESM - it's informational only - items in esm-apps are "newer" than what's in the main repositories but that's due to there not being community-volunteered updates for
the -updates or -security pockets.
Further investigation of ESM Apps and their security upgrades:
One example of a package that has ESM security upgrades is imagemagick. (Thanks Philippe Gaucher)
An installation of imagemagick on a machine without an Ubuntu Pro token gives this result:
$ apt policy imagemagick
imagemagick:
Installed: 8:6.9.11.60+dfsg-1.3build2
Candidate: 8:6.9.11.60+dfsg-1.3build2
Version table:
*** 8:6.9.11.60+dfsg-1.3build2 500
500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
100 /var/lib/dpkg/status
While an installation of imagemagick on a machine with an Ubuntu Pro token gives this result:
$ apt policy imagemagick
imagemagick:
Installed: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1
Candidate: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1
Version table:
*** 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1 500
500 https://esm.ubuntu.com/apps/ubuntu jammy-apps-security/main amd64 Packages
100 /var/lib/dpkg/status
8:6.9.11.60+dfsg-1.3build2 500
500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Conclusion
The Ubuntu Pro ESM Apps should be seen as an additional support channel for those who wish to opt in with it. Here, the Ubuntu developers roll out in-house universe security patches (additional backports of new patches against historical versions of the packages), which was previously not available. If you don't opt in to this, you get exactly the same upstream support for universe packages as before Ubuntu Pro (under the Ubuntu Advantage subscription).
In addition, ESM Apps are only available for the x86_64 architecture, so no matter what, these upgrades are not available for other platforms, such as arm64.
