CHANGELOG 52.4 KB
Newer Older
Georg Koppen's avatar
Georg Koppen committed
1
2
3
4
5
6
2.1.1
 * Bug 23925+27959: Donation banner for year end 2018 campaign
 * Bug 24172: Donation banner clobbers Tor Browser version string
 * Bug 28082: Add locales cs, el, hu, ka
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
7
8
9
10
11
2.1
 * Bug 27175: Add pref to allow users to persist custom noscript settings
 * Bug 27760: Use new NoScript API for IPC and fix about:blank issue
 * Bug 21263: Remove outdated information from the README

Georg Koppen's avatar
Georg Koppen committed
12
13
14
15
16
17
18
19
20
21
22
2.0.7
 * Bug 27097: Tor News signup banner
 * Bug 27663: Add New Identity menuitem again
 * Bug 26624: Only block OBJECT on highest slider level
 * Bug 26555: Don't show IP address for meek or snowflake
 * Bug 27478: Torbutton icons for dark theme
 * Bug 27506+14520: Move status version to upper left corner for RTL locales
 * Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
 * Bug 27558: Update the link to "Your Guard note may not change" text
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
23
24
25
2.0.6
 * Bug 27401: Start listening for NoScript before it loads

Georg Koppen's avatar
Georg Koppen committed
26
27
28
29
30
31
32
33
2.0.5
 * Bug 26962: Circuit display onboarding
 * Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
 * Bug 26490: Remove the security slider notification
 * Bug 27301: Improve about:tor behavior and appearance
 * Bug 27214: Improve the onboarding text
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
34
35
36
37
38
2.0.4
 * Bug 27276: Adapt to new NoScript messaging protocol
 * Bug 27097: Add text for Tor News signup widget
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
39
40
41
42
2.0.3
 * Bug 26884: Use Torbutton to provide security slider on mobile
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
43
44
45
46
47
48
49
50
51
2.0.2
 * Bug 26960: Implement new about:tor start page
 * Bug 26961: Implement new user onboarding
 * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
 * Bug 26590: Use new svg.disabled pref in security slider
 * Bug 26655: Adjust color and size of onion button
 * Bug 26500: Reposition circuit display relay icon for RTL locales
 * Bug 26409: Remove spoofed locale implementation
 * Bug 26189: Remove content-policy.js
Georg Koppen's avatar
Georg Koppen committed
52
   * Bug 26544: Images are not centered anymore
Georg Koppen's avatar
Georg Koppen committed
53
54
55
 * Bug 27129: Add locales ca, ga, id, is, nb
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
56
2.0.1
Georg Koppen's avatar
Georg Koppen committed
57
 * Bug 26100: Adapt Torbutton to Firefox 60 ESR
Georg Koppen's avatar
Georg Koppen committed
58
 * Bug 26430: New Torbutton icon
Georg Koppen's avatar
Georg Koppen committed
59
60
61
62
63
64
65
66
67
 * Bug 24309: Move circuit display to the identity popup
 * Bug 26128: Adapt security slider to the WebExtensions version of NoScript
 * Bug 23247: Show security state of .onions
 * Bug 26129: Show our about:tor page on startup
 * Bug 26235: Hide new unusable items from help menu
 * Bug 26058: Remove workaround for hiding 'sign in to sync' button
 * Bug 20628: Add locales bn-BD, da, he, sv, zh-TW
 * Translations update

68
69
70
71
1.9.9.1
 * Bug 25126: Make about:tor layout responsive
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
72
73
74
75
76
1.9.9
 * Bug 24159: Version check does not deal with platform specific checks
 * Bug 25016: Remove 2017 donation banner
 * Translations update

77
78
79
80
81
1.9.8.5
 * Bug 21245: Add da translation to Torbutton and keep track of it
 * Bug 24702: Remove Mozilla text from banner
 * Translations update

82
83
84
85
86
1.9.8.4
 * Bug 21847: Update copy for security slider
 * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
 * Translations update

87
88
89
90
91
92
1.9.8.3
 * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
 * Bug 23949: Fix donation banner display
 * Update locales with translated banner
 * Translations update

93
94
95
96
1.9.7.10
 * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
97
98
99
100
101
1.9.7.9
 * Bug 23949: Fix donation banner display
 * Update locales with translated banner
 * Translations update

102
103
104
105
1.9.8.2
 * Bug 23887: Update banner locales and Mozilla text
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
106
107
108
109
110
111
112
113
114
115
1.9.7.8
 * Bug 23887: Update banner locales and Mozilla text
 * Bug 23526: Add 2017 Donation banner text
 * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
 * Bug 22610: Avoid crashes when canceling external helper app related downloads
 * Bug 22472: Fix FTP downloads when external helper app dialog is shown
 * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
 * Bug 22618: Downloading pdf file via file:/// is stalling
 * Translations update

116
117
118
119
120
121
122
1.9.8.1
 * Bug 20375: Warn users after entering fullscreen mode
 * Bug 22989: Fix dimensions of new windows on macOS
 * Bug 23526: Add 2017 Donation banner text
 * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
 * Translations Update

Georg Koppen's avatar
Georg Koppen committed
123
124
125
126
127
128
129
130
1.9.7.7
 * Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
 * Bug 20375: Warn users after entering fullscreen mode

1.9.7.6
 * Bug 22989: Fix dimensions of new windows on macOS
 * Translations update

131
132
133
134
135
136
137
138
139
140
141
142
143
1.9.8
 * Bug 22610: Avoid crashes when canceling external helper app related downloads
 * Bug 22472: Fix FTP downloads when external helper app dialog is shown
 * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
 * Bug 22618: Downloading pdf file via file:/// is stalling
 * Bug 22542: Resize slider window to work without scrollbars
 * Bug 21999: Fix display of language prompt in non-en-US locales
 * Bug 18193: Don't let about:tor have chrome privileges
 * Bug 22535: Search on about:tor discards search query
 * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
 * Code clean-up
 * Translations update

Georg Koppen's avatar
Georg Koppen committed
144
145
146
147
148
149
150
151
1.9.7.5
 * Bug 21999: Fix display of language prompt in non-en-US locales
 * Bug 18193: Don't let about:tor have chrome privileges
 * Bug 22535: Search on about:tor discards search query
 * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
 * Code clean-up
 * Translations update

152
153
154
1.9.7.4
 * Bug 22542: Security Settings window too small on macOS 10.12

155
156
157
158
159
160
161
1.9.7.3
 * Bug 22104: Adjust our content policy whitelist for ff52-esr
 * Bug 22457: Allow resources loaded by view-source://
 * Bug 21627: Ignore HTTP 304 responses when checking redirects
 * Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
 * Translations update

162
163
164
165
166
167
168
169
170
171
1.9.7.2
 * Bug 21865: Update our JIT preferences in the security slider
 * Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
 * Bug 21745: Fix handling of catch-all circuit
 * Bug 21547: Fix circuit display under e10s
 * Bug 21268: e10s compatibility for New Identity
 * Bug 21267: Remove window resize implementation for now
 * Bug 21201: Make Torbutton multiprocess compatible
 * Translation updates

172
173
174
175
176
177
178
1.9.7.1
 * Bug 21396: Allow leaking of resource/chrome URIs (off by default)
 * Bug 21574: Add link for zh manual and create manual links dynamically
 * Bug 21330: Non-usable scrollbar appears in tor browser security settings
 * Bug 21324: Don't update NoScript button with timer update
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
179
180
181
182
183
184
185
186
1.9.7
 * Bug 19898: Use DuckDuckGo on about:tor
 * Bug 21091: Hide the update check menu entry when running under the sandbox
 * Bug 21243: Add links to es, fr, and pt Tor Browser manual
 * Bug 21194: Show snowflake in the circuit display
 * Bug 21131: Remove 2016 donation banner
 * Translation updates

187
188
189
190
191
192
193
194
195
1.9.6.12
 * Bug 20951: Back out Unix domain socket related patches for Tor Browser 6.5
 * Bug 19898: Use DuckDuckGo on about:tor
 * Bug 21243: Add links to es, fr, and pt Tor Browser manual
 * Bug 21091: Hide the update check menu entry when running under the sandbox
 * Bug 21131: Remove 2016 donation banner
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
196
197
198
1.9.6.9
 * Bug 20947: Donation banner improvements

199
200
201
1.9.5.13
 * Bug 20947: Donation banner improvements

202
203
204
205
206
207
208
209
210
211
212
1.9.6.8
 * Bug 16622: Timezone spoofing moved to tor-browser.git
 * Bug 20701: Allow the directory listing stylesheet in the content policy
 * Bug 20556: Use pt-BR strings from now on
 * Bug 20614: Add links to Tor Browser User Manual
 * Bug 20414: Fix non-rendering arrow on OS X
 * Bug 20728: Fix bad preferences.xul dimensions
 * Bug 20318: Remove helpdesk link from about:tor
 * Bug 20753: Remove obsolete StartPage locale strings
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
213
1.9.6.7
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 * Bug 20414: Add donation banner on about:tor for 2016 campaign
 * Bug 20111: use Unix domain sockets for SOCKS port by default
 * Bug 19459: Move resizing code to tor-browser.git
 * Bug 20264: Change security slider to 3 options
 * Bug 20347: Enhance security slider's custom mode
 * Bug 20123: Disable remote jar on all security levels
 * Bug 20244: Move privacy checkboxes to about:preferences#privacy
 * Bug 17546: Add tooltips to explain our privacy checkboxes
 * Bug 17904: Allow security settings dialog to resize
 * Bug 18093: Remove 'Restore Defaults' button
 * Bug 20373: Prevent redundant dialogs opening
 * Bug 20388+20399+20394: Code clean-up
 * Translation updates

228
229
230
231
1.9.5.12
 * Bug 20414: Add donation banner on about:tor for 2016 campaign
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
232
1.9.6.4
233
234
235
 * Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
 * Bug 17767: Make "JavaScript disabled" more visible in Security Slider

236
237
238
239
240
241
242
1.9.6.2
 * Bug 18589: Clear site security settings during New Identity
 * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
 * Bug 19837: Whitelist internal URLs that Firefox requires for media
 * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
 * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
 * Bug 14271: Make Torbutton work with Unix Domain Socket option
243
 * Translation updates
244

245
246
247
248
1.9.5.7
 * Bug 18589: Clear site security settings during New Identity
 * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times

Mike Perry's avatar
Mike Perry committed
249
250
251
252
253
254
255
1.9.6.1
 * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
 * Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
 * Bug 19689: Plugin usage prompt is parented to wrong window
 * Bug 19273: Improve external app launch handling and associated warnings
 * Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy

256
257
258
259
260
261
262
1.9.5.6
 * Bug 19417: Disable asmjs for now
 * Bug 19689: Use proper parent windows for plugin prompt

1.9.5.5
 * Bug 19417: Clear asmjscache

Georg Koppen's avatar
Georg Koppen committed
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
1.9.6
 * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
 * Bug 18905: Hide unusable items from help menu
 * Bug 17599: Provide shortcuts for New Identity and New Circuit
 * Bug 18980: Remove obsolete toolbar button code
 * Bug 18238: Remove unused Torbutton code and strings
 * Translation updates
 * Code clean-up

1.9.5.4
 * Bug 18466: Make Torbutton compatible with Firefox ESR 45
 * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
 * Bug 18905: Hide unusable items from help menu
 * Bug 16017: Allow users to more easily set a non-tor SSH proxy
 * Bug 17599: Provide shortcuts for New Identity and New Circuit
 * Bug 18980: Remove obsolete toolbar button code
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates
 * Code clean-up

283
284
285
286
1.9.5.3
 * Bug 18466: Make Torbutton compatible with Firefox ESR 45
 * Translation updates

287
288
289
1.9.5.2
 * Bug 18557: Exempt Graphite preference from Security Slider

Georg Koppen's avatar
Georg Koppen committed
290
291
292
1.9.4.5
 * Bug 18557: Exempt Graphite preference from Security Slider

293
294
295
296
297
298
299
1.9.5.1
 * Bug 16990: Don't mishandle multiline commands
 * Bug 18144: about:tor update arrow position is wrong
 * Bug 16725: Allow resizing with non-default homepage
 * Bug 16017: Allow users to more easily set a non-tor SSH proxy
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
300
301
302
303
304
305
1.9.4.4
 * Bug 16990: Don't mishandle multiline commands
 * Bug 18144: about:tor update arrow position is wrong
 * Bug 16725: Allow resizing with non-default homepage
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
306
307
308
309
310
311
312
313
314
315
316
1.9.5
 * Bug 16990: Show circuit display for connections using multi-party channels
 * Bug 18019: Avoid empty prompt shown after non-en-US update
 * Bug 18004: Remove Tor fundraising donation banner
 * Code cleanup
 * Translation updates

1.9.4.3
 * Bug 16990: Show circuit display for connections using multi-party channels
 * Bug 18019: Avoid empty prompt shown after non-en-US update
 * Bug 18004: Remove Tor fundraising donation banner
317
318
319
320
321
 * Bug 16940: After update, load local change notes
 * Bug 17108: Polish about:tor appearance
 * Bug 17568: Clean up tor-control-port.js
 * Bug 16620: Move window.name handling into a Firefox patch
 * Bug 17351: Code cleanup
Georg Koppen's avatar
Georg Koppen committed
322
323
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
324
325
326
327
328
329
330
331
332
333
1.9.4.2
 * Bug 16940: After update, load local change notes
 * Bug 16990: Avoid matching '250 ' to the end of node name
 * Bug 17108: Polish about:tor appearance
 * Bug 17565: Tor fundraising campaign donation banner
 * Bug 17568: Clean up tor-control-port.js
 * Bug 17770: Fix alignments on donation banner
 * Bug 17792: Include donation banner in some non en-US Tor Browsers
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
334
1.9.4.1
Georg Koppen's avatar
Georg Koppen committed
335
 * Bug 9623: Spoof Referer when leaving a .onion domain
Georg Koppen's avatar
Georg Koppen committed
336
337
338
339
340
 * Bug 16620: Move window.name handling into a Firefox patch
 * Bug 17164: Don't show text-select cursor on circuit display
 * Bug 17351: Remove unused code
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
341
342
343
344
345
346
347
348
1.9.4
 * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
 * Bug 16735: about:tor should accommodate different fonts/font sizes
 * Bug 16887: Update intl.accept_languages value
 * Bug 15493: Update circuit display on new circuit info
 * Bug 16797: brandShorterName is missing from brand.properties
 * Translation updates

349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
1.9.3.7
 * Bug 16990: Avoid matching '250 ' to the end of node name
 * Bug 17565: Tor fundraising campaign donation banner
 * Bug 17770: Fix alignments on donation banner
 * Bug 17792: Include donation banner in some non en-US Tor Browsers
 * Translation updates

1.9.3.5
 * Bug 9623: Spoof Referer when leaving a .onion domain
 * Bug 16735: about:tor should accommodate different fonts/font sizes
 * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
 * Bug 17164: Don't show text-select cursor on circuit display
 * Bug 17351: Remove unused code
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
364
365
366
367
368
369
370
1.9.3.4
 * Bug 16887: Update intl.accept_languages value
 * Bug 15493: Update circuit display on new circuit info
 * Bug 16797: brandShorterName is missing from brand.properties
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
371
372
373
374
375
376
377
378
379
380
381
1.9.3.3
 * Bug 14429: Make sure the automatic resizing is enabled

1.9.3.2
 * Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
 * Bug 16730: Reset NoScript whitelist on upgrade
 * Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
 * Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

382
383
384
385
386
387
1.9.3.1
 * Bug 16268: Show Tor Browser logo on About page
 * Bug 16639: Check for Updates menu item can cause update failure
 * Bug 15781: Remove the sessionstore filter
 * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref

388
389
390
391
392
1.9.3.0
 * Bug 16427: Use internal update URL
 * Bug 16200: Update Cache API usage and prefs for FF38
 * Bug 16357: Use Mozilla API to wipe permissions db

393
394
395
396
397
1.9.2.8
 * Bug 16403: Set search parameters for Disconnect
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
398
399
400
1.9.2.7
 * Bug 14429: Make sure the automatic resizing is enabled

Georg Koppen's avatar
Georg Koppen committed
401
402
403
404
405
1.9.2.6
 * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
 * Bug 14429: Make sure the automatic resizing is disabled
 * Translation updates

406
407
408
1.9.2.5
 * Translation updates

Georg Koppen's avatar
Georg Koppen committed
409
410
411
1.9.2.4
 * Bug 14429: Improved automatic window resizing

412
413
414
415
416
1.9.2.3:
 * Bug 15837: Show descriptions if unchecking custom mode
 * Bug 15927: Force update of the NoScript UI when changing security level
 * Bug 15915: Hide circuit display if it is disabled.

417
418
419
1.9.2.2:
 * Bug 15795: Some security slider prefs do not trigger custom checkbox

Mike Perry's avatar
Mike Perry committed
420
421
422
1.9.2.1:
 * Bug 14429: Disable window resizing for now.

423
424
425
426
427
428
429
1.9.2.0:
 * Bug 15562: Bind SharedWorkers to thirdparty pref
 * Bug 15533: Restore default security level when restoring defaults
 * Bug 15510: Close Tor Circuit UI control port connections on New Identity
 * Bug 15472: Make node text black in circuit status UI.
 * Bug 15502: Wipe blob URIs on New Identity

430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
1.9.1.0:
 * Bug 9387: "Security Slider 1.0"
   * Include descriptions and tooltip hints for security levels
   * Notify users that the security slider exists
   * Flip slider so that "low" is on the bottom
   * Make use of new SVG and MathML prefs
 * Bug 13766: Set a 10 minute circuit lifespan for non-content requests
 * Bug 15460: Ensure FTP urls use content-window circuit isolation
 * Bug 13650: Clip initial window height to 1000px
 * Bug 14429: Ensure windows can only be resized to 200x100px multiples
 * Bug 15334: Display Cookie Protections menu if disk records are enabled
 * Bug 14324: Show HS circuit in Tor circuit display
 * Bug 15086: Handle RTL text in Tor circuit display
 * Bug 15085: Fix about:tor RTL text alignment problems
 * Bug 10216: Add a pref to disable the local tor control port test
 * Bug 14937: Show meek and flashproxy bridges in tor circuit display
 * Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
 * Bug 13019: Change locale hiding pref to boolean
Georg Koppen's avatar
Georg Koppen committed
448
449
 * Bug 7255: Warn users about maximizing windows
 * Bug 14631: Improve profile access error msgs (strings).
450

451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
1.9.0.0
 * Bug 13882: Fix display of bridges after bridge settings have been changed
 * Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
 * Bug 10280: Strings and pref for preventing plugin initialization.
 * Bug 14866: Show correct circuit when more than one exists for a given domain
 * Bug 9442: Add New Circuit button to Torbutton menu
 * Bug 9906: Warn users before closing all windows and performing new identity.
 * Bug 8400: Prompt for restart if disk records are enabled/disabled.
 * Bug 14630: Hide Torbutton's proxy settings tab.
 * Bug 14632: Disable Cookie Manager until we get it working.
 * Bug 11175: Remove "About Torbutton" from onion menu.
 * Bug 13900: Remove SafeCache code.
 * Bug 14490: Use Disconnect search in about:tor search box
 * Bug 14392: Don't steal input focus in about:tor search box
 * Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
 * Bug 13406: Stop directing users to download-easy.html.en on update
 * Bug 9387: Handle "custom" mode better in Security Slider
 * Bug 12430: Bind jar: pref to Security Slider
Mike Perry's avatar
Mike Perry committed
469
 * Bug 14448: Restore Torbutton menu operation on non-English localizations
470

471
472
473
474
475
476
477
478
479
480
481
1.8.1.3
 * Bug 13998: Handle changes in NoScript 2.6.9.8+
 * Bug 14100: Option to hide NetworkSettings menuitem
 * Bug 13079: Option to skip control port verification
 * Bug 13835: Option to change default Tor Browser homepage
 * Bug 11449: Fix new identity error if NoScript is not enabled
 * Bug 13881: Localize strings for tor circuit display
 * Bug 9387: Incorporate user feedback
 * Bug 13671: Fixup for circuit display if bridges are used
 * Translation updates

482
483
484
485
486
487
488
489
490
1.8.1.2
 * Bug 13672: Make circuit display optional
 * Bug 13671: Make bridges visible on circuit display
 * Bug 9387: Incorporate user feedback
 * Bug 13784: Remove third party authentication tokens

1.8.1.1
 * Bug 13751: Remove remaining SafeCache code.

491
492
493
494
1.8.1.0
 * Bug 13746: Properly link Torbutton UI to thirdparty pref.
 * Bug 13742: Remove SafeCache code (in favor of C++ implementation)

495
496
497
1.8.0.3
 * misc: Translation imports for security slider

498
499
500
1.8.0.2
 * Bug 13666: Various fixes for circuit status display

501
502
503
1.8.0.1
 * Bug 13651: Fix hangs associated with circuit status UI from #8641.

504
505
506
507
508
509
1.8.0.0
 * Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
 * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
 * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs

510
511
512
513
1.7.0.2
 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
 * Bug 13746: Properly link Torbutton UI to thirdparty pref.

514
515
516
1.7.0.1
 * Bug 13378: Prevent addon reordering in toolbars on first-run.

517
1.7.0.0
518
 9 Oct 2014
519
520
 * Bug 10751: Adapt Torbutton to ESR31's Australis UI.
 * Bug 13138: ESR31-about:tor shows "Tor is not working"
Mike Perry's avatar
Mike Perry committed
521
 * Bug 12947: Adapt session storage blocker to ESR 31.
Mike Perry's avatar
Mike Perry committed
522
 * Bug 10716: Take care of drag/drop events in ESR 31.
523
 * Bug 13366: Fix cert exemption dialog when disk storage is enabled.
524

525
526
527
528
1.6.12.3
 23 Sep 2014
 * Bug 10804: Workaround for some TBB startup hangs

529
530
531
532
1.6.12.2
 22 Sep 2014
 * Bug 13091: Use "Tor Browser" everywhere

533
534
535
536
537
1.6.12.1
 1 Sep 2014
 * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file.
 * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org.

Mike Perry's avatar
Mike Perry committed
538
539
540
541
1.6.12.0
 4 Aug 2014
 * Bug 9531: Workaround to avoid rare hangs during New Identity

542
543
544
545
546
1.6.11.1
 24 Jul 2014
 * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
 * Bug 12680: Fix Torbutton about url.

547
548
549
550
551
1.6.11.0
 27 Jun 2014
 * Bug 10819: Bind new third party isolation pref to Torbutton security UI
 * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.

552
1.6.10.1
553
 26 Jun 2014
554
555
 * Bug #12221: Remove obsolete Javascript components from the toggle era

556
557
558
559
560
561
562
1.6.10.0
 5 Jun 2014
 * Bug 11510: about:tor should not report success if tor proxy is unreachable
 * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
 * Bug 11722: Add hidden pref to force remote Tor check
 * Bug 11763: Fix pref dialog double-click race that caused settings to be reset

563
564
565
566
567
1.6.9.0:
 25 Apr 2014
 * Bug 7439: Improve download warning dialog text.
 * Bug 11384: Completely remove hidden toggle menu item.

568
569
570
571
572
573
1.6.8.0:
 7 Apr 2014:
 * Bug 9010: Add Turkish to update locales.
 * Bug 11242: Fix improper "update needed" message after in-place upgrade.
 * Bug 10398: Ease translation of about:tor page elements

574
575
576
577
578
1.6.7.0:
 7 Mar 2014:
 * Bug 9901: Fix browser freeze due to content type sniffing
 * Bug 10611: Add Swedish (sv) to extra locales to update

579
580
1.6.6.0:
 3 Feb 2014
581
582
 * Bug 10800: Prevent exception in New Identity
 * Bug 10640: Fix about:tor's pointer position for RTL languages.
583
584
585
 * Bug 10095: Make inner window a multiple of 200x100
 * Bug 10285: Clear permissions on New Identity
 * Bug 9738: Fix for auto-maximizing on browser start
586
587
588
589
 * Bug 10682: Workaround to really disable updates for Torbutton.
 * Bug 10419: Don't allow connections to localhost
 * Bug 10140: Move Japanese to extra locales
 * Bug 10687: Add Basque (eu) to extra locales
590

Mike Perry's avatar
Mike Perry committed
591
592
593
594
1.6.5.5:
 20 Jan 2014
 * Bug 9486: Properly clear NoScript Temporary Permissions

595
596
597
598
1.6.5.4:
 14 Jan 2014
 * Bug 10537: Include Arabic locale in Torbutton.

599
600
601
602
1.6.5.3:
 23 Dec 2013
 * Bug 9486: Clear NoScript Temporary Permissions on New Identity 

603
604
605
606
1.6.5.2:
 17 Dec 2013
 * Misc: Change the default update download link back to download-easy

607
608
609
610
1.6.5.1:
 10 Dec 2013
 * Bug 10352: Clear FF24 Private Browsing Mode data during New Identity

611
612
613
614
615
616
617
1.6.5:
 9 Dec 2013
 * Bug 8167: Update cache isolation to use getFirstPartyURIFromChannel() for FF24
 * Bug 10201: FF ESR 24 hangs during exit on Mac OS.
 * Bug 10078: Properly clear crypto tokens during New Identity on FF24
 * Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24

618
619
620
621
1.6.4.1:
 15 Nov 2013
 * Bug 10002: Make the TBB3.0 blog tag our update download url for now.

Mike Perry's avatar
Mike Perry committed
622
623
624
625
1.6.4:
 29 Oct 2013
 * Bug 9144: Workaround for missing translation properties

626
627
628
629
630
1.6.3:
 11 Oct 2013:
 * Bug 9224: Support multiple Tor socks ports for about:tor status check
 * Bug 9587: Add TBB version number to about:tor

631
632
633
634
1.6.2.1:
 23 Sep 2013:
 * Bug 8839: Switch about:tor search link to unfiltered startpage link

635
636
637
638
639
1.6.2:
 18 Sep 2013
 * bug 9492: Fix Torbutton logo on OSX and Windows (and related
             initialization code)

640
1.6.1:
Mike Perry's avatar
Mike Perry committed
641
 01 Aug 2013
642
643
644
645
 * bug 8478: Change when window resizing code fires to avoid rounding errors
 * bug 9331: Hack an update URL for the next TBB release
 * bug 9144: Change an aboutTor.dtd string to something transifex might accept

646
647
648
649
650
651
652
653
654
1.6.0:
 05 Jun 2013
  * bug 7494: Create a local home page for TBB as about:tor
  * misc: Perform a control port test of proper Tor configuration by default.
          Only use check.torproject.org if the control port is unavailable.
  * misc: Add an icon menu option for Tor Launcher's Network Settings
  * misc: Add branding string overrides (primarily controls browser name and
          homepage)

655
656
657
658
659
660
661
1.5.2:
 22 Apr 2013
  * bug 8457: Allow session restore if the user allows disk actvity
  * bug 8301: Remove the Display Settings panel and associated locales
  * bug 6566: Fix "Transparent Torification" option.
  * bug 8642: Fix a hang on New Identity.

662
1.5.1:
663
 07 Mar 2013
664
  * bug 8324: Fix Drag+Drop crash by using a new TBB drag observer
665
666
667
668
669
670
671
672
  * bug 6202: Fix XML/E4X errors with Cookie Protections
  * bug 8423: Don't clear cookies at shutdown if user wants disk history
  * bug 8382: Leave IndexedDB and Offline Storage disabled.
  * bug 8422: Clear DOM localStorage on New Identity.
  * bug 8335: Don't strip "third party" HTTP auth from favicons
  * bug 5183: Localize the "Spoof english" button strings
  * bug 8313: Ask user for confirmation before enabling plugins
  * misc: Emit private browsing session clearing event on "New Identity"
673

674
675
1.5.0
 18 Feb 2013
676
  * bug 5279: Remove old toggle observers and related code
Mike Perry's avatar
Mike Perry committed
677
  * bug 3100: Simplify Security Preference UI and associated pref updates
678
  * bug 1305: Eliminate redundancy in our Flash/plugin disabling code
Mike Perry's avatar
Mike Perry committed
679
680
  * bug 3944: Leave most preferences under Tor Browser's control 
  * bug 7974: Disable toggle-on-startup and crash detection logic
681
  * bug 5279: Disable/remove toggle-mode code and related observers
Mike Perry's avatar
Mike Perry committed
682
  * bug 6431: Add menu hint to Torbutton icon
Mike Perry's avatar
Mike Perry committed
683
  * bug 7495: Make Torbutton icon flash a warning symbol if TBB is out of date
Mike Perry's avatar
Mike Perry committed
684
  * bug 6096: Perform version check every time there's a new tab.
Mike Perry's avatar
Mike Perry committed
685
  * bug 6156: Rate limit version check queries to once every 1.5hrs max.
686
  * misc: Allow WebGL and DOM storage.
Mike Perry's avatar
Mike Perry committed
687
688
  * misc: Disable independent Torbutton updates
  * misc: Change the recommended SOCKSPort to 9150 (to match TBB)
689

Mike Perry's avatar
Mike Perry committed
690
691
692
693
1.4.6.3
 9 Oct 2012
  * bug 5856: Disable JS hooks to make way for direct Firefox patch

Mike Perry's avatar
Mike Perry committed
694
695
696
697
698
1.4.6.2
 12 Sep 2012
  * bug 6803: Set proxy settings earlier to fix broken homepage load on FF15
  * bug 6254: Support transparent Tor mode through TOR_TRANSPROXY=1 env var.

Mike Perry's avatar
Mike Perry committed
699
700
701
702
1.4.6.1
 30 Aug 2012
  * Bug 6737: Disable window.screen hooks for FF15+ (fixes exception alert)

Mike Perry's avatar
Mike Perry committed
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
1.4.6
 30 May 2012
  * Bug 5710: Prevent all sessionstore data saving in TBB
  * Bug 5715: Explicitly clear image cache on TBB New Identity
  * Bug 4660: Clear search and find boxes on TBB New Identity
  * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  * Bug 4718: Make TBB version check happen on New Window+New Identity
  * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  * Bug 3838: Inform Torbutton users about TBB
  * Bug 5092: Sign Torbutton Updates
  * Bugs 5673+5732: Change captcha redirect to startpage.com
  * Bug 3845: Bump Firefox user agent to 10.0-ESR

Mike Perry's avatar
Mike Perry committed
718
719
720
721
1.4.5.1
  17 Dec 2011
  * bug 4722: Fix ability to drag tabs on Windows (due to #4517)

Mike Perry's avatar
Mike Perry committed
722
723
724
725
726
727
728
729
730
731
1.4.5
  14 Dec 2011
  * bug 4517: Disable external drag and drop (prevents proxy bypass)
  * bug 4099: Disable TLS session tickets to prevent linkability
  * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  * bug 4611: Notify user if "New Identity" fails
  * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  * misc: Perform versioncheck at startup regardless of session restore status

Mike Perry's avatar
Mike Perry committed
732
733
734
735
1.4.4.1
  11 Oct 2011
  * misc: Fix a homepage load error on Windows TBB first-run

Mike Perry's avatar
Mike Perry committed
736
737
738
739
740
741
742
743
744
745
1.4.4
  9 Oct 2011
  * bug 4197: Allow Torbutton formfill blocking to be disabled
  * bug 4058: Fix yet more issues with links opening in new tabs
  * bug 4161: Make TBB version check work w/ SocksPort auto builds
  * bug 3686: Fix loading of localized homepage on Debian
  * bug 4016: Resize window on "New Identity"
  * bug 3928: Implement CookieAuthFile password reading
  * misc: Fix scoping issue for some stream variables

746
747
748
749
750
751
752
1.4.3
  9 Sep 2011
  * bug 3933: Don't touch app.update.auto in TBB
  * bug 3960: Don't disable zoom.siteSpecific on TBB
  * bug 3928: Fix auto-scroll on twitter
  * bug 3649: Make permissions and disk errors human-readable

Mike Perry's avatar
Mike Perry committed
753
754
755
756
757
758
1.4.2
  3 Sep 2011
  * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)

Mike Perry's avatar
Mike Perry committed
759
760
761
762
763
764
765
766
767
768
769
770
1.4.1
  28 Aug 2011
  * bug 523: Implement New Identity (for TBB only)
  * bug 3580: Fix hotmail/live breakage (TBB only)
  * bug 3748: Disable 3rd party HTTP auth
  * bug 3665: Fix several corner cases SafeCache isolation
  * bug 3739: Fix https->http CORS failure for SafeCache
  * bug 3414: Isolate window.name based on referrer policy
  * bug 3809: Disable referer spoofing (fixes navigation issues)
  * bug 3819: Fix API issue with cookie protections
  * bug 3820: Fix warning w/ session store filter

Mike Perry's avatar
Mike Perry committed
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
1.4.0
  30 Jun 2011
  * bug 3101: Disable WebGL. Too many unknowns for now.
  * bug 3345: Make Google Captcha redirect work again.
  * bug 3399: Fix a reversed exception check found by arno.
  * bug 3177: Update torbutton to use new TorBrowser prefs.
  * bug 2843: Update proxy preferences window to support env var.
  * bug 2338: Force toggle at startup if tor is enabled
  * bug 3554: Make Cookie protections obey disk settings
  * bug 3441: Enable cookie protection UI by default.
  * bug 3446: We're Firefox 5.0, we swear.
  * bug #3506: Remove window resize event listener.
  * bug #1282: Set fixed window size for each new window.
  * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  * bug #2361: Make about window work again on FF4+.
Mike Perry's avatar
Mike Perry committed
786
  * bug #3436: T(A)ILS was renamed to Tails.
Mike Perry's avatar
Mike Perry committed
787
788
789
790
791
  * bugfix: Fix a transparent context menu issue on Linux FF4+.
  * misc: Squelch exception from app launcher in error console.
  * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  * misc: Make it harder to accidentally toggle torbutton.

Mike Perry's avatar
Mike Perry committed
792
1.3.3-alpha
793
  01 May 2011
Mike Perry's avatar
Mike Perry committed
794
795
796
797
  * bug 2777: Clear OCSP cache on tor toggle
  * bug 2832: Update spoofed user agent to Firefox 4.0
  * bug 2838: Make cookie protections dialog work
  * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
798
  * bug 3042: Fix version compatibility issue with FF4.0.1+
Mike Perry's avatar
Mike Perry committed
799

Mike Perry's avatar
Mike Perry committed
800
1.3.2-alpha
801
  21 Mar 2011
Mike Perry's avatar
Mike Perry committed
802
803
804
805
806
807
808
809
810
811
812
813
  * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  * bug 1999: Disable tor:// urls by default
  * bug 1968: Reset window.name on tor toggle
  * bug 2148: Make refspoofing more uniform
  * bug 2359: Fix XHTML DTD errors on FF4
  * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  * bug 2458: Opt out of Firefox addon usage pings
  * bug 2377: Limit the Google captcha cookies copied between google TLDs
  * bug 2491: Clean up checks for when to jar protected cookies
  * bug 1110: Add popup to ask if we should spoof English Accept: headers
  * misc: Remove a noisy FF2 nsICookieManager2 fallback check.

Mike Perry's avatar
Mike Perry committed
814
1.3.1-alpha
815
  03 Jan 2011
816
817
818
  * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
Mike Perry's avatar
Mike Perry committed
819
820
  * bugfix: Fix some incorrect log lines in RefSpoofer
  * new: Support Firefox 4.0 (many changes)
821
  * new: Place button in the nav-bar (FF4 killed the status-bar)
Mike Perry's avatar
Mike Perry committed
822
  * misc: No longer reimplement the session store, use new APIs instead
Mike Perry's avatar
Mike Perry committed
823
  * misc: Simplify crash detection and startup mode settings
Mike Perry's avatar
Mike Perry committed
824

Mike Perry's avatar
Mike Perry committed
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
1.3.0-alpha
  30 Sep 2010
  * new: Support for transparent proxies in settings
    (patch from Jacob Appelbaum and Kory Kirk)
  * new: tor:// and tors:// url support to auto-toggle into tor mode
    (patch from Kory Kirk)
  * new: Cookie manager to allow individual Cookie protection
    (patch from Kory Kirk)
  * new: Add referrer spoofing based on modified same origin policy
    (patch from Kory Kirk)
  * new: Add DuckDuckGo.com as a Google captcha redirect destination
    (patch from aiden tighe)
  * bugfix: bug 1911: Fix broken useragent locale string on debian
    (patch from lunar)
  * bugfix: Fix captcha detection for encrypted.google.com

Mike Perry's avatar
Mike Perry committed
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
1.2.5
  08 Apr 2010
  * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  * bugfix: bug 1321: Fix a session restore bug when closing the last window
  * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  * bugfix: bug 1337: Bind alert windows to correct browser window
  * bugfix: bug 1055: Make the error console the default log output location
  * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  * misc: Always tell a website our window size is rounded even if it's not
  * misc: Add some suggestions to warning about loading external content
  * new: Add option to always update Torbutton via Tor. On by default
  * new: Redirect Google queries elsewhere on captcha (default ixquick)
  * new: Strip identifying info off of Google searchbox queries

Mike Perry's avatar
Mike Perry committed
859
860
861
862
863
864
865
866
867
868
869
1.2.4
  16 Dec 2009
  * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  * bugfix: bug 1163: Fix history loss in FF3.6
  * bugfix: Fix a typo error during logging
  * bugfix: Properly handle session restore in FF3.6
  * misc: Kill a warning message about missing properties in window-mapper.js
  * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)

Mike Perry's avatar
Mike Perry committed
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
1.2.3
  02 Dec 2009
  * bugfix: bug 950: Preserve useragent and download settings across toggle
  * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  * bugfix: bug 1041: Preserve tab history in FF3.5
  * bugfix: bug 1047: Fix spurious user agent change notice
  * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  * bugfix: bug 1085: Fix test settings issues with dead privoxy
  * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  * bugfix: bug 1154: Clarify "Last Tor test failed" message
  * misc: Disable geolocation in FF3.5 during Tor mode
  * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  * misc: Disable offline app cache during Tor mode
  * misc: Disable specific site zoom settings during Tor mode
  * new: Transfer Google cookies between country-code domains. This should
    make it such that captchas only need to be solved once per Tor session,
    as opposed to for each country.

Mike Perry's avatar
   
Mike Perry committed
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
1.2.2
  09 Aug 2009
  * bugfix: Workaround Firefox Bug 440892 to prevent external apps from 
    being launched (and thus bypassing proxy settings) without user 
    confirmation. Independently reported by Greg Fleischer and optimist.
  * bugfix: Create a separate "No Proxy For" option and remove the 
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  * bugfix: bug 970: Purge undo tab list on Tor toggle.
  * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages. 
    Mac OS writes Firefox console messages to disk by default.
  * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy 
    strings to fail to display.
  * misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  * misc: Fix a couple of strict javascript warns on FF3.5
  * misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  * misc: Remove torbutton log system init message that may have scared some
    paranoids. 

Mike Perry's avatar
   
Mike Perry committed
915
1.2.1
Mike Perry's avatar
   
Mike Perry committed
916
  21 Mar 2009
Mike Perry's avatar
   
Mike Perry committed
917
918
919
920
921
922
923
  * bugfix: bug 773: Fixed Noscript conflict issue.
  * bugfix: bug 866: Fixed conflict with ZoTero
  * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
    Torbutton's spoofed user agent if Tor is enabled.
  * bugfix: bug 909: Get Torbutton to "properly" react to users changing 
    their Firefox cookie lifetime settings as opposed to using the Torbutton 
    interface.
Mike Perry's avatar
   
Mike Perry committed
924
  * bugfix: bug 834: Fix session saving and startup issues
Mike Perry's avatar
   
Mike Perry committed
925
926
927
928
929
930
931
932
933
934
935
  * bugfix: bug 875: Removed docShell == null popup during toggle for 
    some users
  * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  * bugfix: Stop-gap timezone spoofing fix for Linux and Mac 
    for FF3. Requires a one-line patch to Firefox for Windows to work.
  * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  * misc: bug 836: redesign startup preference window to make it more
    understandable
  * misc: Torbutton now presents itself as Windows FF3.0.7.
Mike Perry's avatar
   
Mike Perry committed
936
  * misc: Change RDF to allow Torbutton to run on FF3.1 betas.
Mike Perry's avatar
   
Mike Perry committed
937

Mike Perry's avatar
   
Mike Perry committed
938
1.2.0
Mike Perry's avatar
   
Mike Perry committed
939
  30 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
940
941
942
943
944
945
946
947
  * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  * bugfix: bug 778: Preserve locale in spoofed version if user does not want
    locale spoofing.
  * bugfix: bug 780: Keep session cookies during Tor toggle.
  * bugfix: Potential fix for some PKCS#12 issues.
  * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  * misc: Translation updates.

Mike Perry's avatar
   
Mike Perry committed
948
949
950
951
952
953
954
955
1.2.0rc6:
  12 Jul 2008
  * bugfix: Fix bug causing Firefox history to get cleared in some situations
  * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  * bugfix: Fix some potential permission denied issues with cookie jars
  * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  * bugfix: Apply cookie lifetime settings to Tor settings on first install.
Roger Dingledine's avatar
Roger Dingledine committed
956
  * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
Mike Perry's avatar
   
Mike Perry committed
957
958
  * misc: Allow automatic updates in FF3 by default. They are secure now.
  * misc: Translation updates
Roger Dingledine's avatar
Roger Dingledine committed
959

Mike Perry's avatar
   
Mike Perry committed
960
1.2.0rc5
Mike Perry's avatar
   
Mike Perry committed
961
  06 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
962
963
  * bugfix: bug 734: Fix exception with clearing history on toggle
  * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
Mike Perry's avatar
   
Mike Perry committed
964
965
  * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  * misc: translation updates for French, Farsi, and others
Mike Perry's avatar
   
Mike Perry committed
966
  * misc: demote "mapper check" log message to info
Mike Perry's avatar
   
Mike Perry committed
967
  * new: Option to not write cookie jars to disk submitted by arno
Mike Perry's avatar
   
Mike Perry committed
968

Mike Perry's avatar
   
Mike Perry committed
969
970
971
972
973
974
975
976
977
1.2.0rc4
  27 Jun 2008
  * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
    Bug 439384, but it's the best we can do. At least we won't destroy
    cookies anymore.
  * misc: Some strings were present twice in the en-US locale. Didn't seem
    to cause any problems, but probably should be fixed.

1.2.0rc3
Mike Perry's avatar
   
Mike Perry committed
978
979
980
981
982
983
984
985
986
987
  27 Jun 2008
  * bugfix: Lots of compatibility updates with other extensions. Issues
    with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  * bugfix: Fix bug with first window/tab after restart being partially 
    prevented from performing network activity and/or history access.
  * bugfix: Add an additional pref for blocking Non-Tor file url network
    activity. Off by default. This should fix issues with Sage addon in
    Non-Tor mode. 
  * bugfix: Be better about saving all sorts of Firefox prefs that we touch
    so that users' Non-Tor preferences are remembered.
Mike Perry's avatar
   
Mike Perry committed
988
  * bugfix: Fix potential issues with FF3 sessionstore by updating component,
Mike Perry's avatar
   
Mike Perry committed
989
990
991
992
993
994
995
996
997
    and performing version detection.
  * bugfix: Separate toggle into a 3 stage process to eliminate potential 
    race conditions and issues with javascript and other functionality 
    not working after Tor toggle.
  * new: Added 'Test Settings' button to Proxy Preferences that uses 
    check.torproject.org to verify Tor status.
  * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  * misc: Fix logging system to be more user-legible.

Mike Perry's avatar
   
Mike Perry committed
998
999
1000
1001
1002
1003
1.2.0rc2
  08 Jun 2008
  * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are 
    closed but app stays open
  * misc: Potential performance improvements when many windows+tabs are open
  * new: Add 'locked mode' pref to allow users to disable one-click toggling
Mike Perry's avatar
   
Mike Perry committed
1004
  * new: Add prefs to start Firefox with a specific Tor state.
Mike Perry's avatar
   
Mike Perry committed
1005

Mike Perry's avatar
   
Mike Perry committed
1006
1.2.0rc1
Mike Perry's avatar
   
Mike Perry committed
1007
  01 Jun 2008
Mike Perry's avatar
   
Mike Perry committed
1008
1009
1010
1011
  * general: FF3 should now be functional, but timezone masking is not
    operational
  * bugfix: Fix Places/history component hooking in FF3
  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
Mike Perry's avatar
   
Mike Perry committed
1012
    if history writes are disabled.
Mike Perry's avatar
   
Mike Perry committed
1013
1014
1015
  * bugfix: General component hooking fixes for FF3
  * bugfix: Block favicon leaking in FF3
  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
Mike Perry's avatar
   
Mike Perry committed
1016
  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
Mike Perry's avatar
   
Mike Perry committed
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
  * bugfix: Properly reset cookie lifetime policy when user changes cookie
    handling options.
  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  * bugfix: navigator.oscpu hooking was broken in 1.1.18
  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
    Not possible to cancel existing Livemarks timer (one fetch will still
    happen via Tor before disable). See Firefox Bug 436250
  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
    mimetypes just in case our custom full page blocking code fails

Mike Perry's avatar
   
Mike Perry committed
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1.1.18
  17 Apr 2008
  * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
    unusable after recent updates by Google.
  * bugfix: Fix an exception in the content policy that may have prevented
    some AJAX page elements from loading.
  * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  * bugfix: Fix to make clear private data work again by fixing up history
    hooking (may also help FF3 compatibility).
  * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
    weirdness).
  * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
    preference
  * bugfix: Fix bug 638: eliminate cross-state history popup on session
    restore
  * bugfix: Only resize windows on document load. Hopefully this will make
    the resizing code less annoying, and drift less.
  * bugfix: Fix Object.prototype extensions involving the Date object 
    (observed on LiveJournal)
  * bugfix: Fix javascript debugger compatibility issues involving source
    window display and other functionality.
  * misc: Prevent blocked popups from opening blank, unusable windows
  * misc: Updated firefox version to 2.0.0.14
  * new: New translations for French, Russian, Farsi, Italian, and Spanish.

1.1.17
Mike Perry's avatar
   
Mike Perry committed
1054
  15 Mar 2008
Mike Perry's avatar
   
Mike Perry committed
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
  * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox 
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

Mike Perry's avatar
   
Mike Perry committed
1068
1069
1070
1071
1072
1073
1074
1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling

Mike Perry's avatar
   
Mike Perry committed
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1.1.15
  26 Feb 2008
  * bugfix: Fix hook unmasking of window.screen, window.history,
    and window.navigator discovered by Greg Fleischer. window.Date 
    unmasking is still unfixed. window.history unmasking represents
    potential IP disclosure due to Firefox Bug 409737.
  * bugfix: Fix view-source extension disclosure bug found by Greg 
    Fleischer.
  * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  * new: Attempt to prevent window sizes from drifting during resize.

Mike Perry's avatar
   
Mike Perry committed
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1.1.14
  24 Feb 2008
  * bugfix: set general.useragent.locale if user wants to spoof an English
    browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the 
    browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled, 
    and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for 
    reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful 
    for general convenience and also as a backup protection against 
    Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
    prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.

Mike Perry's avatar
   
Mike Perry committed
1105
1.1.13
Mike Perry's avatar
   
Mike Perry committed
1106
  01 Feb 2008
Mike Perry's avatar
   
Mike Perry committed
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
  * bugfix: Implement workarounds to disable Javascript network access 
    for Firefox Bug 409737
  * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 
  * misc: Set network.protocol-handler.warn-external.* to warn on external 
    app handlers during Tor usage
  * misc: Disable browser.safebrowsing.enabled during Tor usage since it
    retrieves some information in plaintext.
  * misc: Disable browser.send_pings.
  * misc: Block Javascript back/forward manipulation if Tor is enabled
  * new: Option to clear HTTP auth on Tor toggle

Mike Perry's avatar
   
Mike Perry committed
1118
1119
1120
1121
1122
1123
1124
1125
1.1.12
  26 Nov 2007
  * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
    is the whole bug.
  * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
    window was closed (introduced in 1.1.11)
  * bugfix: Fix a favicon proxy-leak discussed in onionland

Mike Perry's avatar
   
Mike Perry committed
1126
1127
1128
1129
1130
1131
1132
1133
1.1.11
  16 Nov 2007
  * bugfix: Fix a scope issue with the JS hooks that caused problems with 
    some sites (gmail, others?)
  * misc: Performance enhancements for speeding up toggle
  * new: Prevent Tor cookies from being written to disk if the user wants
    them cleared.

Mike Perry's avatar
   
Mike Perry committed
1134
1135
1136
1.1.10
  06 Nov 2007
  * bugfix: bug 522: Try harder to kill plugins before they do any network IO
Mike Perry's avatar
   
Mike Perry committed
1137
    (discovered by goldy)
Mike Perry's avatar
   
Mike Perry committed
1138
1139
1140
1141
1142
1143
  * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
    location event.
  * misc: New logging system
  * new: Have user choose between starting in Tor or Non-Tor after crash.
    Leaving it to Firefox is non-deterministic and should not be an option.

Mike Perry's avatar
   
Mike Perry committed
1144
1145
1146
1147
1.1.9.1
  23 Oct 2007
  * bugfix: 1.1.9 killed all plugins. Bring them back to life.

Mike Perry's avatar
   
Mike Perry committed
1148
1149
1.1.9
  21 Oct 2007
Mike Perry's avatar
   
Mike Perry committed
1150
  * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
Mike Perry's avatar
   
Mike Perry committed
1151
1152
1153
1154
  * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  * bugfix: bug 522: Block loading of direct clicks of plugin-handled content 
    (discovered by goldy).

Mike Perry's avatar
   
Mike Perry committed
1155
1.1.8
Mike Perry's avatar
   
Mike Perry committed
1156
1157
1158
1159
1160
  01 Oct 2007
  * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  * bugfix: bug 474: Decouple password+form saving from history writing
  * bugfix: bug 460: Rework handling of hooking based on global events+window
Mike Perry's avatar
   
Mike Perry committed
1161
    lookup
Mike Perry's avatar
   
Mike Perry committed
1162
1163
1164
1165
  * bugfix: Hooking fixes for pages with nested frames/iframes
  * bugfix: Cookies are now properly synced before storing into a jar
  * misc: Tightened up the alerts a bit more for the javascript hooking
  * misc: Changed defaults to be less intrusive to non-tor usage
Mike Perry's avatar
   
Mike Perry committed
1166
  * new: Added options to start in Tor and reload cookies after browser crash 
Mike Perry's avatar
   
Mike Perry committed
1167
  * new: Added ability to have both tor and non-tor cookie jars
Mike Perry's avatar
   
Mike Perry committed
1168

Mike Perry's avatar
   
Mike Perry committed
1169
1170
1.1.7
  20 Sep 2007
Mike Perry's avatar
   
Mike Perry committed
1171
  * bugfix: bug 495: couple of memory leaks found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
1172
  * bugfix: bug 497: uninstall exception found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
1173
1174
  * bugfix: bug 460: No more alerts should happen. But does that mean its
    fixed? Outlook uncertain...
Mike Perry's avatar
   
Mike Perry committed
1175
1176
1177
1178
1179
  * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  * bugfix: if javascript is disabled, the hooking code no longer complains
  * misc: Update spoofed Firefox version to 2.0.0.6
  * new: "Restore Defaults" button added to the preferences window

Mike Perry's avatar
   
Mike Perry committed
1180
1181
1182
1183
1184
1185
1186
1187
1.1.6
  30 Jul 2007
  * bugfix: Fix an exception that may have messed up cookie/cache clearing
    if you allowed Tor to write history URLs (possibly kills bug #457)
  * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
    misses (possibly kills bug #460)
  * misc: Clean up annoying false positives with date hooking checks

Mike Perry's avatar
   
Mike Perry committed
1188
1189
1190
1191
1192
1193
1.1.5
  17 Jul 2007
  * bugfix: Reset shutdown option if user wants to manually manage cookies
  * misc: Add code to detect date hooking failures to zero in on Bug #460
  * new: Pref to disable "DOM Storage" during Tor usage

Mike Perry's avatar
   
Mike Perry committed
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1.1.4 - Defcon CD Release
  6 Jul 2007
  * bugfix: Make plugin state tied to tab load state also
  * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  * new: Add options to spoof charset and language headers
  * new: Add option to disable referer header. This can break some sites.
         Seems to break digg in particular.
  * new: Copy English strings to all language DTDs so they are at least
         functional.

1.1.3 - Black Hat CD Release
  30 Jun 2007
  * bugfix: Fully disable session store if option is set. Otherwise it 
            can save Tor tabs and cause them to be reloaded during Tor usage!
  * new: Differentiate between crucial and recommended settings in preferences

1.1.2
  22 Jun 2007
  * bugfix: Make js hooking a bit more invisible
  * bugfix: Improve navigator.* hooking for user agent spoofing
  * new: Block session saving during tor usage
  * new: Add options to clear cookies during Tor/Non-Tor shutdowns

1.1.1
  20 Jun 2007
  * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
            who expect a fixed DOM structure.
  * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
         it to handle various Tor States+read/write differentiation.
  * new: Allow users to manually manage cookies
  * new: Mark tabs as having been fetched via Tor or in the clear
  * new: Add code to only enable javascript on tabs with the same Tor load 
         state as the current
  * new: options to clear the cache, block disk cache, or block all caching
  * new: Created options tabbox
  * new: Option to block updates if Tor was enabled
  * new: Add nsIContentPolicy to block CSS popups from pages with a different
         load state than current Tor State.
  * new: Added user agent spoofing code
  * new: Support FireFox 2.0 only
  * new: Disable "safe browsing" remote lookups
  * new: block session saving


1.1.0 - Security Development begins (Alpha branch)
  31 Mar 2007
  * new: Option to disable all plugins during Tor usage
  * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  * new: Options to clear history and cookies on Tor toggle
  * bugfix: Fix logging to use error console if logger extension not present

1245
1.0.5
1246
  18 Nov 2006
1247
  * bugfix: fix the about box in firefox 1.0
1248
1249
  * bugfix: set the toolbar button to the correct state upon insertion into 
            the toolbar (ff >= 1.5 only)
1250
  * bugfix: clarify the wording of the one-liner extension description
1251
  * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
1252
  * bugfix: remember previous "custom" proxy settings
1253
1254
1255
  * misc: new icons
  * misc: keyboard shortcut re-assigned to ctrl-2
  * new: previous proxy settings are restored after exiting tor mode
1256
1257
  * new: if the torbutton proxy settings are changed while torbutton is 
         enabled, then the active proxy settings are updated to reflect it
1258
  * new: added twelve locales
1259

1260
1261
1262
1263
1264
1265
1.0.4
  01 Jun 2006
  * bugfix: without-privoxy settings were incorrect
  * bugfix: https settings did not take effect until firefox restart
  * bugfix: let firefox generate our about box, so it will include the version

1266
1267
1268
1269
1.0.3
  31 May 2006
  * bugfix: statusbar style would reset to text after firefox restart

Scott Squires's avatar
Scott Squires committed
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1.0.2
  23 May 2006
  * bugfix: fixed problem with socks_remote_dns
  * new: mozilla thunderbird support
  * new: user may customize proxy settings for nonstandard configurations
  * new: option to not use privoxy in the standard configuration
  * new: slovenian translation
  * new: french translation
  * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  * new: context menu for toolbar button and statusbar panel
  * new: attractive tor icons
  * new: about dialog
  * new: option to display statusbar as an icon instead of text

Scott Squires's avatar
Scott Squires committed
1284
1285
1286
1287
1.0.1
  16 Mar 2006
  * bugfix: toolbar button tooltips now display the correct status
  * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
Scott Squires's avatar
Scott Squires committed
1288
  * bugfix: allow user to change proxy exclusion list ("no proxy for")
Scott Squires's avatar
Scott Squires committed
1289
1290
1291
1292
1293
1294
1295
1296
  * new: use socks_remote_dns on firefox versions that have it
  * new: added update functionality through the extensions manager
  * new: added preference: display statusbar panel (yes/no)
  * new: added compatibility with firefox 1.0 and 0.9

1.0
  07 Mar 2006
  * initial release