CHANGELOG 45.3 KB
Newer Older
Georg Koppen's avatar
Georg Koppen committed
1
2
3
1.9.6.9
 * Bug 20947: Donation banner improvements

4
5
6
1.9.5.13
 * Bug 20947: Donation banner improvements

7
8
9
10
11
12
13
14
15
16
17
1.9.6.8
 * Bug 16622: Timezone spoofing moved to tor-browser.git
 * Bug 20701: Allow the directory listing stylesheet in the content policy
 * Bug 20556: Use pt-BR strings from now on
 * Bug 20614: Add links to Tor Browser User Manual
 * Bug 20414: Fix non-rendering arrow on OS X
 * Bug 20728: Fix bad preferences.xul dimensions
 * Bug 20318: Remove helpdesk link from about:tor
 * Bug 20753: Remove obsolete StartPage locale strings
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
18
1.9.6.7
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 * Bug 20414: Add donation banner on about:tor for 2016 campaign
 * Bug 20111: use Unix domain sockets for SOCKS port by default
 * Bug 19459: Move resizing code to tor-browser.git
 * Bug 20264: Change security slider to 3 options
 * Bug 20347: Enhance security slider's custom mode
 * Bug 20123: Disable remote jar on all security levels
 * Bug 20244: Move privacy checkboxes to about:preferences#privacy
 * Bug 17546: Add tooltips to explain our privacy checkboxes
 * Bug 17904: Allow security settings dialog to resize
 * Bug 18093: Remove 'Restore Defaults' button
 * Bug 20373: Prevent redundant dialogs opening
 * Bug 20388+20399+20394: Code clean-up
 * Translation updates

33
34
35
36
1.9.5.12
 * Bug 20414: Add donation banner on about:tor for 2016 campaign
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
37
1.9.6.4
38
39
40
 * Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
 * Bug 17767: Make "JavaScript disabled" more visible in Security Slider

41
42
43
44
45
46
47
1.9.6.2
 * Bug 18589: Clear site security settings during New Identity
 * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
 * Bug 19837: Whitelist internal URLs that Firefox requires for media
 * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
 * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
 * Bug 14271: Make Torbutton work with Unix Domain Socket option
48
 * Translation updates
49

50
51
52
53
1.9.5.7
 * Bug 18589: Clear site security settings during New Identity
 * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times

Mike Perry's avatar
Mike Perry committed
54
55
56
57
58
59
60
1.9.6.1
 * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
 * Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
 * Bug 19689: Plugin usage prompt is parented to wrong window
 * Bug 19273: Improve external app launch handling and associated warnings
 * Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy

61
62
63
64
65
66
67
1.9.5.6
 * Bug 19417: Disable asmjs for now
 * Bug 19689: Use proper parent windows for plugin prompt

1.9.5.5
 * Bug 19417: Clear asmjscache

Georg Koppen's avatar
Georg Koppen committed
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
1.9.6
 * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
 * Bug 18905: Hide unusable items from help menu
 * Bug 17599: Provide shortcuts for New Identity and New Circuit
 * Bug 18980: Remove obsolete toolbar button code
 * Bug 18238: Remove unused Torbutton code and strings
 * Translation updates
 * Code clean-up

1.9.5.4
 * Bug 18466: Make Torbutton compatible with Firefox ESR 45
 * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
 * Bug 18905: Hide unusable items from help menu
 * Bug 16017: Allow users to more easily set a non-tor SSH proxy
 * Bug 17599: Provide shortcuts for New Identity and New Circuit
 * Bug 18980: Remove obsolete toolbar button code
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates
 * Code clean-up

88
89
90
91
1.9.5.3
 * Bug 18466: Make Torbutton compatible with Firefox ESR 45
 * Translation updates

92
93
94
1.9.5.2
 * Bug 18557: Exempt Graphite preference from Security Slider

Georg Koppen's avatar
Georg Koppen committed
95
96
97
1.9.4.5
 * Bug 18557: Exempt Graphite preference from Security Slider

98
99
100
101
102
103
104
1.9.5.1
 * Bug 16990: Don't mishandle multiline commands
 * Bug 18144: about:tor update arrow position is wrong
 * Bug 16725: Allow resizing with non-default homepage
 * Bug 16017: Allow users to more easily set a non-tor SSH proxy
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
105
106
107
108
109
110
1.9.4.4
 * Bug 16990: Don't mishandle multiline commands
 * Bug 18144: about:tor update arrow position is wrong
 * Bug 16725: Allow resizing with non-default homepage
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
111
112
113
114
115
116
117
118
119
120
121
1.9.5
 * Bug 16990: Show circuit display for connections using multi-party channels
 * Bug 18019: Avoid empty prompt shown after non-en-US update
 * Bug 18004: Remove Tor fundraising donation banner
 * Code cleanup
 * Translation updates

1.9.4.3
 * Bug 16990: Show circuit display for connections using multi-party channels
 * Bug 18019: Avoid empty prompt shown after non-en-US update
 * Bug 18004: Remove Tor fundraising donation banner
122
123
124
125
126
 * Bug 16940: After update, load local change notes
 * Bug 17108: Polish about:tor appearance
 * Bug 17568: Clean up tor-control-port.js
 * Bug 16620: Move window.name handling into a Firefox patch
 * Bug 17351: Code cleanup
Georg Koppen's avatar
Georg Koppen committed
127
128
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
129
130
131
132
133
134
135
136
137
138
1.9.4.2
 * Bug 16940: After update, load local change notes
 * Bug 16990: Avoid matching '250 ' to the end of node name
 * Bug 17108: Polish about:tor appearance
 * Bug 17565: Tor fundraising campaign donation banner
 * Bug 17568: Clean up tor-control-port.js
 * Bug 17770: Fix alignments on donation banner
 * Bug 17792: Include donation banner in some non en-US Tor Browsers
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
139
1.9.4.1
Georg Koppen's avatar
Georg Koppen committed
140
 * Bug 9623: Spoof Referer when leaving a .onion domain
Georg Koppen's avatar
Georg Koppen committed
141
142
143
144
145
 * Bug 16620: Move window.name handling into a Firefox patch
 * Bug 17164: Don't show text-select cursor on circuit display
 * Bug 17351: Remove unused code
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
146
147
148
149
150
151
152
153
1.9.4
 * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
 * Bug 16735: about:tor should accommodate different fonts/font sizes
 * Bug 16887: Update intl.accept_languages value
 * Bug 15493: Update circuit display on new circuit info
 * Bug 16797: brandShorterName is missing from brand.properties
 * Translation updates

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
1.9.3.7
 * Bug 16990: Avoid matching '250 ' to the end of node name
 * Bug 17565: Tor fundraising campaign donation banner
 * Bug 17770: Fix alignments on donation banner
 * Bug 17792: Include donation banner in some non en-US Tor Browsers
 * Translation updates

1.9.3.5
 * Bug 9623: Spoof Referer when leaving a .onion domain
 * Bug 16735: about:tor should accommodate different fonts/font sizes
 * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
 * Bug 17164: Don't show text-select cursor on circuit display
 * Bug 17351: Remove unused code
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
169
170
171
172
173
174
175
1.9.3.4
 * Bug 16887: Update intl.accept_languages value
 * Bug 15493: Update circuit display on new circuit info
 * Bug 16797: brandShorterName is missing from brand.properties
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
176
177
178
179
180
181
182
183
184
185
186
1.9.3.3
 * Bug 14429: Make sure the automatic resizing is enabled

1.9.3.2
 * Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
 * Bug 16730: Reset NoScript whitelist on upgrade
 * Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
 * Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

187
188
189
190
191
192
1.9.3.1
 * Bug 16268: Show Tor Browser logo on About page
 * Bug 16639: Check for Updates menu item can cause update failure
 * Bug 15781: Remove the sessionstore filter
 * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref

193
194
195
196
197
1.9.3.0
 * Bug 16427: Use internal update URL
 * Bug 16200: Update Cache API usage and prefs for FF38
 * Bug 16357: Use Mozilla API to wipe permissions db

198
199
200
201
202
1.9.2.8
 * Bug 16403: Set search parameters for Disconnect
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
203
204
205
1.9.2.7
 * Bug 14429: Make sure the automatic resizing is enabled

Georg Koppen's avatar
Georg Koppen committed
206
207
208
209
210
1.9.2.6
 * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

211
212
213
1.9.2.5
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
214
215
216
1.9.2.4
 * Bug 14429: Improved automatic window resizing

217
218
219
220
221
1.9.2.3:
 * Bug 15837: Show descriptions if unchecking custom mode
 * Bug 15927: Force update of the NoScript UI when changing security level
 * Bug 15915: Hide circuit display if it is disabled.

222
223
224
1.9.2.2:
 * Bug 15795: Some security slider prefs do not trigger custom checkbox

Mike Perry's avatar
Mike Perry committed
225
226
227
1.9.2.1:
 * Bug 14429: Disable window resizing for now.

228
229
230
231
232
233
234
1.9.2.0:
 * Bug 15562: Bind SharedWorkers to thirdparty pref
 * Bug 15533: Restore default security level when restoring defaults
 * Bug 15510: Close Tor Circuit UI control port connections on New Identity
 * Bug 15472: Make node text black in circuit status UI.
 * Bug 15502: Wipe blob URIs on New Identity

235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
1.9.1.0:
 * Bug 9387: "Security Slider 1.0"
   * Include descriptions and tooltip hints for security levels
   * Notify users that the security slider exists
   * Flip slider so that "low" is on the bottom
   * Make use of new SVG and MathML prefs
 * Bug 13766: Set a 10 minute circuit lifespan for non-content requests
 * Bug 15460: Ensure FTP urls use content-window circuit isolation
 * Bug 13650: Clip initial window height to 1000px
 * Bug 14429: Ensure windows can only be resized to 200x100px multiples
 * Bug 15334: Display Cookie Protections menu if disk records are enabled
 * Bug 14324: Show HS circuit in Tor circuit display
 * Bug 15086: Handle RTL text in Tor circuit display
 * Bug 15085: Fix about:tor RTL text alignment problems
 * Bug 10216: Add a pref to disable the local tor control port test
 * Bug 14937: Show meek and flashproxy bridges in tor circuit display
 * Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
 * Bug 13019: Change locale hiding pref to boolean
Georg Koppen's avatar
Georg Koppen committed
253
254
 * Bug 7255: Warn users about maximizing windows
 * Bug 14631: Improve profile access error msgs (strings).
255

256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
1.9.0.0
 * Bug 13882: Fix display of bridges after bridge settings have been changed
 * Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
 * Bug 10280: Strings and pref for preventing plugin initialization.
 * Bug 14866: Show correct circuit when more than one exists for a given domain
 * Bug 9442: Add New Circuit button to Torbutton menu
 * Bug 9906: Warn users before closing all windows and performing new identity.
 * Bug 8400: Prompt for restart if disk records are enabled/disabled.
 * Bug 14630: Hide Torbutton's proxy settings tab.
 * Bug 14632: Disable Cookie Manager until we get it working.
 * Bug 11175: Remove "About Torbutton" from onion menu.
 * Bug 13900: Remove SafeCache code.
 * Bug 14490: Use Disconnect search in about:tor search box
 * Bug 14392: Don't steal input focus in about:tor search box
 * Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
 * Bug 13406: Stop directing users to download-easy.html.en on update
 * Bug 9387: Handle "custom" mode better in Security Slider
 * Bug 12430: Bind jar: pref to Security Slider
Mike Perry's avatar
Mike Perry committed
274
 * Bug 14448: Restore Torbutton menu operation on non-English localizations
275

276
277
278
279
280
281
282
283
284
285
286
1.8.1.3
 * Bug 13998: Handle changes in NoScript 2.6.9.8+
 * Bug 14100: Option to hide NetworkSettings menuitem
 * Bug 13079: Option to skip control port verification
 * Bug 13835: Option to change default Tor Browser homepage
 * Bug 11449: Fix new identity error if NoScript is not enabled
 * Bug 13881: Localize strings for tor circuit display
 * Bug 9387: Incorporate user feedback
 * Bug 13671: Fixup for circuit display if bridges are used
 * Translation updates

287
288
289
290
291
292
293
294
295
1.8.1.2
 * Bug 13672: Make circuit display optional
 * Bug 13671: Make bridges visible on circuit display
 * Bug 9387: Incorporate user feedback
 * Bug 13784: Remove third party authentication tokens

1.8.1.1
 * Bug 13751: Remove remaining SafeCache code.

296
297
298
299
1.8.1.0
 * Bug 13746: Properly link Torbutton UI to thirdparty pref.
 * Bug 13742: Remove SafeCache code (in favor of C++ implementation)

300
301
302
1.8.0.3
 * misc: Translation imports for security slider

303
304
305
1.8.0.2
 * Bug 13666: Various fixes for circuit status display

306
307
308
1.8.0.1
 * Bug 13651: Fix hangs associated with circuit status UI from #8641.

309
310
311
312
313
314
1.8.0.0
 * Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
 * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
 * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs

315
316
317
318
1.7.0.2
 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
 * Bug 13746: Properly link Torbutton UI to thirdparty pref.

319
320
321
1.7.0.1
 * Bug 13378: Prevent addon reordering in toolbars on first-run.

322
1.7.0.0
323
 9 Oct 2014
324
325
 * Bug 10751: Adapt Torbutton to ESR31's Australis UI.
 * Bug 13138: ESR31-about:tor shows "Tor is not working"
Mike Perry's avatar
Mike Perry committed
326
 * Bug 12947: Adapt session storage blocker to ESR 31.
Mike Perry's avatar
Mike Perry committed
327
 * Bug 10716: Take care of drag/drop events in ESR 31.
328
 * Bug 13366: Fix cert exemption dialog when disk storage is enabled.
329

330
331
332
333
1.6.12.3
 23 Sep 2014
 * Bug 10804: Workaround for some TBB startup hangs

334
335
336
337
1.6.12.2
 22 Sep 2014
 * Bug 13091: Use "Tor Browser" everywhere

338
339
340
341
342
1.6.12.1
 1 Sep 2014
 * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file.
 * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org.

Mike Perry's avatar
Mike Perry committed
343
344
345
346
1.6.12.0
 4 Aug 2014
 * Bug 9531: Workaround to avoid rare hangs during New Identity

347
348
349
350
351
1.6.11.1
 24 Jul 2014
 * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
 * Bug 12680: Fix Torbutton about url.

352
353
354
355
356
1.6.11.0
 27 Jun 2014
 * Bug 10819: Bind new third party isolation pref to Torbutton security UI
 * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.

357
1.6.10.1
358
 26 Jun 2014
359
360
 * Bug #12221: Remove obsolete Javascript components from the toggle era

361
362
363
364
365
366
367
1.6.10.0
 5 Jun 2014
 * Bug 11510: about:tor should not report success if tor proxy is unreachable
 * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
 * Bug 11722: Add hidden pref to force remote Tor check
 * Bug 11763: Fix pref dialog double-click race that caused settings to be reset

368
369
370
371
372
1.6.9.0:
 25 Apr 2014
 * Bug 7439: Improve download warning dialog text.
 * Bug 11384: Completely remove hidden toggle menu item.

373
374
375
376
377
378
1.6.8.0:
 7 Apr 2014:
 * Bug 9010: Add Turkish to update locales.
 * Bug 11242: Fix improper "update needed" message after in-place upgrade.
 * Bug 10398: Ease translation of about:tor page elements

379
380
381
382
383
1.6.7.0:
 7 Mar 2014:
 * Bug 9901: Fix browser freeze due to content type sniffing
 * Bug 10611: Add Swedish (sv) to extra locales to update

384
385
1.6.6.0:
 3 Feb 2014
386
387
 * Bug 10800: Prevent exception in New Identity
 * Bug 10640: Fix about:tor's pointer position for RTL languages.
388
389
390
 * Bug 10095: Make inner window a multiple of 200x100
 * Bug 10285: Clear permissions on New Identity
 * Bug 9738: Fix for auto-maximizing on browser start
391
392
393
394
 * Bug 10682: Workaround to really disable updates for Torbutton.
 * Bug 10419: Don't allow connections to localhost
 * Bug 10140: Move Japanese to extra locales
 * Bug 10687: Add Basque (eu) to extra locales
395

Mike Perry's avatar
Mike Perry committed
396
397
398
399
1.6.5.5:
 20 Jan 2014
 * Bug 9486: Properly clear NoScript Temporary Permissions

400
401
402
403
1.6.5.4:
 14 Jan 2014
 * Bug 10537: Include Arabic locale in Torbutton.

404
405
406
407
1.6.5.3:
 23 Dec 2013
 * Bug 9486: Clear NoScript Temporary Permissions on New Identity 

408
409
410
411
1.6.5.2:
 17 Dec 2013
 * Misc: Change the default update download link back to download-easy

412
413
414
415
1.6.5.1:
 10 Dec 2013
 * Bug 10352: Clear FF24 Private Browsing Mode data during New Identity

416
417
418
419
420
421
422
1.6.5:
 9 Dec 2013
 * Bug 8167: Update cache isolation to use getFirstPartyURIFromChannel() for FF24
 * Bug 10201: FF ESR 24 hangs during exit on Mac OS.
 * Bug 10078: Properly clear crypto tokens during New Identity on FF24
 * Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24

423
424
425
426
1.6.4.1:
 15 Nov 2013
 * Bug 10002: Make the TBB3.0 blog tag our update download url for now.

Mike Perry's avatar
Mike Perry committed
427
428
429
430
1.6.4:
 29 Oct 2013
 * Bug 9144: Workaround for missing translation properties

431
432
433
434
435
1.6.3:
 11 Oct 2013:
 * Bug 9224: Support multiple Tor socks ports for about:tor status check
 * Bug 9587: Add TBB version number to about:tor

436
437
438
439
1.6.2.1:
 23 Sep 2013:
 * Bug 8839: Switch about:tor search link to unfiltered startpage link

440
441
442
443
444
1.6.2:
 18 Sep 2013
 * bug 9492: Fix Torbutton logo on OSX and Windows (and related
             initialization code)

445
1.6.1:
Mike Perry's avatar
Mike Perry committed
446
 01 Aug 2013
447
448
449
450
 * bug 8478: Change when window resizing code fires to avoid rounding errors
 * bug 9331: Hack an update URL for the next TBB release
 * bug 9144: Change an aboutTor.dtd string to something transifex might accept

451
452
453
454
455
456
457
458
459
1.6.0:
 05 Jun 2013
  * bug 7494: Create a local home page for TBB as about:tor
  * misc: Perform a control port test of proper Tor configuration by default.
          Only use check.torproject.org if the control port is unavailable.
  * misc: Add an icon menu option for Tor Launcher's Network Settings
  * misc: Add branding string overrides (primarily controls browser name and
          homepage)

460
461
462
463
464
465
466
1.5.2:
 22 Apr 2013
  * bug 8457: Allow session restore if the user allows disk actvity
  * bug 8301: Remove the Display Settings panel and associated locales
  * bug 6566: Fix "Transparent Torification" option.
  * bug 8642: Fix a hang on New Identity.

467
1.5.1:
468
 07 Mar 2013
469
  * bug 8324: Fix Drag+Drop crash by using a new TBB drag observer
470
471
472
473
474
475
476
477
  * bug 6202: Fix XML/E4X errors with Cookie Protections
  * bug 8423: Don't clear cookies at shutdown if user wants disk history
  * bug 8382: Leave IndexedDB and Offline Storage disabled.
  * bug 8422: Clear DOM localStorage on New Identity.
  * bug 8335: Don't strip "third party" HTTP auth from favicons
  * bug 5183: Localize the "Spoof english" button strings
  * bug 8313: Ask user for confirmation before enabling plugins
  * misc: Emit private browsing session clearing event on "New Identity"
478

479
480
1.5.0
 18 Feb 2013
481
  * bug 5279: Remove old toggle observers and related code
Mike Perry's avatar
Mike Perry committed
482
  * bug 3100: Simplify Security Preference UI and associated pref updates
483
  * bug 1305: Eliminate redundancy in our Flash/plugin disabling code
Mike Perry's avatar
Mike Perry committed
484
485
  * bug 3944: Leave most preferences under Tor Browser's control 
  * bug 7974: Disable toggle-on-startup and crash detection logic
486
  * bug 5279: Disable/remove toggle-mode code and related observers
Mike Perry's avatar
Mike Perry committed
487
  * bug 6431: Add menu hint to Torbutton icon
Mike Perry's avatar
Mike Perry committed
488
  * bug 7495: Make Torbutton icon flash a warning symbol if TBB is out of date
Mike Perry's avatar
Mike Perry committed
489
  * bug 6096: Perform version check every time there's a new tab.
Mike Perry's avatar
Mike Perry committed
490
  * bug 6156: Rate limit version check queries to once every 1.5hrs max.
491
  * misc: Allow WebGL and DOM storage.
Mike Perry's avatar
Mike Perry committed
492
493
  * misc: Disable independent Torbutton updates
  * misc: Change the recommended SOCKSPort to 9150 (to match TBB)
494

Mike Perry's avatar
Mike Perry committed
495
496
497
498
1.4.6.3
 9 Oct 2012
  * bug 5856: Disable JS hooks to make way for direct Firefox patch

Mike Perry's avatar
Mike Perry committed
499
500
501
502
503
1.4.6.2
 12 Sep 2012
  * bug 6803: Set proxy settings earlier to fix broken homepage load on FF15
  * bug 6254: Support transparent Tor mode through TOR_TRANSPROXY=1 env var.

Mike Perry's avatar
Mike Perry committed
504
505
506
507
1.4.6.1
 30 Aug 2012
  * Bug 6737: Disable window.screen hooks for FF15+ (fixes exception alert)

Mike Perry's avatar
Mike Perry committed
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
1.4.6
 30 May 2012
  * Bug 5710: Prevent all sessionstore data saving in TBB
  * Bug 5715: Explicitly clear image cache on TBB New Identity
  * Bug 4660: Clear search and find boxes on TBB New Identity
  * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  * Bug 4718: Make TBB version check happen on New Window+New Identity
  * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  * Bug 3838: Inform Torbutton users about TBB
  * Bug 5092: Sign Torbutton Updates
  * Bugs 5673+5732: Change captcha redirect to startpage.com
  * Bug 3845: Bump Firefox user agent to 10.0-ESR

Mike Perry's avatar
Mike Perry committed
523
524
525
526
1.4.5.1
  17 Dec 2011
  * bug 4722: Fix ability to drag tabs on Windows (due to #4517)

Mike Perry's avatar
Mike Perry committed
527
528
529
530
531
532
533
534
535
536
1.4.5
  14 Dec 2011
  * bug 4517: Disable external drag and drop (prevents proxy bypass)
  * bug 4099: Disable TLS session tickets to prevent linkability
  * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  * bug 4611: Notify user if "New Identity" fails
  * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  * misc: Perform versioncheck at startup regardless of session restore status

Mike Perry's avatar
Mike Perry committed
537
538
539
540
1.4.4.1
  11 Oct 2011
  * misc: Fix a homepage load error on Windows TBB first-run

Mike Perry's avatar
Mike Perry committed
541
542
543
544
545
546
547
548
549
550
1.4.4
  9 Oct 2011
  * bug 4197: Allow Torbutton formfill blocking to be disabled
  * bug 4058: Fix yet more issues with links opening in new tabs
  * bug 4161: Make TBB version check work w/ SocksPort auto builds
  * bug 3686: Fix loading of localized homepage on Debian
  * bug 4016: Resize window on "New Identity"
  * bug 3928: Implement CookieAuthFile password reading
  * misc: Fix scoping issue for some stream variables

551
552
553
554
555
556
557
1.4.3
  9 Sep 2011
  * bug 3933: Don't touch app.update.auto in TBB
  * bug 3960: Don't disable zoom.siteSpecific on TBB
  * bug 3928: Fix auto-scroll on twitter
  * bug 3649: Make permissions and disk errors human-readable

Mike Perry's avatar
Mike Perry committed
558
559
560
561
562
563
1.4.2
  3 Sep 2011
  * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)

Mike Perry's avatar
Mike Perry committed
564
565
566
567
568
569
570
571
572
573
574
575
1.4.1
  28 Aug 2011
  * bug 523: Implement New Identity (for TBB only)
  * bug 3580: Fix hotmail/live breakage (TBB only)
  * bug 3748: Disable 3rd party HTTP auth
  * bug 3665: Fix several corner cases SafeCache isolation
  * bug 3739: Fix https->http CORS failure for SafeCache
  * bug 3414: Isolate window.name based on referrer policy
  * bug 3809: Disable referer spoofing (fixes navigation issues)
  * bug 3819: Fix API issue with cookie protections
  * bug 3820: Fix warning w/ session store filter

Mike Perry's avatar
Mike Perry committed
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
1.4.0
  30 Jun 2011
  * bug 3101: Disable WebGL. Too many unknowns for now.
  * bug 3345: Make Google Captcha redirect work again.
  * bug 3399: Fix a reversed exception check found by arno.
  * bug 3177: Update torbutton to use new TorBrowser prefs.
  * bug 2843: Update proxy preferences window to support env var.
  * bug 2338: Force toggle at startup if tor is enabled
  * bug 3554: Make Cookie protections obey disk settings
  * bug 3441: Enable cookie protection UI by default.
  * bug 3446: We're Firefox 5.0, we swear.
  * bug #3506: Remove window resize event listener.
  * bug #1282: Set fixed window size for each new window.
  * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  * bug #2361: Make about window work again on FF4+.
Mike Perry's avatar
Mike Perry committed
591
  * bug #3436: T(A)ILS was renamed to Tails.
Mike Perry's avatar
Mike Perry committed
592
593
594
595
596
  * bugfix: Fix a transparent context menu issue on Linux FF4+.
  * misc: Squelch exception from app launcher in error console.
  * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  * misc: Make it harder to accidentally toggle torbutton.

Mike Perry's avatar
Mike Perry committed
597
1.3.3-alpha
598
  01 May 2011
Mike Perry's avatar
Mike Perry committed
599
600
601
602
  * bug 2777: Clear OCSP cache on tor toggle
  * bug 2832: Update spoofed user agent to Firefox 4.0
  * bug 2838: Make cookie protections dialog work
  * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
603
  * bug 3042: Fix version compatibility issue with FF4.0.1+
Mike Perry's avatar
Mike Perry committed
604

Mike Perry's avatar
Mike Perry committed
605
1.3.2-alpha
606
  21 Mar 2011
Mike Perry's avatar
Mike Perry committed
607
608
609
610
611
612
613
614
615
616
617
618
  * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  * bug 1999: Disable tor:// urls by default
  * bug 1968: Reset window.name on tor toggle
  * bug 2148: Make refspoofing more uniform
  * bug 2359: Fix XHTML DTD errors on FF4
  * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  * bug 2458: Opt out of Firefox addon usage pings
  * bug 2377: Limit the Google captcha cookies copied between google TLDs
  * bug 2491: Clean up checks for when to jar protected cookies
  * bug 1110: Add popup to ask if we should spoof English Accept: headers
  * misc: Remove a noisy FF2 nsICookieManager2 fallback check.

Mike Perry's avatar
Mike Perry committed
619
1.3.1-alpha
620
  03 Jan 2011
621
622
623
  * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
Mike Perry's avatar
Mike Perry committed
624
625
  * bugfix: Fix some incorrect log lines in RefSpoofer
  * new: Support Firefox 4.0 (many changes)
626
  * new: Place button in the nav-bar (FF4 killed the status-bar)
Mike Perry's avatar
Mike Perry committed
627
  * misc: No longer reimplement the session store, use new APIs instead
Mike Perry's avatar
Mike Perry committed
628
  * misc: Simplify crash detection and startup mode settings
Mike Perry's avatar
Mike Perry committed
629

Mike Perry's avatar
Mike Perry committed
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
1.3.0-alpha
  30 Sep 2010
  * new: Support for transparent proxies in settings
    (patch from Jacob Appelbaum and Kory Kirk)
  * new: tor:// and tors:// url support to auto-toggle into tor mode
    (patch from Kory Kirk)
  * new: Cookie manager to allow individual Cookie protection
    (patch from Kory Kirk)
  * new: Add referrer spoofing based on modified same origin policy
    (patch from Kory Kirk)
  * new: Add DuckDuckGo.com as a Google captcha redirect destination
    (patch from aiden tighe)
  * bugfix: bug 1911: Fix broken useragent locale string on debian
    (patch from lunar)
  * bugfix: Fix captcha detection for encrypted.google.com

Mike Perry's avatar
Mike Perry committed
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
1.2.5
  08 Apr 2010
  * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  * bugfix: bug 1321: Fix a session restore bug when closing the last window
  * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  * bugfix: bug 1337: Bind alert windows to correct browser window
  * bugfix: bug 1055: Make the error console the default log output location
  * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  * misc: Always tell a website our window size is rounded even if it's not
  * misc: Add some suggestions to warning about loading external content
  * new: Add option to always update Torbutton via Tor. On by default
  * new: Redirect Google queries elsewhere on captcha (default ixquick)
  * new: Strip identifying info off of Google searchbox queries

Mike Perry's avatar
Mike Perry committed
664
665
666
667
668
669
670
671
672
673
674
1.2.4
  16 Dec 2009
  * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  * bugfix: bug 1163: Fix history loss in FF3.6
  * bugfix: Fix a typo error during logging
  * bugfix: Properly handle session restore in FF3.6
  * misc: Kill a warning message about missing properties in window-mapper.js
  * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)

Mike Perry's avatar
Mike Perry committed
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
1.2.3
  02 Dec 2009
  * bugfix: bug 950: Preserve useragent and download settings across toggle
  * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  * bugfix: bug 1041: Preserve tab history in FF3.5
  * bugfix: bug 1047: Fix spurious user agent change notice
  * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  * bugfix: bug 1085: Fix test settings issues with dead privoxy
  * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  * bugfix: bug 1154: Clarify "Last Tor test failed" message
  * misc: Disable geolocation in FF3.5 during Tor mode
  * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  * misc: Disable offline app cache during Tor mode
  * misc: Disable specific site zoom settings during Tor mode
  * new: Transfer Google cookies between country-code domains. This should
    make it such that captchas only need to be solved once per Tor session,
    as opposed to for each country.

Mike Perry's avatar
   
Mike Perry committed
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
1.2.2
  09 Aug 2009
  * bugfix: Workaround Firefox Bug 440892 to prevent external apps from 
    being launched (and thus bypassing proxy settings) without user 
    confirmation. Independently reported by Greg Fleischer and optimist.
  * bugfix: Create a separate "No Proxy For" option and remove the 
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  * bugfix: bug 970: Purge undo tab list on Tor toggle.
  * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages. 
    Mac OS writes Firefox console messages to disk by default.
  * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy 
    strings to fail to display.
  * misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  * misc: Fix a couple of strict javascript warns on FF3.5
  * misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  * misc: Remove torbutton log system init message that may have scared some
    paranoids. 

Mike Perry's avatar
   
Mike Perry committed
720
1.2.1
Mike Perry's avatar
   
Mike Perry committed
721
  21 Mar 2009
Mike Perry's avatar
   
Mike Perry committed
722
723
724
725
726
727
728
  * bugfix: bug 773: Fixed Noscript conflict issue.
  * bugfix: bug 866: Fixed conflict with ZoTero
  * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
    Torbutton's spoofed user agent if Tor is enabled.
  * bugfix: bug 909: Get Torbutton to "properly" react to users changing 
    their Firefox cookie lifetime settings as opposed to using the Torbutton 
    interface.
Mike Perry's avatar
   
Mike Perry committed
729
  * bugfix: bug 834: Fix session saving and startup issues
Mike Perry's avatar
   
Mike Perry committed
730
731
732
733
734
735
736
737
738
739
740
  * bugfix: bug 875: Removed docShell == null popup during toggle for 
    some users
  * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  * bugfix: Stop-gap timezone spoofing fix for Linux and Mac 
    for FF3. Requires a one-line patch to Firefox for Windows to work.
  * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  * misc: bug 836: redesign startup preference window to make it more
    understandable
  * misc: Torbutton now presents itself as Windows FF3.0.7.
Mike Perry's avatar
   
Mike Perry committed
741
  * misc: Change RDF to allow Torbutton to run on FF3.1 betas.
Mike Perry's avatar
   
Mike Perry committed
742

Mike Perry's avatar
   
Mike Perry committed
743
1.2.0
Mike Perry's avatar
   
Mike Perry committed
744
  30 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
745
746
747
748
749
750
751
752
  * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  * bugfix: bug 778: Preserve locale in spoofed version if user does not want
    locale spoofing.
  * bugfix: bug 780: Keep session cookies during Tor toggle.
  * bugfix: Potential fix for some PKCS#12 issues.
  * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  * misc: Translation updates.

Mike Perry's avatar
   
Mike Perry committed
753
754
755
756
757
758
759
760
1.2.0rc6:
  12 Jul 2008
  * bugfix: Fix bug causing Firefox history to get cleared in some situations
  * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  * bugfix: Fix some potential permission denied issues with cookie jars
  * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  * bugfix: Apply cookie lifetime settings to Tor settings on first install.
Roger Dingledine's avatar
Roger Dingledine committed
761
  * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
Mike Perry's avatar
   
Mike Perry committed
762
763
  * misc: Allow automatic updates in FF3 by default. They are secure now.
  * misc: Translation updates
Roger Dingledine's avatar
Roger Dingledine committed
764

Mike Perry's avatar
   
Mike Perry committed
765
1.2.0rc5
Mike Perry's avatar
   
Mike Perry committed
766
  06 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
767
768
  * bugfix: bug 734: Fix exception with clearing history on toggle
  * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
Mike Perry's avatar
   
Mike Perry committed
769
770
  * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  * misc: translation updates for French, Farsi, and others
Mike Perry's avatar
   
Mike Perry committed
771
  * misc: demote "mapper check" log message to info
Mike Perry's avatar
   
Mike Perry committed
772
  * new: Option to not write cookie jars to disk submitted by arno
Mike Perry's avatar
   
Mike Perry committed
773

Mike Perry's avatar
   
Mike Perry committed
774
775
776
777
778
779
780
781
782
1.2.0rc4
  27 Jun 2008
  * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
    Bug 439384, but it's the best we can do. At least we won't destroy
    cookies anymore.
  * misc: Some strings were present twice in the en-US locale. Didn't seem
    to cause any problems, but probably should be fixed.

1.2.0rc3
Mike Perry's avatar
   
Mike Perry committed
783
784
785
786
787
788
789
790
791
792
  27 Jun 2008
  * bugfix: Lots of compatibility updates with other extensions. Issues
    with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  * bugfix: Fix bug with first window/tab after restart being partially 
    prevented from performing network activity and/or history access.
  * bugfix: Add an additional pref for blocking Non-Tor file url network
    activity. Off by default. This should fix issues with Sage addon in
    Non-Tor mode. 
  * bugfix: Be better about saving all sorts of Firefox prefs that we touch
    so that users' Non-Tor preferences are remembered.
Mike Perry's avatar
   
Mike Perry committed
793
  * bugfix: Fix potential issues with FF3 sessionstore by updating component,
Mike Perry's avatar
   
Mike Perry committed
794
795
796
797
798
799
800
801
802
    and performing version detection.
  * bugfix: Separate toggle into a 3 stage process to eliminate potential 
    race conditions and issues with javascript and other functionality 
    not working after Tor toggle.
  * new: Added 'Test Settings' button to Proxy Preferences that uses 
    check.torproject.org to verify Tor status.
  * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  * misc: Fix logging system to be more user-legible.

Mike Perry's avatar
   
Mike Perry committed
803
804
805
806
807
808
1.2.0rc2
  08 Jun 2008
  * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are 
    closed but app stays open
  * misc: Potential performance improvements when many windows+tabs are open
  * new: Add 'locked mode' pref to allow users to disable one-click toggling
Mike Perry's avatar
   
Mike Perry committed
809
  * new: Add prefs to start Firefox with a specific Tor state.
Mike Perry's avatar
   
Mike Perry committed
810

Mike Perry's avatar
   
Mike Perry committed
811
1.2.0rc1
Mike Perry's avatar
   
Mike Perry committed
812
  01 Jun 2008
Mike Perry's avatar
   
Mike Perry committed
813
814
815
816
  * general: FF3 should now be functional, but timezone masking is not
    operational
  * bugfix: Fix Places/history component hooking in FF3
  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
Mike Perry's avatar
   
Mike Perry committed
817
    if history writes are disabled.
Mike Perry's avatar
   
Mike Perry committed
818
819
820
  * bugfix: General component hooking fixes for FF3
  * bugfix: Block favicon leaking in FF3
  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
Mike Perry's avatar
   
Mike Perry committed
821
  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
Mike Perry's avatar
   
Mike Perry committed
822
823
824
825
826
827
828
829
830
831
832
  * bugfix: Properly reset cookie lifetime policy when user changes cookie
    handling options.
  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  * bugfix: navigator.oscpu hooking was broken in 1.1.18
  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
    Not possible to cancel existing Livemarks timer (one fetch will still
    happen via Tor before disable). See Firefox Bug 436250
  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
    mimetypes just in case our custom full page blocking code fails

Mike Perry's avatar
   
Mike Perry committed
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
1.1.18
  17 Apr 2008
  * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
    unusable after recent updates by Google.
  * bugfix: Fix an exception in the content policy that may have prevented
    some AJAX page elements from loading.
  * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  * bugfix: Fix to make clear private data work again by fixing up history
    hooking (may also help FF3 compatibility).
  * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
    weirdness).
  * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
    preference
  * bugfix: Fix bug 638: eliminate cross-state history popup on session
    restore
  * bugfix: Only resize windows on document load. Hopefully this will make
    the resizing code less annoying, and drift less.
  * bugfix: Fix Object.prototype extensions involving the Date object 
    (observed on LiveJournal)
  * bugfix: Fix javascript debugger compatibility issues involving source
    window display and other functionality.
  * misc: Prevent blocked popups from opening blank, unusable windows
  * misc: Updated firefox version to 2.0.0.14
  * new: New translations for French, Russian, Farsi, Italian, and Spanish.

1.1.17
Mike Perry's avatar
   
Mike Perry committed
859
  15 Mar 2008
Mike Perry's avatar
   
Mike Perry committed
860
861
862
863
864
865
866
867
868
869
870
871
872
  * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox 
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

Mike Perry's avatar
   
Mike Perry committed
873
874
875
876
877
878
879
1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling

Mike Perry's avatar
   
Mike Perry committed
880
881
882
883
884
885
886
887
888
889
890
1.1.15
  26 Feb 2008
  * bugfix: Fix hook unmasking of window.screen, window.history,
    and window.navigator discovered by Greg Fleischer. window.Date 
    unmasking is still unfixed. window.history unmasking represents
    potential IP disclosure due to Firefox Bug 409737.
  * bugfix: Fix view-source extension disclosure bug found by Greg 
    Fleischer.
  * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  * new: Attempt to prevent window sizes from drifting during resize.

Mike Perry's avatar
   
Mike Perry committed
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
1.1.14
  24 Feb 2008
  * bugfix: set general.useragent.locale if user wants to spoof an English
    browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the 
    browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled, 
    and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for 
    reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful 
    for general convenience and also as a backup protection against 
    Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
    prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.

Mike Perry's avatar
   
Mike Perry committed
910
1.1.13
Mike Perry's avatar
   
Mike Perry committed
911
  01 Feb 2008
Mike Perry's avatar
   
Mike Perry committed
912
913
914
915
916
917
918
919
920
921
922
  * bugfix: Implement workarounds to disable Javascript network access 
    for Firefox Bug 409737
  * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 
  * misc: Set network.protocol-handler.warn-external.* to warn on external 
    app handlers during Tor usage
  * misc: Disable browser.safebrowsing.enabled during Tor usage since it
    retrieves some information in plaintext.
  * misc: Disable browser.send_pings.
  * misc: Block Javascript back/forward manipulation if Tor is enabled
  * new: Option to clear HTTP auth on Tor toggle

Mike Perry's avatar
   
Mike Perry committed
923
924
925
926
927
928
929
930
1.1.12
  26 Nov 2007
  * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
    is the whole bug.
  * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
    window was closed (introduced in 1.1.11)
  * bugfix: Fix a favicon proxy-leak discussed in onionland

Mike Perry's avatar
   
Mike Perry committed
931
932
933
934
935
936
937
938
1.1.11
  16 Nov 2007
  * bugfix: Fix a scope issue with the JS hooks that caused problems with 
    some sites (gmail, others?)
  * misc: Performance enhancements for speeding up toggle
  * new: Prevent Tor cookies from being written to disk if the user wants
    them cleared.

Mike Perry's avatar
   
Mike Perry committed
939
940
941
1.1.10
  06 Nov 2007
  * bugfix: bug 522: Try harder to kill plugins before they do any network IO
Mike Perry's avatar
   
Mike Perry committed
942
    (discovered by goldy)
Mike Perry's avatar
   
Mike Perry committed
943
944
945
946
947
948
  * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
    location event.
  * misc: New logging system
  * new: Have user choose between starting in Tor or Non-Tor after crash.
    Leaving it to Firefox is non-deterministic and should not be an option.

Mike Perry's avatar
   
Mike Perry committed
949
950
951
952
1.1.9.1
  23 Oct 2007
  * bugfix: 1.1.9 killed all plugins. Bring them back to life.

Mike Perry's avatar
   
Mike Perry committed
953
954
1.1.9
  21 Oct 2007
Mike Perry's avatar
   
Mike Perry committed
955
  * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
Mike Perry's avatar
   
Mike Perry committed
956
957
958
959
  * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  * bugfix: bug 522: Block loading of direct clicks of plugin-handled content 
    (discovered by goldy).

Mike Perry's avatar
   
Mike Perry committed
960
1.1.8
Mike Perry's avatar
   
Mike Perry committed
961
962
963
964
965
  01 Oct 2007
  * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  * bugfix: bug 474: Decouple password+form saving from history writing
  * bugfix: bug 460: Rework handling of hooking based on global events+window
Mike Perry's avatar
   
Mike Perry committed
966
    lookup
Mike Perry's avatar
   
Mike Perry committed
967
968
969
970
  * bugfix: Hooking fixes for pages with nested frames/iframes
  * bugfix: Cookies are now properly synced before storing into a jar
  * misc: Tightened up the alerts a bit more for the javascript hooking
  * misc: Changed defaults to be less intrusive to non-tor usage
Mike Perry's avatar
   
Mike Perry committed
971
  * new: Added options to start in Tor and reload cookies after browser crash 
Mike Perry's avatar
   
Mike Perry committed
972
  * new: Added ability to have both tor and non-tor cookie jars
Mike Perry's avatar
   
Mike Perry committed
973

Mike Perry's avatar
   
Mike Perry committed
974
975
1.1.7
  20 Sep 2007
Mike Perry's avatar
   
Mike Perry committed
976
  * bugfix: bug 495: couple of memory leaks found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
977
  * bugfix: bug 497: uninstall exception found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
978
979
  * bugfix: bug 460: No more alerts should happen. But does that mean its
    fixed? Outlook uncertain...
Mike Perry's avatar
   
Mike Perry committed
980
981
982
983
984
  * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  * bugfix: if javascript is disabled, the hooking code no longer complains
  * misc: Update spoofed Firefox version to 2.0.0.6
  * new: "Restore Defaults" button added to the preferences window

Mike Perry's avatar
   
Mike Perry committed
985
986
987
988
989
990
991
992
1.1.6
  30 Jul 2007
  * bugfix: Fix an exception that may have messed up cookie/cache clearing
    if you allowed Tor to write history URLs (possibly kills bug #457)
  * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
    misses (possibly kills bug #460)
  * misc: Clean up annoying false positives with date hooking checks

Mike Perry's avatar
   
Mike Perry committed
993
994
995
996
997
998
1.1.5
  17 Jul 2007
  * bugfix: Reset shutdown option if user wants to manually manage cookies
  * misc: Add code to detect date hooking failures to zero in on Bug #460
  * new: Pref to disable "DOM Storage" during Tor usage

Mike Perry's avatar
   
Mike Perry committed
999
1000
1.1.4 - Defcon CD Release
  6 Jul 2007