ChangeLog.txt 174 KB
Newer Older
1
Tor Browser 8.5a2 -- September 24 2018
Georg Koppen's avatar
Georg Koppen committed
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 * All platforms
   * Update Tor to 0.3.5.1-alpha
   * Update Torbutton to 2.1
     * Bug 27097: Tor News signup banner
     * Bug 27663: Add New Identity menuitem again
     * Bug 27175: Add pref to allow users to persist custom noscript settings
     * Bug 27760: Use new NoScript API for IPC and fix about:blank issue
     * Bug 26624: Only block OBJECT on highest slider level
     * Bug 26555: Don't show IP address for meek or snowflake
     * Bug 27478: Torbutton icons for dark theme
     * Bug 27506+14520: Move status version to upper left corner for RTL locales
     * Bug 27558: Update the link to "Your Guard note may not change" text
     * Bug 21263: Remove outdated information from the README
     * Translations update
   * Update Tor Launcher to 0.2.16.5
     * Bug 27469: Adapt Moat URLs
     * Translations update
     * Clean-up
   * Update NoScript to 10.1.9.6
   * Bug 27763: Restrict Torbutton signing exemption to mobile
   * Bug 26146: Spoof HTTP User-Agent header for desktop platforms
   * Bug 27543: QR code is broken on web.whatsapp.com
   * Bug 27264: Bookmark items are not visible on the boomark toolbar
   * Bug 27535: Enable TLS 1.3 draft version
   * Bug 27623: Use MOZILLA_OFFICIAL for our builds
27
   * Backport of Mozilla bug 1490585, 1475775, and 1489744
Georg Koppen's avatar
Georg Koppen committed
28
29
30
31
32
33
34
 * Windows:
   * Bug 26381: about:tor page does not load on first start on Windows
 * Linux:
   * Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3
   * Bug 27552: Use bundled dir on CentOS/RHEL 6
   * Bug 26556: Fix broken Tor Browser icon path on Linux

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Tor Browser 8.5a1 -- September 5 2018
 * All platforms
   * Update Firefox to 60.2.0esr
   * Update Tor to 0.3.4.7-rc
   * Update OpenSSL to 1.0.2p
   * Update Torbutton to 2.0.6
     * Bug 27401: Start listening for NoScript before it loads
     * Bug 27276: Adapt to new NoScript messaging protocol
     * Bug 26884: Use Torbutton to provide security slider on mobile
     * Bug 26962: Circuit display onboarding
     * Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
     * Bug 26490: Remove the security slider notification
     * Bug 27301: Improve about:tor behavior and appearance
     * Bug 27097: Add text for Tor News signup widget
     * Bug 27214: Improve the onboarding text
     * Translations update
   * Update Tor Launcher to 0.2.16.4
     * Bug 25405: Cannot use Moat if a meek bridge is configured
     * Bug 27392: Update Moat URLs
     * Translations update
   * Update HTTPS Everywhere to 2018.8.22
   * Update NoScript to 10.1.9.1
   * Bug 26962: New feature onboarding
   * Bug 27403: The onboarding bubble is not always displayed
   * Bug 27283: Fix first-party isolation for UI tour
   * Bug 27213: Update about:tbupdate to new (about:tor) layout
   * Bug 26670: Make canvas permission prompt respect first-party isolation
   * Bug 26561: .onion images are not displayed
   * Bug 21787: Spoof en-US for date picker
   * Bug 21607: Disable WebVR for now until it is properly audited
   * Bug 21549: Disable wasm for now until it is properly audited
   * Bug 26614: Disable Web Authentication API until it is properly audited
   * Bug 27281: Enable Reader View mode again
   * Bug 26114: Don't expose navigator.mozAddonManager to websites
   * Bug 26048: Fix potentially confusing "restart to update" message
   * Bug 27221: Purge startup cache if Tor Browser version changed
   * Bug 26049: Reduce delay for showing update prompt to 1 hour
   * Bug 25405: Cannot use Moat if a meek bridge is configured
Georg Koppen's avatar
Georg Koppen committed
73
   * Bug 27268+27257+27262+26603: Preferences clean-up
74
75
76
77
78
79
80
81
 * Windows
   * Bug 26381: Work around endless loop during page load and about:tor not loading
   * Bug 27411: Fix broken security slider and NoScript interaction on Windows
 * Build System
   * All Platforms
     * Bug 27061: Enable verification of langpacks checksums
     * Bug 27178+27179: Add support for xz compression in mar files

Georg Koppen's avatar
Georg Koppen committed
82
83
84
85
86
87
Tor Browser 8.0 -- September 5 2018
 * All platforms
   * Update Firefox to 60.2.0esr
   * Update Tor to 0.3.3.9
   * Update OpenSSL to 1.0.2p
   * Update Libevent to 2.1.8
88
   * Update Torbutton to 2.0.6
Georg Koppen's avatar
Georg Koppen committed
89
90
91
92
93
94
95
96
     * Bug 26960: Implement new about:tor start page
     * Bug 26961: Implement new user onboarding
     * Bug 26962: Circuit display onboarding
     * Bug 27301: Improve about:tor behavior and appearance
     * Bug 27214: Improve the onboarding text
     * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
     * Bug 26100: Adapt Torbutton to Firefox 60 ESR
     * Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
97
     * Bug 27401: Start listening for NoScript before it loads
Georg Koppen's avatar
Georg Koppen committed
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
     * Bug 26430: New Torbutton icon
     * Bug 24309: Move circuit display to the identity popup
     * Bug 26884: Use Torbutton to provide security slider on mobile
     * Bug 26128: Adapt security slider to the WebExtensions version of NoScript
     * Bug 27276: Adapt to new NoScript messaging protocol
     * Bug 23247: Show security state of .onions
     * Bug 26129: Show our about:tor page on startup
     * Bug 26235: Hide new unusable items from help menu
     * Bug 26058: Remove workaround for hiding 'sign in to sync' button
     * Bug 26590: Use new svg.disabled pref in security slider
     * Bug 26655: Adjust color and size of onion button
     * Bug 26500: Reposition circuit display relay icon for RTL locales
     * Bug 26409: Remove spoofed locale implementation
     * Bug 26189: Remove content-policy.js
       * Bug 26544: Images are not centered anymore
     * Bug 26490: Remove the security slider notification
     * Bug 25126: Make about:tor layout responsive
     * Bug 27097: Add text for Tor News signup widget
     * Bug 21245: Add da translation to Torbutton and keep track of it
     * Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
     * Translations update
  * Update Tor Launcher to 0.2.16.3
     * Bug 23136: Moat integration (fetch bridges for the user)
     * Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
     * Bug 26985: Help button icons missing
     * Bug 25509: Improve the proxy help text
     * Bug 26466: Remove sv-SE from tracking for releases
     * Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
     * Translations update
   * Update HTTPS Everywhere to 2018.8.22
   * Update NoScript to 10.1.9.1
   * Update meek to 0.31
     * Bug 26477: Make meek extension compatible with ESR 60
   * Update obfs4proxy to v0.0.7 (bug 25356)
   * Bug 27082: Enable a limited UITour for user onboarding
   * Bug 26961: New user onboarding
   * Bug 26962: New feature onboarding
135
   * Bug 27403: The onboarding bubble is not always displayed
Georg Koppen's avatar
Georg Koppen committed
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
   * Bug 27283: Fix first-party isolation for UI tour
   * Bug 27213: Update about:tbupdate to new (about:tor) layout
   * Bug 14952+24553: Enable HTTP2 and AltSvc
     * Bug 25735: Tor Browser stalls while loading Facebook login page
   * Bug 17252: Enable TLS session identifiers with first-party isolation
   * Bug 26353: Prevent speculative connects that violate first-party isolation
   * Bug 26670: Make canvas permission prompt respect first-party isolation
   * Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
   * Bug 26456: HTTP .onion sites inherit previous page's certificate information
   * Bug 26561: .onion images are not displayed
   * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
   * Bug 26833: Backport Mozilla's bug 1473247
   * Bug 26628: Backport Mozilla's bug 1470156
   * Bug 26237: Clean up toolbar for ESR60-based Tor Browser
   * Bug 26519: Avoid Firefox icons in ESR60
   * Bug 26039: Load our preferences that modify extensions (fixup)
   * Bug 26515: Update Tor Browser blog post URLs
   * Bug 26216: Fix broken MAR file generation
   * Bug 26409: Remove spoofed locale implementation
   * Bug 25543: Rebase Tor Browser patches for ESR60
   * Bug 23247: Show security state of .onions
   * Bug 26039: Load our preferences that modify extensions
   * Bug 17965: Isolate HPKP and HSTS to URL bar domain
   * Bug 21787: Spoof en-US for date picker
   * Bug 21607: Disable WebVR for now until it is properly audited
   * Bug 21549: Disable wasm for now until it is properly audited
   * Bug 26614: Disable Web Authentication API until it is properly audited
   * Bug 27281: Enable Reader View mode again
   * Bug 26114: Don't expose navigator.mozAddonManager to websites
   * Bug 21850: Update about:tbupdate handling for e10s
   * Bug 26048: Fix potentially confusing "restart to update" message
   * Bug 27221: Purge startup cache if Tor Browser version changed
   * Bug 26049: Reduce delay for showing update prompt to 1 hour
   * Bug 26365: Add potential AltSvc support
   * Bug 9145: Fix broken hardware acceleration on Windows and enable it
   * Bug 26045: Add new MAR signing keys
   * Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
   * Bug 19910: Rip out optimistic data socks handshake variant (#3875)
   * Bug 22564: Hide Firefox Sync
   * Bug 25090: Disable updater telemetry
   * Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
   * Bug 13575: Disable randomised Firefox HTTP cache decay user tests
   * Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
   * Bug 24995: Include git hash in tor --version
   * Bug 27268+27257+27262+26603 : Preferences clean-up
   * Bug 26073: Migrate general.useragent.locale to intl.locale.requested
   * Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
     * Bug 12927: Include Hebrew translation into Tor Browser
     * Bug 21245: Add danish (da) translation
 * Windows
   * Bug 20636+10026: Create 64bit Tor Browser for Windows
     * Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
     * Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
     * Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
     * Bug 12968: Enable HEASLR in Windows x86_64 builds
   * Bug 26381: Work around endless loop during page load and about:tor not loading
192
   * Bug 27411: Fix broken security slider and NoScript interaction on Windows
Georg Koppen's avatar
Georg Koppen committed
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
   * Bug 22581: Fix shutdown crash
   * Bug 25266: PT config should include full names of executable files
   * Bug 26304: Update zlib to version 1.2.11
   * Update tbb-windows-installer to 0.4
     * Bug 26355: Update tbb-windows-installer to check for Windows7+
   * Bug 26355: Require Windows7+ for updates to Tor Browser 8
 * OS X
   * Bug 24136: After loading file:// URLs clicking on links is broken on OS X
   * Bug 24243: Tor Browser only renders HTML for local pages via file://
   * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
   * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
 * Linux
   * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
   * Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
   * Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
   * Bug 26951+18022: Fix execdesktop argument passing
   * Bug 24136: After loading file:// URLs clicking on links is broken on Linux
   * Bug 24243: Tor Browser only renders HTML for local pages via file://
   * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
   * Bug 20283: Tor Browser should run without a `/proc` filesystem.
   * Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
 * Build System
215
   * All Platforms
Georg Koppen's avatar
Georg Koppen committed
216
217
218
219
220
     * Bug 26362+26410: Use old MAR format for first ESR60-based stable
     * Bug 27020: RBM build fails with runc version 1.0.1
     * Bug 26949: Use GitHub repository for STIX
     * Bug 26773: Add --verbose to the ./mach build flag for firefox
     * Bug 26319: Don't package up Tor Browser in the `mach package` step
221
     * Bug 27178: Add support for xz compression in mar files
Georg Koppen's avatar
Georg Koppen committed
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
     * Clean up
   * Windows
     * Bug 26203: Adapt tor-browser-build/tor-browser for Windows
     * Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
     * Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
     * Bug 26206: Ship pthread related dll where needed
     * Bug 26396: Build libwinpthread reproducible
     * Bug 25837: Integrate fxc2 into our build setup for Windows builds
     * Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
     * Bug 25894: Get a rust cross-compiler for Windows
     * Bug 25554: Bump mingw-w64 version for ESR 60
     * Bug 23561: Fix nsis builds for Windows 64
       * Bug 13469: Windows installer is missing many languages from NSIS file
     * Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
     * Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
     * Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
     * Bug 18287: Use SHA-2 signature for Tor Browser setup executables
     * Bug 25420: Update GCC to 6.4.0
     * Bug 16472: Update Binutils to 2.26.1
     * Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
     * Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
     * Bug 18691: Switch Windows builds from precise to jessie
   * OS X
     * Bug 24632: Update macOS toolchain for ESR 60
     * Bug 9711: Build our own cctools for macOS cross-compilation
     * Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
     * Bug 26003: Clean up our mozconfig-osx-x86_64 file
     * Bug 26195: Use new cctools in our macosx-toolchain project
     * Bug 25975: Get a rust cross-compiler for macOS
     * Bug 26475: Disable Stylo to make macOS build reproducible
     * Bug 26489: Fix .app directory name in tools/dmg2mar
   * Linux
     * Bug 26073: Patch tor-browser-build for transition to ESR 60
     * Bug 25481: Rust support for tor-browser and tor
     * Bug 25304: Update GCC to 6.4.0
     * Bug 16472: Update Binutils to 2.26.1

Georg Koppen's avatar
Georg Koppen committed
259
260
261
262
263
264
265
266
267
268
269
270
Tor Browser 8.0a10 -- August 20 2018
 * All platforms
   * Update Tor to 0.3.4.6-rc
   * Update Torbutton to 2.0.2
     * Bug 26960: Implement new about:tor start page
     * Bug 26961: Implement new user onboarding
     * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
     * Bug 26590: Use new svg.disabled pref in security slider
     * Bug 26655: Adjust color and size of onion button
     * Bug 26500: Reposition circuit display relay icon for RTL locales
     * Bug 26409: Remove spoofed locale implementation
     * Bug 26189: Remove content-policy.js
Georg Koppen's avatar
Georg Koppen committed
271
       * Bug 26544: Images are not centered anymore
Georg Koppen's avatar
Georg Koppen committed
272
273
274
275
276
277
278
279
280
281
282
283
     * Bug 27129: Add locales ca, ga, id, is, nb
     * Translations update
   * Update Tor Launcher to 0.2.16.2
     * Bug 26985: Help button icons missing
     * Bug 25509: Improve the proxy help text
     * Bug 27129: Add locales ca, ga, id, is, nb
     * Translations update
   * Update NoScript to 10.1.8.16
   * Update meek to 0.31
     * Bug 26477: Make meek extension compatible with ESR 60
   * Bug 27082: Enable a limited UITour for user onboarding
   * Bug 26961: New user onboarding
284
   * Bug 14952+24553: Enable HTTP2 and AltSvc
Georg Koppen's avatar
Georg Koppen committed
285
     * Bug 25735: Tor Browser stalls while loading Facebook login page
Georg Koppen's avatar
Georg Koppen committed
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
   * Bug 17252: Enable TLS session identifiers with first-party isolation
   * Bug 26353: Prevent speculative connects that violate first-party isolation
   * Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
   * Bug 26456: HTTP .onion sites inherit previous page's certificate information
   * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
   * Bug 26833: Backport Mozilla's bug 1473247
   * Bug 26628: Backport Mozilla's bug 1470156
   * Bug 26237: Clean up toolbar for ESR60-based Tor Browser
   * Bug 26519: Avoid Firefox icons in ESR60
   * Bug 26039: Load our preferences that modify extensions (fixup)
   * Bug 26515: Update Tor Browser blog post URLs
   * Bug 27129: Add locales ca, ga, id, is, nb
   * Bug 26216: Fix broken MAR file generation
   * Bug 26409: Remove spoofed locale implementation
   * Bug 26603: Remove obsolete HTTP pipelining preferences
 * Windows
   * Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
   * Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
   * Bug 12968: Enable HEASLR in Windows x86_64 builds
   * Update tbb-windows-installer to 0.4
     * Bug 26355: Update tbb-windows-installer to check for Windows7+
   * Bug 26355: Require Windows7+ for updates to Tor Browser 8
 * OS X
   * Bug 26795: Bump snowflake to 6077141f4a for bug 25600
 * Linux
   * Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
   * Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
   * Bug 26951+18022: Fix execdesktop argument passing
   * Bug 26795: Bump snowflake to 6077141f4a for bug 25600
 * Build System
316
   * All Platforms
Georg Koppen's avatar
Georg Koppen committed
317
318
319
320
321
322
323
324
325
326
327
     * Bug 26410: Stop using old MAR format in the alpha series
     * Bug 27020: RBM build fails with runc version 1.0.1
     * Bug 26949: Use GitHub repository for STIX
     * Bug 26773: Add --verbose to the ./mach build flag for firefox
     * Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
     * Bug 26319: Don't package up Tor Browser in the `mach package` step
   * OS X
     * Bug 26489: Fix .app directory name in tools/dmg2mar
   * Windows
     * Bug 27152: Use mozilla/fxc2.git for the fxc2 repository

Georg Koppen's avatar
Georg Koppen committed
328
329
330
331
332
Tor Browser 8.0a9 -- June 27 2018
 * All platforms
   * Update Firefox to 60.1.0esr
   * Update Tor to 0.3.4.2-alpha
   * Update Libevent to 2.1.8
Georg Koppen's avatar
Georg Koppen committed
333
   * Update Torbutton to 2.0.1
Georg Koppen's avatar
Georg Koppen committed
334
     * Bug 26100: Adapt Torbutton to Firefox 60 ESR
Georg Koppen's avatar
Georg Koppen committed
335
     * Bug 26430: New Torbutton icon
Georg Koppen's avatar
Georg Koppen committed
336
337
338
339
340
341
     * Bug 24309: Move circuit display to the identity popup
     * Bug 26128: Adapt security slider to the WebExtensions version of NoScript
     * Bug 23247: Show security state of .onions
     * Bug 26129: Show our about:tor page on startup
     * Bug 26235: Hide new unusable items from help menu
     * Bug 26058: Remove workaround for hiding 'sign in to sync' button
Georg Koppen's avatar
Georg Koppen committed
342
     * Bug 20628: Add locales da, he, sv, and zh-TW
Georg Koppen's avatar
Georg Koppen committed
343
     * Translations update
Georg Koppen's avatar
Georg Koppen committed
344
   * Update Tor Launcher to 0.2.16.1
Georg Koppen's avatar
Georg Koppen committed
345
346
     * Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
     * Bug 20890: Increase control port connection timeout
Georg Koppen's avatar
Georg Koppen committed
347
     * Bug 26466: Remove sv-SE from tracking for releases
Georg Koppen's avatar
Georg Koppen committed
348
349
     * Bug 20628: Add more locales to Tor Browser
     * Translations update
350
   * Update HTTPS Everywhere to 2018.6.21
Georg Koppen's avatar
Georg Koppen committed
351
352
353
354
   * Update NoScript to 10.1.8.2
   * Bug 25543: Rebase Tor Browser patches for ESR60
   * Bug 23247: Show security state of .onions
   * Bug 26039: Load our preferences that modify extensions
Georg Koppen's avatar
Georg Koppen committed
355
   * Bug 17965: Isolate HPKP and HSTS to URL bar domain
Georg Koppen's avatar
Georg Koppen committed
356
   * Bug 26365: Add potential AltSvc support
Georg Koppen's avatar
Georg Koppen committed
357
   * Bug 9145: Fix broken hardware acceleration on Windows and enable it
Georg Koppen's avatar
Georg Koppen committed
358
359
360
361
362
   * Bug 26045: Add new MAR signing keys
   * Bug 22564: Hide Firefox Sync
   * Bug 25090: Disable updater telemetry
   * Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
   * Bug 26073: Migrate general.useragent.locale to intl.locale.requested
Georg Koppen's avatar
Georg Koppen committed
363
   * Bug 20628: Make Tor Browser available in da, he, sv-SE, and zh-TW
Georg Koppen's avatar
Georg Koppen committed
364
365
366
367
368
369
370
371
372
     * Bug 12927: Include Hebrew translation into Tor Browser
     * Bug 21245: Add danish (da) translation
 * Windows
   * Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
   * Bug 22581: Fix shutdown crash
   * Bug 26424: Disable UNC paths to prevent possible proxy bypasses
   * Bug 26304: Update zlib to version 1.2.11
 * OS X
   * Bug 24052: Backport fix for bug 1412081 for better file:// handling
Georg Koppen's avatar
Georg Koppen committed
373
374
375
   * Bug 24136: After loading file:// URLs clicking on links is broken on OS X
   * Bug 24243: Tor Browser only renders HTML for local pages via file://
   * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
Georg Koppen's avatar
Georg Koppen committed
376
377
378
379
   * Bug 24632: Disable snowflake for now until its build is fixed
   * Bug 26438: Remove broken seatbelt profiles
 * Linux
   * Bug 24052: Backport fix for bug 1412081 for better file:// handling
Georg Koppen's avatar
Georg Koppen committed
380
381
382
   * Bug 24136: After loading file:// URLs clicking on links is broken on Linux
   * Bug 24243: Tor Browser only renders HTML for local pages via file://
   * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
Georg Koppen's avatar
Georg Koppen committed
383
384
385
386
   * Bug 26153: Update selfrando to be compatible with Firefox 60 ESR
   * Bug 22242: Remove RUNPATH in Linux binaries embedded by selfrando
   * Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
 * Build System
387
  * All Platforms
Georg Koppen's avatar
Georg Koppen committed
388
389
390
391
392
393
394
395
396
397
398
399
    * Bug 26362: Use old MAR format for first ESR60-based alpha
    * Clean up
  * Windows
    * Bug 26203: Adapt tor-browser-build/tor-browser for Windows
    * Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
    * Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
    * Bug 26206: Ship pthread related dll where needed
    * Bug 26396: Build libwinpthread reproducible
    * Bug 25837: Integrate fxc2 into our build setup for Windows builds
    * Bug 25894: Get a rust cross-compiler for Windows
    * Bug 25554: Bump mingw-w64 version for ESR 60
    * Bug 23561: Fix nsis builds for Windows 64
Georg Koppen's avatar
Georg Koppen committed
400
      * Bug 13469: Windows installer is missing many languages from NSIS file
Georg Koppen's avatar
Georg Koppen committed
401
402
    * Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
    * Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
Georg Koppen's avatar
Georg Koppen committed
403
    * Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
Georg Koppen's avatar
Georg Koppen committed
404
    * Bug 18287: Use SHA-2 signature for Tor Browser setup executables
Georg Koppen's avatar
Georg Koppen committed
405
    * Bug 16472: Update Binutils to 2.26.1
Georg Koppen's avatar
Georg Koppen committed
406
407
408
409
410
411
412
  * OS X
    * Bug 24632: Update macOS toolchain for ESR 60
    * Bug 9711: Build our own cctools for macOS cross-compilation
    * Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
    * Bug 26003: Clean up our mozconfig-osx-x86_64 file
    * Bug 26195: Use new cctools in our macosx-toolchain project
    * Bug 25975: Get a rust cross-compiler for macOS
Georg Koppen's avatar
Georg Koppen committed
413
    * Bug 26475: Disable Stylo to make macOS build reproducible
Georg Koppen's avatar
Georg Koppen committed
414
415
416
417
  * Linux
    * Bug 26073: Patch tor-browser-build for transition to ESR 60
    * Bug 25540: Stop building and distributing sandboxed tor browser
    * Bug 25481: Rust support for tor-browser and tor
Georg Koppen's avatar
Georg Koppen committed
418
    * Bug 16472: Update Binutils to 2.26.1
Georg Koppen's avatar
Georg Koppen committed
419

Georg Koppen's avatar
Georg Koppen committed
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
Tor Browser 7.5.6 -- June 26 2018
 * All platforms
   * Update Firefox to 52.9.0esr
   * Update Tor to 0.3.3.7
   * Update Tor Launcher to 0.2.14.5
     * Bug 20890: Increase control port connection timeout
   * Update HTTPS Everywhere to 2018.6.21
     * Bug 26451: Prevent HTTPS Everywhere from freezing the browser
   * Update NoScript to 5.1.8.6
   * Bug 21537: Mark .onion cookies as secure
   * Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
   * Bug 25721: Backport patches from Mozilla's bug 1448771
   * Bug 25147+25458: Sanitize HTML fragments for chrome documents
   * Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
 * Windows
   * Bug 26424: Disable UNC paths to prevent possible proxy bypasses

Georg Koppen's avatar
Georg Koppen committed
437
438
439
440
441
442
443
444
445
446
Tor Browser 8.0a8 -- June 10 2018
 * All platforms
   * Update Firefox to 52.8.1esr
   * Bug 26098: Remove amazon-meek

Tor Browser 7.5.5 -- June 10 2018
 * All platforms
   * Update Firefox to 52.8.1esr
   * Bug 26098: Remove amazon-meek

Georg Koppen's avatar
Georg Koppen committed
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
Tor Browser 8.0a7 -- May 9 2018
 * All platforms
   * Update Firefox to 52.8.0esr
   * Update Tor Launcher to 0.2.15.2
     * Bug 25807: Change front domain to unbreak Moat
     * Translations update
   * Bug 25973: Backport off-by-one fix (bug 1352073)
   * Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
   * Bug 25458: Fix broken UI customization
   * Bug 25898: Make Youtube videos play automatically again
   * Bug 25980: Improve backport of bug 1448771 (fixes broken Orfox build)
 * OS X
   * Bug 26010: Change Snowflake rendezvous to use the Azure domain front
 * Linux
   * Bug 26010: Change Snowflake rendezvous to use the Azure domain front

Georg Koppen's avatar
Georg Koppen committed
463
464
465
466
467
468
469
470
471
472
473
Tor Browser 7.5.4 -- May 9 2018
 * All platforms
   * Update Firefox to 52.8.0esr
   * Update HTTPS Everywhere to 2018.4.11
   * Update NoScript to 5.1.8.5
   * Bug 23439: Exempt .onion domains from mixed content warnings
   * Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
   * Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
   * Bug 25973: Backport off-by-one fix (bug 1352073)
   * Bug 25020: Add a tbb_version.json file

Georg Koppen's avatar
Georg Koppen committed
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
Tor Browser 8.0a6 -- April 19 2018
 * All platforms
   * Update Tor to 0.3.3.5-rc
   * Update OpenSSL to 1.0.2o
   * Update Torbutton to 1.9.9.1
     * Bug 25126: Make about:tor layout responsive
     * Translations update
   * Update HTTPS Everywhere to 2018.4.11
   * Update NoScript to 5.1.8.5
   * Bug 21537: Mark .onion cookies as secure
   * Bug 21850: Update about:tbupdate handling for e10s
   * Bug 25721: Backport patches from Mozilla's bug 1448771
 * Linux
   * Bug 20283: Tor Browser should run without a `/proc` filesystem.
 * Windows
   * Bug 13893: Make EMET compatible with Tor Browser
 * Build System
   * Windows
     * Bug 25420: Update GCC to 6.4.0
     * Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
   * Linux
     * Bug 25304: Update GCC to 6.4.0

497
498
499
500
501
502
503
504
505
506
507
508
Tor Browser 8.0a5 -- March 27 2018
 * All platforms
   * Update Firefox to 52.7.3esr
   * Update HTTPS Everywhere to 2018.3.13
   * Bug 23439: Exempt .onion domains from mixed content warnings
 * OS X
   * Update Snowflake
     * Bug 21312+25579+25449: Fix crashes and memory/file descriptor leaks in go-webrtc
 * Linux
   * Update Snowflake
     * Bug 21312+25579+25449: Fix crashes and memory/file descriptor leaks in go-webrtc

Georg Koppen's avatar
Georg Koppen committed
509
510
511
512
513
514
Tor Browser 7.5.3 -- March 26 2018
 * All platforms
   * Update Firefox to 52.7.3esr
   * Update HTTPS Everywhere to 2018.3.13
     * Bug 25339: Adapt build system for Python 3.6 based build procedure

Georg Koppen's avatar
Georg Koppen committed
515
516
517
518
Tor Browser 8.0a4 -- March 17 2018
 * All platforms
   * Update Firefox to 52.7.2esr

519
520
521
522
Tor Browser 7.5.2 -- March 17 2018
 * All platforms
   * Update Firefox to 52.7.2esr

Georg Koppen's avatar
Georg Koppen committed
523
524
525
526
527
528
529
530
531
532
533
534
535
536
Tor Browser 8.0a3 -- March 13 2018
 * All platforms
   * Update Firefox to 52.7.0esr
   * Update Tor to 0.3.3.3-alpha
   * Update Tor Launcher to 0.2.15.1
     * Bug 23136: Moat integration (fetch bridges for the user)
     * Translations update
   * Update HTTPS Everywhere to 2018.2.26
     * Bug 25339: Adapt build system for Python 3.6 based build procedure
   * Bug 25356: Update obfs4proxy to v0.0.7
   * Bug 25147: Sanitize HTML fragments created for chrome-privileged documents
 * Windows
   * Bug 25112: No sandboxing on 64-bit Windows <= Vista

Georg Koppen's avatar
Georg Koppen committed
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
Tor Browser 7.5.1 -- March 13 2018
 * All platforms
   * Update Firefox to 52.7.0esr
   * Update Tor to 0.3.2.10
   * Update Torbutton to 1.9.8.6
     * Bug 24159: Version check does not deal with platform specific checks
     * Bug 25016: Remove 2017 donation banner
     * Translations update
   * Update Tor Launcher to 0.2.14.4
     * Bug 25089: Special characters are not escaped in proxy password
     * Translations update
   * Update NoScript to 5.1.8.4
   * Bug 25356: Update obfs4proxy to v0.0.7
   * Bug 25000: Add [System+Principal] to the NoScript whitelist
 * Windows
   * Bug 25112: Disable sandboxing on 64-bit Windows <= Vista

Georg Koppen's avatar
Georg Koppen committed
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
Tor Browser 8.0a2 -- February 23 2018
 * All Platforms
   * Update Tor to 0.3.3.2-alpha
   * Update Torbutton to 1.9.9
     * Bug 24159: Version check does not deal with platform specific checks
     * Bug 25016: Remove 2017 donation banner
     * Translations update
   * Update Tor Launcher to 0.2.15
     * Bug 25089: Special characters are not escaped in proxy password
     * Translations update
   * Update HTTPS Everywhere to 2018.1.29
   * Update NoScript to 5.1.8.4
   * Update meek to 0.29
   * Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
   * Bug 19910: Rip out optimistic data socks handshake variant (#3875)
   * Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
   * Bug 25000: Add [System+Principal] to the NoScript whitelist
   * Bug 15599: Disable Range requests used by pdfjs as they are not isolated
   * Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
   * Bug 13575: Disable randomised Firefox HTTP cache decay user tests
   * Bug 25020: Add a tbb_version.json file
   * Bug 24995: Include git hash in tor --version
 * OS X
   * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
 * Linux
   * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
 * Windows:
   * Bug 25266: PT config should include full names of executable files
 * Build System
   * Windows
     * Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser

Georg Koppen's avatar
Georg Koppen committed
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
Tor Browser 8.0a1 -- January 23 2018
 * All Platforms
   * Update Firefox to 52.6.0esr
   * Update Tor to 0.3.2.9
   * Update Torbutton to 1.9.8.5
     * Bug 21245: Add da translation to Torbutton and keep track of it
     * Bug 24702: Remove Mozilla text from banner
     * Translations update
   * Update Tor Launcher to 0.2.14.3
     * Translations update
   * Update HTTPS Everywhere to 2018.1.11
   * Bug 24756: Add noisebridge01 obfs4 bridge configuration
   * Bug 23916: Add new MAR signing key
   * Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
 * Windows
   * Bug 24197: Fix win64 sandbox compile issues
 * Build System
   * Windows
     * Bug 18691: switch Windows builds from precise to jessie
   * Linux
     * Bug 23892: Include Firefox and Tor debug files in final build directory
     * Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

Georg Koppen's avatar
Georg Koppen committed
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
Tor Browser 7.5 -- January 23 2018
 * All Platforms
   * Update Firefox to 52.6.0esr
   * Update Tor to 0.3.2.9
   * Update OpenSSL to 1.0.2n
   * Update Torbutton to 1.9.8.5
     * Bug 21847: Update copy for security slider
     * Bug 21245: Add da translation to Torbutton and keep track of it
     * Bug 24702: Remove Mozilla text from banner
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update Tor Launcher to 0.2.14.3
     * Bug 23262: Implement integrated progress bar
     * Bug 23261: implement configuration portion of new Tor Launcher UI
     * Bug 24623: Revise "country that censors Tor" text
     * Bug 24624: tbb-logo.svg may cause network access
     * Bug 23240: Retrieve current bootstrap progress before showing progress bar
     * Bug 24428: Bootstrap error message sometimes lost
     * Bug 22232: Add README on use of bootstrap status messages
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update HTTPS Everywhere to 2018.1.11
   * Update NoScript to 5.1.8.3
   * Bug 23104: CSS line-height reveals the platform Tor Browser is running on
   * Bug 24398: Plugin-container process exhausts memory
   * Bug 22501: Requests via javascript: violate FPI
   * Bug 24756: Add noisebridge01 obfs4 bridge configuration
 * Windows
   * Bug 16010: Enable content sandboxing on Windows
   * Bug 23230: Fix build error on Windows 64
 * OS X
   * Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
   * Bug 23025: Add some hardening flags to macOS build
 * Linux
   * Bug 23970: Make "Print to File" work with sandboxing enabled
   * Bug 23016: "Print to File" is broken on some non-english Linux systems
   * Bug 10089: Set middlemouse.contentLoadURL to false by default
   * Bug 18101: Suppress upload file dialog proxy bypass (linux part)
 * Android
   * Bug 22084: Spoof network information API
 * Build System
   * All Platforms
     * Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
   * Windows
     * Bug 22563: Update mingw-w64 to fix W^X violations
     * Bug 20929: Bump GCC version to 5.4.0
   * Linux
     * Bug 20929: Bump GCC version to 5.4.0
     * Bug 23892: Include Firefox and Tor debug files in final build directory
     * Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

Georg Koppen's avatar
Georg Koppen committed
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
Tor Browser 7.5a10 -- December 19 2017
 * All Platforms
   * Update Tor to 0.3.2.7-rc
   * Update OpenSSL to 1.0.2n
   * Update Torbutton to 1.9.8.4
     * Bug 21847: Update copy for security slider
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update Tor Launcher to 0.2.14.2
     * Bug 24623: Revise "country that censors Tor" text
     * Bug 24428: Bootstrap error message sometimes lost
     * Bug 24624: tbb-logo.svg may cause network access
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update NoScript to 5.1.8.3
   * Bug 23104: CSS line-height reveals the platform Tor Browser is running on
   * Bug 24398: Plugin-container process exhausts memory
 * OS X
   * Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
 * Linux
   * Bug 23970: Make "Print to File" work with sandboxing enabled
   * Bug 23016: "Print to File" is broken on some non-english Linux systems
 * Android
   * Bug 22084: Spoof network information API

685
Tor Browser 7.5a9 -- December 09 2017
Georg Koppen's avatar
Georg Koppen committed
686
 * All Platforms
Georg Koppen's avatar
Georg Koppen committed
687
688
   * Update Firefox to 52.5.2esr
   * Update Tor to 0.3.2.6-alpha
689
   * Update HTTPS-Everywhere to 2017.12.6
Georg Koppen's avatar
Georg Koppen committed
690
   * Update NoScript to 5.1.8.1
Georg Koppen's avatar
Georg Koppen committed
691
692
   * Update sandboxed-tor-browser to 0.0.16

Georg Koppen's avatar
Georg Koppen committed
693
694
695
696
697
698
699
Tor Browser 7.0.11 -- December 09 2017
 * All Platforms
   * Update Firefox to 52.5.2esr
   * Update Tor to 0.3.1.9
   * Update HTTPS-Everywhere to 2017.12.6
   * Update NoScript to 5.1.8.1

Georg Koppen's avatar
Georg Koppen committed
700
Tor Browser 7.5a8 -- November 15 2017
Georg Koppen's avatar
Georg Koppen committed
701
702
703
704
705
706
707
708
 * All Platforms
   * Update Firefox to 52.5.0esr
   * Update Tor to 0.3.2.4-alpha
   * Update Torbutton to 1.9.8.3
     * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
     * Bug 23949: Fix donation banner display
     * Update locales with translated banner
     * Translations update
709
   * Update Tor Launcher to 0.2.14.1
Georg Koppen's avatar
Georg Koppen committed
710
711
712
713
714
715
716
717
718
719
     * Bug 23262: Implement integrated progress bar
     * Bug 23261: implement configuration portion of new Tor Launcher UI
     * Translations update
   * Update HTTPS-Everywhere to 2017.10.30
   * Update NoScript to 5.1.5
     * Bug 23968: NoScript icon jumps to the right after update
   * Update sandboxed-tor-browser to 0.0.15
 * Windows
   * Bug 20636+10026: Create 64bit Tor Browser for Windows
   * Bug 24052: Block file:// redirects early
Georg Koppen's avatar
Georg Koppen committed
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735

Tor Browser 7.0.10 -- November 14 2017
 * All Platforms
   * Update Firefox to 52.5.0esr
   * Update Tor to 0.3.1.8
   * Update Torbutton to 1.9.7.10
     * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
     * Translations update
   * Update HTTPS-Everywhere to 2017.10.30
     * Bug 24178: Use make.sh for building HTTPS-Everywhere
   * Update NoScript to 5.1.5
     * Bug 23968: NoScript icon jumps to the right after update
 * Windows
   * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
   * Bug 23396: Update the msvcr100.dll we ship
   * Bug 24052: Block file:// redirects early
Georg Koppen's avatar
Georg Koppen committed
736

737
738
739
740
741
742
743
Tor Browser 7.5a7 -- November 4 2017
 * OS X
   * Bug 24052: Streamline handling of file:// resources
 * Linux
   * Bug 24052: Streamline handling of file:// resources

Tor Browser 7.0.9 -- November 3 2017
744
745
746
747
748
 * OS X
   * Bug 24052: Streamline handling of file:// resources
 * Linux
   * Bug 24052: Streamline handling of file:// resources

749
750
751
752
753
754
755
Tor Browser 7.0.8 -- October 25 2017
 * All Platforms
   * Update Torbutton to 1.9.7.9
     * Bug 23949: Fix donation banner display
     * Update locales with translated banner
     * Translations update

Georg Koppen's avatar
Georg Koppen committed
756
757
758
759
760
761
762
763
764
765
766
Tor Browser 7.5a6 -- October 19 2017
 * All Platforms
   * Update Firefox to 52.4.1esr
   * Update Tor to 0.3.2.2-alpha
   * Update Torbutton to 1.9.8.2
     * Bug 23887: Update banner locales and Mozilla text
     * Translations update
   * Update HTTPS-Everywhere to 2017.10.4
   * Update NoScript to 5.1.2
     * Bug 23723: Loading entities from NoScript .dtd files is blocked
     * Bug 23724: NoScript update breaks Security Slider and its icon disappears
767
   * Update sandboxed-tor-browser to 0.0.14
Georg Koppen's avatar
Georg Koppen committed
768
769
770
771
772
773
774
   * Bug 23745: Tab crashes when using Tor Browser to access Google Drive
   * Bug 23694: Update the detailsURL in update responses
   * Bug 22501: Requests via javascript: violate FPI
 * OS X
   * Bug 23807: Tab crashes when playing video on High Sierra
   * Bug 23025: Add some hardening flags to macOS build

775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
Tor Browser 7.0.7 -- October 19 2017
 * All Platforms
   * Update Firefox to 52.4.1esr
   * Update Torbutton to 1.9.7.8
     * Bug 23887: Update banner locales and Mozilla text
     * Bug 23526: Add 2017 Donation banner text
     * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
     * Bug 22610: Avoid crashes when canceling external helper app related downloads
     * Bug 22472: Fix FTP downloads when external helper app dialog is shown
     * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
     * Bug 22618: Downloading pdf file via file:/// is stalling
     * Translations update
   * Update HTTPS-Everywhere to 2017.10.4
   * Update NoScript to 5.1.2
     * Bug 23723: Loading entities from NoScript .dtd files is blocked
     * Bug 23724: NoScript update breaks Security Slider and its icon disappears
   * Bug 23745: Tab crashes when using Tor Browser to access Google Drive
   * Bug 22610: Avoid crashes when canceling external helper app related downloads
   * Bug 22472: Fix FTP downloads when external helper app dialog is shown
   * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
   * Bug 22618: Downloading pdf file via file:/// is stalling
   * Bug 23694: Update the detailsURL in update responses
 * OS X
   * Bug 23807: Tab crashes when playing video on High Sierra
 * Linux
   * Bug 22692: Enable content sandboxing on Linux

802
Tor Browser 7.5a5 -- September 28 2017
Georg Koppen's avatar
Georg Koppen committed
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
 * All Platforms
   * Update Firefox to 52.4.0esr
   * Update Tor to 0.3.2.1-alpha
   * Update Torbutton to 1.9.8.1
     * Bug 20375: Warn users after entering fullscreen mode
     * Bug 22989: Fix dimensions of new windows on macOS
     * Bug 23526: Add 2017 Donation banner text
     * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
     * Translations update
   * Update Tor Launcher to 0.2.13
     * Bug 23240: Retrieve current bootstrap progress before showing progress bar
     * Bug 22232: Add README on use of bootstrap status messages
     * Translations update
   * Update HTTPS-Everywhere to 2017.9.12
   * Update NoScript to 5.0.10
   * Update sandboxed-tor-browser to 0.0.13
   * Bug 23393: Don't crash all tabs when closing one tab
   * Bug 23166: Add new obfs4 bridge to the built-in ones
   * Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
   * Bug 21270: NoScript settings break WebExtensions add-ons
   * Bug 23104: CSS line-height reveals the platform Tor Browser is running on
 * Windows
   * Bug 16010: Enable content sandboxing on Windows
   * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
   * Bug 23396: Update the msvcr100.dll we ship
   * Bug 23230: Fix build error on Windows 64
 * OS X
   * Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
 * Linux
   * Bug 10089: Set middlemouse.contentLoadURL to false by default
   * Bug 22692: Enable content sandboxing on Linux
   * Bug 18101: Suppress upload file dialog proxy bypass (linux part)
 * Build System
   * All Platforms
     * Switch from gitian/tor-browser-bundle to rbm/tor-browser-build

839
840
841
842
843
844
845
846
847
848
849
850
851
852
Tor Browser 7.0.6 -- September 28 2017
 * All Platforms
   * Update Firefox to 52.4.0esr
   * Update Tor to 0.3.1.7
   * Update Torbutton to 1.9.7.7
     * Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
     * Bug 20375: Warn users after entering fullscreen mode
   * Update HTTPS-Everywhere to 2017.9.12
   * Update NoScript to 5.0.10
   * Bug 21830: Copying large text from web console leaks to /tmp
   * Bug 23393: Don't crash all tabs when closing one tab
 * OS X
   * Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist

Georg Koppen's avatar
Georg Koppen committed
853
854
855
856
857
858
859
860
861
862
863
Tor Browser 7.0.5 -- September 4 2017
 * All Platforms
   * Update Torbutton to 1.9.7.6
     * Bug 22989: Fix dimensions of new windows on macOS
     * Translations update
   * Update HTTPS-Everywhere to 2017.8.31
   * Update NoScript to 5.0.9
   * Bug 23166: Add new obfs4 bridge to the built-in ones
   * Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
   * Bug 21270: NoScript settings break WebExtensions add-ons

boklm's avatar
boklm committed
864
865
866
867
868
869
870
871
872
873
874
875
Tor Browser 7.5a4 -- August 9 2017
 * All Platforms
   * Update Firefox to 52.3.0esr
   * Update Tor to 0.3.1.5-alpha
   * Update OpenSSL to 1.0.2l
   * Update Torbutton to 1.9.8
     * Bug 22610: Avoid crashes when canceling external helper app related downloads
     * Bug 22472: Fix FTP downloads when external helper app dialog is shown
     * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
     * Bug 22618: Downloading pdf file via file:/// is stalling
     * Bug 22542: Resize slider window to work without scrollbars
     * Bug 21999: Fix display of language prompt in non-en-US locales
Georg Koppen's avatar
Georg Koppen committed
876
     * Bug 18913: Don't let about:tor have chrome privileges
boklm's avatar
boklm committed
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
     * Bug 22535: Search on about:tor discards search query
     * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
     * Code clean-up
     * Translations update
   * Update Tor Launcher to 0.2.12.3
     * Bug 22592: Default bridge settings are not removed
     * Translations update
   * Update HTTPS-Everywhere to 5.2.21
   * Update NoScript to 5.0.8.1
     * Bug 22362: Remove workaround for XSS related browser freezing
     * Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
   * Update sandboxed-tor-browser to 0.0.12
   * Bug 22610: Avoid crashes when canceling external helper app related downloads
   * Bug 22472: Fix FTP downloads when external helper app dialog is shown
   * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
   * Bug 22618: Downloading pdf file via file:/// is stalling
   * Bug 21321: Exempt .onions from HTTP related security warnings
   * Bug 21830: Copying large text from web console leaks to /tmp
   * Bug 22073: Disable GetAddons option on addons page
   * Bug 22884: Fix broken about:tor page on higher security levels
   * Bug 22829: Remove default obfs4 bridge riemann.
 * Windows
   * Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
 * OS X
   * Bug 22831: Enable Snowflake for mac
 * Linux
   * Bug 22832: Don't include monthly timestamp in libwebrtc build output
   * Bug 20848: Deploy Selfrando in 32bit Linux builds
 * Build system
   * Windows
     * Bug 22563: Update mingw-w64 to fix W^X violations
     * Bug 20929: Bump GCC version to 5.4.0
   * Linux
     * Bug 20929: Bump GCC version to 5.4.0

912
913
914
915
916
917
Tor Browser 7.0.4 -- August 8 2017
 * All Platforms
   * Update Firefox to 52.3.0esr
   * Update Tor to 0.3.0.10
   * Update Torbutton to 1.9.7.5
     * Bug 21999: Fix display of language prompt in non-en-US locales
Georg Koppen's avatar
Georg Koppen committed
918
     * Bug 18913: Don't let about:tor have chrome privileges
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
     * Bug 22535: Search on about:tor discards search query
     * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
     * Code clean-up
     * Translations update
   * Update Tor Launcher to 0.2.12.3
     * Bug 22592: Default bridge settings are not removed
     * Translations update
   * Update HTTPS-Everywhere to 5.2.21
   * Update NoScript to 5.0.8.1
     * Bug 22362: Remove workaround for XSS related browser freezing
     * Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
   * Bug 21321: Exempt .onions from HTTP related security warnings
   * Bug 22073: Disable GetAddons option on addons page
   * Bug 22884: Fix broken about:tor page on higher security levels
 * Windows
   * Bug 22829: Remove default obfs4 bridge riemann.
   * Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
 * OS X
   * Bug 22829: Remove default obfs4 bridge riemann.

boklm's avatar
boklm committed
939
940
941
942
943
944
945
946
947
Tor Browser 7.5a3 -- July 28 2017
 * Linux
   * Bug 23044: Don't allow GIO supported protocols by default

Tor Browser 7.0.3 -- July 27 2017
 * Linux
   * Bug 23044: Don't allow GIO supported protocols by default
   * Bug 22829: Remove default obfs4 bridge riemann.

boklm's avatar
boklm committed
948
949
950
951
952
953
954
955
956
957
958
959
Tor Browser 7.5a2 -- July 6 2017
 * All Platforms
   * Update Tor to 0.3.1.4-alpha
   * Update HTTPS-Everywhere to 5.2.19
 * Linux
   * Update sandboxed-tor-browser to 0.0.9

Tor Browser 7.0.2 -- July 3 2017
 * All Platforms
   * Update Tor to 0.3.0.9, fixing bug #22753
   * Update HTTPS-Everywhere to 5.2.19

960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Tor Browser 7.5a1 -- June 14 2017
 * All Platforms
   * Update Firefox to 52.2.0esr
   * Update Tor to 0.3.1.3-alpha
   * Update Torbutton to 1.9.7.4
     * Bug 22542: Security Settings window too small on macOS 10.12
     * Bug 22104: Adjust our content policy whitelist for ff52-esr
     * Bug 22457: Allow resources loaded by view-source://
     * Bug 21627: Ignore HTTP 304 responses when checking redirects
     * Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
     * Translations update
   * Update Tor Launcher to 0.2.12.2
     * Bug 22283: Linux 7.0a4 is broken after update due to unix: lines in torrc
     * Translations update
   * Update HTTPS-Everywhere to 5.2.18
   * Update NoScript to 5.0.5
   * Update sandboxed-tor-browser to 0.0.7
   * Bug 22362: NoScript's XSS filter freezes the browser
   * Bug 21766: Fix crash when the external application helper dialog is invoked
   * Bug 21886: Download is stalled in non-e10s mode
   * Bug 22333: Disable WebGL2 API for now
   * Bug 21861: Disable additional mDNS code to avoid proxy bypasses
   * Bug 21684: Don't expose navigator.AddonManager to content
   * Bug 21431: Clean-up system extensions shipped in Firefox 52
   * Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
   * Bug 16285: Don't ship ClearKey EME system and update EME preferences
   * Bug 21972: about:support is partially broken
   * Bug 21323: Enable Mixed Content Blocking
   * Bug 22415: Fix format error in our pipeline patch
   * Bug 21862: Rip out potentially unsafe Rust code
   * Bug 16485: Improve about:cache page
   * Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
   * Bug 22458: Fix broken `about:cache` page on higher security levels
   * Bug 18531: Uncaught exception when opening ip-check.info
   * Bug 18574: Uncaught exception when clicking items in Library
   * Bug 22327: Isolate Page Info media previews to first party domain
   * Bug 22452: Isolate tab list menuitem favicons to first party domain
   * Bug 15555: View-source requests are not isolated by first party domain
   * Bug 5293: Neuter fingerprinting with Battery API
   * Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
   * Bug 22468: Add default obfs4 bridges frosty and dragon
For faster browsing, not all history is shown. View entire blame