Change Log

1 Tor Browser 7.
5 -- January 23 2018
2 * All Platforms
3 * Update Firefox to 52.6.0esr
4 * Update Tor to 0.3.2.9
5 * Update OpenSSL to 1.0.2n
6 * Update Torbutton to 1.9.8.5
7 * Bug 21847: Update copy for security slider
8 * Bug 21245: Add da translation to Torbutton and keep track of it
9 * Bug 24702: Remove Mozilla text from banner
10 * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
11 * Translations update
12 * Update Tor Launcher to 0.2.14.3
13 * Bug 23262: Implement integrated progress bar
14 * Bug 23261: implement configuration portion of new Tor Launcher UI
15 * Bug 24623: Revise "country that censors Tor" text
16 * Bug 24624: tbb-logo.svg may cause network access
17 * Bug 23240: Retrieve current bootstrap progress before showing progress bar
18 * Bug 24428: Bootstrap error message sometimes lost
19 * Bug 22232: Add README on use of bootstrap status messages
22 * Update HTTPS Everywhere to 2018.1.11
23 * Update NoScript to 5.1.8.3
24 * Bug 23104: CSS line-height reveals the platform Tor Browser is running on
25 * Bug 24398: Plugin-container process exhausts memory
26 * Bug 22501: Requests via javascript: violate FPI
27 * Bug 24756: Add noisebridge01 obfs4 bridge configuration
28 * Windows
29 * Bug 16010: Enable content sandboxing on Windows
30 * Bug 23230: Fix build error on Windows 64
31 * OS X
32 * Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
33 * Bug 23025: Add some hardening flags to macOS build
34 * Linux
35 * Bug 23970: Make "Print to File" work with sandboxing enabled
36 * Bug 23016: "Print to File" is broken on some non-english Linux systems
37 * Bug 10089: Set middlemouse.contentLoadURL to false by default
38 * Bug 18101: Suppress upload file dialog proxy bypass (linux part)
39 * Android
40 * Bug 22084: Spoof network information API
41 * Build System
42 * All Platforms
43 * Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
44 * Windows
45 * Bug 22563: Update mingw-w64 to fix W^X violations
46 * Bug 20929: Bump GCC version to 5.4.0
47 * Linux
49 * Bug 23892: Include Firefox and Tor debug files in final build directory
50 * Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
51
52 Tor Browser 7.5a10 -- December 19 2017
53 * All Platforms
54 * Update Tor to 0.3.2.7-rc
57 * Bug 21847: Update copy for security slider
61 * Bug 24623: Revise "country that censors Tor" text
62 * Bug 24428: Bootstrap error message sometimes lost
63 * Bug 24624: tbb-logo.svg may cause network access
68 * Bug 24398: Plugin-container process exhausts memory
69 * OS X
70 * Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
71 * Linux
72 * Bug 23970: Make "Print to File" work with sandboxing enabled
73 * Bug 23016: "Print to File" is broken on some non-english Linux systems
74 * Android
75 * Bug 22084: Spoof network information API
76
78 * All Platforms
80 * Update Tor to 0.3.2.6-alpha
81 * Update HTTPS-Everywhere to 2017.12.6
83 * Update sandboxed-tor-browser to 0.0.16
84
85 Tor Browser 7.0.11 -- December 09 2017
86 * All Platforms
91
92 Tor Browser 7.5a8 -- November 15 2017
93 * All Platforms
97 * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
98 * Bug 23949: Fix donation banner display
99 * Update locales with translated banner
102 * Bug 23262: Implement integrated progress bar
103 * Bug 23261: implement configuration portion of new Tor Launcher UI
106 * Update NoScript to 5.1.5
107 * Bug 23968: NoScript icon jumps to the right after update
109 * Windows
110 * Bug 20636+10026: Create 64bit Tor Browser for Windows
111 * Bug 24052: Block file:// redirects early
112
113 Tor Browser 7.0.10 -- November 14 2017
114 * All Platforms
118 * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
121 * Bug 24178: Use make.sh for building HTTPS-Everywhere
123 * Bug 23968: NoScript icon jumps to the right after update
124 * Windows
125 * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
126 * Bug 23396: Update the msvcr100.dll we ship
127 * Bug 24052: Block file:// redirects early
128
130 * OS X
131 * Bug 24052: Streamline handling of file:// resources
132 * Linux
134
136 * OS X
138 * Linux
140
141 Tor Browser 7.0.8 -- October 25 2017
142 * All Platforms
144 * Bug 23949: Fix donation banner display
145 * Update locales with translated banner
147
148 Tor Browser 7.5a6 -- October 19 2017
149 * All Platforms
153 * Bug 23887: Update banner locales and Mozilla text
157 * Bug 23723: Loading entities from NoScript .dtd files is blocked
158 * Bug 23724: NoScript update breaks Security Slider and its icon disappears
160 * Bug 23745: Tab crashes when using Tor Browser to access Google Drive
161 * Bug 23694: Update the detailsURL in update responses
162 * Bug 22501: Requests via javascript: violate FPI
163 * OS X
164 * Bug 23807: Tab crashes when playing video on High Sierra
165 * Bug 23025: Add some hardening flags to macOS build
166
167 Tor Browser 7.0.7 -- October 19 2017
168 * All Platforms
171 * Bug 23887: Update banner locales and Mozilla text
172 * Bug 23526: Add 2017 Donation banner text
173 * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
174 * Bug 22610: Avoid crashes when canceling external helper app related downloads
175 * Bug 22472: Fix FTP downloads when external helper app dialog is shown
176 * Bug 22471: Downloading pdf files via the PDF viewer download button is broken
177 * Bug 22618: Downloading pdf file via file:/// is stalling
181 * Bug 23723: Loading entities from NoScript .dtd files is blocked
182 * Bug 23724: NoScript update breaks Security Slider and its icon disappears
183 * Bug 23745: Tab crashes when using Tor Browser to access Google Drive
188 * Bug 23694: Update the detailsURL in update responses
189 * OS X
190 * Bug 23807: Tab crashes when playing video on High Sierra
191 * Linux
192 * Bug 22692: Enable content sandboxing on Linux
193
194 Tor Browser 7.5a5 -- September 28 2017
195 * All Platforms
199 * Bug 20375: Warn users after entering fullscreen mode
200 * Bug 22989: Fix dimensions of new windows on macOS
201 * Bug 23526: Add 2017 Donation banner text
202 * Bug 23483: Donation banner on about:tor for 2017 (testing mode)
204 * Update Tor Launcher to 0.2.13
205 * Bug 23240: Retrieve current bootstrap progress before showing progress bar
206 * Bug 22232: Add README on use of bootstrap status messages
211 * Bug 23393: Don't crash all tabs when closing one tab
212 * Bug 23166: Add new obfs4 bridge to the built-in ones
213 * Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
214 * Bug 21270: NoScript settings break WebExtensions add-ons
216 * Windows
217 * Bug 16010: Enable content sandboxing on Windows
218 * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
219 * Bug 23396: Update the msvcr100.dll we ship
220 * Bug 23230: Fix build error on Windows 64
221 * OS X
222 * Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
223 * Linux
224 * Bug 10089: Set middlemouse.contentLoadURL to false by default
225 * Bug 22692: Enable content sandboxing on Linux
226 * Bug 18101: Suppress upload file dialog proxy bypass (linux part)
227 * Build System
228 * All Platforms
229 * Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
230
231 Tor Browser 7.0.6 -- September 28 2017
232 * All Platforms
236 * Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
237 * Bug 20375: Warn users after entering fullscreen mode
240 * Bug 21830: Copying large text from web console leaks to /tmp
241 * Bug 23393: Don't crash all tabs when closing one tab
242 * OS X
243 * Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
244
246 * All Platforms
248 * Bug 22989: Fix dimensions of new windows on macOS
252 * Bug 23166: Add new obfs4 bridge to the built-in ones
253 * Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
254 * Bug 21270: NoScript settings break WebExtensions add-ons
255
256 Tor Browser 7.5a4 -- August 9 2017
257 * All Platforms
260 * Update OpenSSL to 1.0.2l
261 * Update Torbutton to 1.9.8
266 * Bug 22542: Resize slider window to work without scrollbars
267 * Bug 21999: Fix display of language prompt in non-en-US locales
268 * Bug 18913: Don't let about:tor have chrome privileges
269 * Bug 22535: Search on about:tor discards search query
270 * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
271 * Code clean-up
274 * Bug 22592: Default bridge settings are not removed
278 * Bug 22362: Remove workaround for XSS related browser freezing
279 * Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
285 * Bug 21321: Exempt .onions from HTTP related security warnings
286 * Bug 21830: Copying large text from web console leaks to /tmp
287 * Bug 22073: Disable GetAddons option on addons page
288 * Bug 22884: Fix broken about:tor page on higher security levels
289 * Bug 22829: Remove default obfs4 bridge riemann.
290 * Windows
291 * Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
292 * OS X
293 * Bug 22831: Enable Snowflake for mac
294 * Linux
295 * Bug 22832: Don't include monthly timestamp in libwebrtc build output
296 * Bug 20848: Deploy Selfrando in 32bit Linux builds
297 * Build system
298 * Windows
299 * Bug 22563: Update mingw-w64 to fix W^X violations
301 * Linux
303
304 Tor Browser 7.0.4 -- August 8 2017
305 * All Platforms
307 * Update Tor to 0.3.0.10
309 * Bug 21999: Fix display of language prompt in non-en-US locales
310 * Bug 18913: Don't let about:tor have chrome privileges
311 * Bug 22535: Search on about:tor discards search query
312 * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
313 * Code clean-up
316 * Bug 22592: Default bridge settings are not removed
320 * Bug 22362: Remove workaround for XSS related browser freezing
321 * Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
322 * Bug 21321: Exempt .onions from HTTP related security warnings
323 * Bug 22073: Disable GetAddons option on addons page
324 * Bug 22884: Fix broken about:tor page on higher security levels
325 * Windows
327 * Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
328 * OS X
330
331 Tor Browser 7.5a3 -- July 28 2017
332 * Linux
333 * Bug 23044: Don't allow GIO supported protocols by default
334
335 Tor Browser 7.0.3 -- July 27 2017
336 * Linux
337 * Bug 23044: Don't allow GIO supported protocols by default
339
340 Tor Browser 7.5a2 -- July 6 2017
341 * All Platforms
344 * Linux
346
347 Tor Browser 7.0.2 -- July 3 2017
348 * All Platforms
349 * Update Tor to 0.3.0.9, fixing bug #22753
351
352 Tor Browser 7.5a1 -- June 14 2017
353 * All Platforms
357 * Bug 22542: Security Settings window too small on macOS 10.12
358 * Bug 22104: Adjust our content policy whitelist for ff52-esr
359 * Bug 22457: Allow resources loaded by view-source://
360 * Bug 21627: Ignore HTTP 304 responses when checking redirects
361 * Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
364 * Bug 22283: Linux 7.0a4 is broken after update due to unix: lines in torrc
369 * Bug 22362: NoScript's XSS filter freezes the browser
370 * Bug 21766: Fix crash when the external application helper dialog is invoked
371 * Bug 21886: Download is stalled in non-e10s mode
372 * Bug 22333: Disable WebGL2 API for now
373 * Bug 21861: Disable additional mDNS code to avoid proxy bypasses
374 * Bug 21684: Don't expose navigator.AddonManager to content
375 * Bug 21431: Clean-up system extensions shipped in Firefox 52
376 * Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
377 * Bug 16285: Don't ship ClearKey EME system and update EME preferences
378 * Bug 21972: about:support is partially broken
379 * Bug 21323: Enable Mixed Content Blocking
380 * Bug 22415: Fix format error in our pipeline patch
381 * Bug 21862: Rip out potentially unsafe Rust code
382 * Bug 16485: Improve about:cache page
383 * Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
384 * Bug 22458: Fix broken `about:cache` page on higher security levels
385 * Bug 18531: Uncaught exception when opening ip-check.info
386 * Bug 18574: Uncaught exception when clicking items in Library
387 * Bug 22327: Isolate Page Info media previews to first party domain
388 * Bug 22452: Isolate tab list menuitem favicons to first party domain
389 * Bug 15555: View-source requests are not isolated by first party domain
390 * Bug 5293: Neuter fingerprinting with Battery API
391 * Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
392 * Bug 22468: Add default obfs4 bridges frosty and dragon
393 * Windows
394 * Bug 22419: Prevent access to file://
395 * Bug 21617: Fix single RWX page on Windows
396 * OS X
397 * Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
398
399 * Linux
400 * Bug 16285: Remove ClearKey related library stripping
401 * Bug 21852: Don't use jemalloc4 anymore
402 * Android
403 * Bug 19078: Disable RtspMediaResource stuff in Orfox
404
405 Tor Browser 7.0.1 -- June 13 2017
406 * All Platforms
410 * Bug 22542: Security Settings window too small on macOS 10.12
412 * Bug 22362: NoScript's XSS filter freezes the browser
413 * OS X
414 * Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
415
416 Tor Browser 7.0 -- June 7 2017
417 * All Platforms
421 * Bug 22104: Adjust our content policy whitelist for ff52-esr
422 * Bug 22457: Allow resources loaded by view-source://
423 * Bug 21627: Ignore HTTP 304 responses when checking redirects
424 * Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
425 * Bug 21865: Update our JIT preferences in the security slider
426 * Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
427 * Bug 21745: Fix handling of catch-all circuit
428 * Bug 21547: Fix circuit display under e10s
429 * Bug 21268: e10s compatibility for New Identity
430 * Bug 21267: Remove window resize implementation for now
431 * Bug 21201: Make Torbutton multiprocess compatible
434 * Bug 22283: Linux 7.0a4 broken after update due to unix: lines in torrc
435 * Bug 20761: Don't ignore additional SocksPorts
436 * Bug 21920: Don't show locale selection dialog
437 * Bug 21546: Mark Tor Launcher as multiprocess compatible
438 * Bug 21264: Add a README file
442 * Update Go to 1.8.3 (bug 22398)
443 * Bug 21962: Fix crash on about:addons page
444 * Bug 21766: Fix crash when the external application helper dialog is invoked
445 * Bug 21886: Download is stalled in non-e10s mode
446 * Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
447 * Bug 21569: Add first-party domain to Permissions key
448 * Bug 22165: Don't allow collection of local IP addresses
449 * Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
450 * Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
451 * Bug 13612: Disable Social API
452 * Bug 10283: Disable SpeechSynthesis API
453 * Bug 22333: Disable WebGL2 API for now
454 * Bug 21861: Disable additional mDNS code to avoid proxy bypasses
455 * Bug 21684: Don't expose navigator.AddonManager to content
456 * Bug 21431: Clean-up system extensions shipped in Firefox 52
457 * Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
458 * Bug 16285: Don't ship ClearKey EME system and update EME preferences
459 * Bug 21675: Spoof window.navigator.hardwareConcurrency
460 * Bug 21792: Suppress MediaError.message
461 * Bug 16337: Round times exposed by Animation API to nearest 100ms
462 * Bug 21972: about:support is partially broken
463 * Bug 21726: Keep Graphite support disabled
464 * Bug 21323: Enable Mixed Content Blocking
465 * Bug 21685: Disable remote new tab pages
466 * Bug 21790: Disable captive portal detection
467 * Bug 21686: Disable Microsoft Family Safety support
468 * Bug 22073: Make sure Mozilla's experiments are disabled
469 * Bug 21683: Disable newly added Safebrowsing capabilities
470 * Bug 22071: Disable Kinto-based blocklist update mechanism
471 * Bug 22415: Fix format error in our pipeline patch
472 * Bug 22072: Hide TLS error reporting checkbox
474 * Bug 21862: Rip out potentially unsafe Rust code
475 * Bug 16485: Improve about:cache page
476 * Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
477 * Bug 21340: Identify and backport new patches from Firefox
478 * Bug 22153: Fix broken feeds on higher security levels
479 * Bug 22025: Fix broken certificate error pages on higher security levels
480 * Bug 21887: Fix broken error pages on higher security levels
481 * Bug 22458: Fix broken `about:cache` page on higher security levels
482 * Bug 21876: Enable e10s by default on all supported platforms
483 * Bug 21876: Always use esr policies for e10s
484 * Bug 20905: Fix resizing issues after moving to a direct Firefox patch
485 * Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
486 * Bug 21885: SVG is not disabled in Tor Browser based on ESR52
487 * Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
488 * Bug 18531: Uncaught exception when opening ip-check.info
489 * Bug 18574: Uncaught exception when clicking items in Library
490 * Bug 22327: Isolate Page Info media previews to first party domain
491 * Bug 22452: Isolate tab list menuitem favicons to first party domain
492 * Bug 15555: View-source requests are not isolated by first party domain
493 * Bug 3246: Double-key cookies
494 * Bug 8842: Fix XML parsing error
495 * Bug 5293: Neuter fingerprinting with Battery API
496 * Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
497 * Bug 19645: TBB zooms text when resizing browser window
498 * Bug 19192: Untrust Blue Coat CA
499 * Bug 19955: Avoid confusing warning that favicon load request got cancelled
500 * Bug 20005: Backport fixes for memory leaks investigation
501 * Bug 20755: ltn.com.tw is broken in Tor Browser
502 * Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
503 * Bug 20680: Rebase Tor Browser patches to 52 ESR
504 * Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
505 * Bug 22468: Add default obfs4 bridges frosty and dragon
506 * Windows
507 * Bug 22419: Prevent access to file://
508 * Bug 12426: Make use of HeapEnableTerminationOnCorruption
509 * Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
510 * Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
511 * OS X
512 * Bug 21940: Don't allow privilege escalation during update
513 * Bug 22044: Fix broken default search engine on macOS
514 * Bug 21879: Use our default bookmarks on OSX
515 * Bug 21779: Non-admin users can't access Tor Browser on macOS
516 * Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
517 * Bug 21724: Make Firefox and Tor Browser distinct macOS apps
518 * Bug 21931: Backport OSX SetupMacCommandLine updater fixes
519 * Bug 15910: Don't download GMPs via the local fallback
520 * Linux
521 * Bug 16285: Remove ClearKey related library stripping
522 * Bug 22041: Fix update error during update to 7.0a3
523 * Bug 22238: Fix use of hardened wrapper for Firefox build
524 * Bug 21907: Fix runtime error on CentOS 6
526 * Android
527 * Bug 19078: Disable RtspMediaResource stuff in Orfox
528 * Build system
529 * Windows
530 * Bug 21837: Fix reproducibility of accessibility code for Windows
531 * Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
532 * Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
533 * Bug 18831: Use own Yasm for Firefox cross-compilation
534 * OS X
535 * Bug 21328: Updating to clang 3.8.0
536 * Bug 21754: Remove old GCC toolchain and macOS SDK
537 * Bug 19783: Remove unused macOS helper scripts
538 * Bug 10369: Don't use old GCC toolchain anymore for utils
539 * Bug 21753: Replace our old GCC toolchain in PT descriptor
540 * Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
541 * Bug 22328: Remove clang PIE wrappers
542 * Linux
543 * Bug 21930: NSS libraries are missing from mar-tools archive
544 * Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
545 * Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore
546 * Bug 21629: Fix broken ASan builds when switching to ESR 52
547 * Bug 22444: Use hardening-wrapper when building GCC
548 * Bug 22361: Fix hardening of libraries built in linux/gitian-utils.yml
549
550 Tor Browser 7.0a4 -- May 15 2017
551 * All Platforms
556 * Translation update
559 * Bug 21962: Fix crash on about:addons page
560 * Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
561 * Bug 21569: Add first-party domain to Permissions key
562 * Bug 22165: Don't allow collection of local IP addresses
563 * Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
564 * Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
565 * Bug 13612: Disable Social API
566 * Bug 10283: Disable SpeechSynthesis API
567 * Bug 21675: Spoof window.navigator.hardwareConcurrency
568 * Bug 21792: Suppress MediaError.message
569 * Bug 16337: Round times exposed by Animation API to nearest 100ms
570 * Bug 21726: Keep Graphite support disabled
571 * Bug 21685: Disable remote new tab pages
572 * Bug 21790: Disable captive portal detection
573 * Bug 21686: Disable Microsoft Family Safety support
574 * Bug 22073: Make sure Mozilla's experiments are disabled
575 * Bug 21683: Disable newly added Safebrowsing capabilities
576 * Bug 22071: Disable Kinto-based blocklist update mechanism
577 * Bug 22072: Hide TLS error reporting checkbox
579 * Bug 21340: Identify and backport new patches from Firefox
580 * Bug 22153: Fix broken feeds on higher security levels
581 * Bug 22025: Fix broken certificate error pages on higher security levels
582 * Bug 21710: Upgrade Go to 1.8.1
583 * Mac
584 * Bug 21940: Don't allow privilege escalation during update
585 * Bug 22044: Fix broken default search engine on macOS
586 * Bug 21879: Use our default bookmarks on OSX
587 * Bug 21779: Non-admin users can't access Tor Browser on macOS
588 * Linux
589 * Bug 22041: Fix update error during update to 7.0a3
590 * Bug 22238: Fix use of hardened wrapper for Firefox build
591 * Bug 20683: Selfrando support for 64-bit Linux systems
592
593 Tor Browser 7.0a3 -- April 20 2017
594 * All Platforms
596 * Tor to 0.3.0.5-rc
598 * Bug 21865: Update our JIT preferences in the security slider
599 * Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
600 * Bug 21745: Fix handling of catch-all circuit
601 * Bug 21547: Fix circuit display under e10s
602 * Bug 21268: e10s compatibility for New Identity
603 * Bug 21267: Remove window resize implementation for now
604 * Bug 21201: Make Torbutton multiprocess compatible
607 * Bug 21920: Don't show locale selection dialog
608 * Bug 21546: Mark Tor Launcher as multiprocess compatible
609 * Bug 21264: Add a README file
614 * Bug 21764: Use bubblewrap's `--die-with-parent` when supported
615 * Fix e10s Web Content crash on systems with grsec kernels
616 * Bug 21928: Force a reinstall if an existing hardened bundle is present
617 * Bug 21929: Remove hardened/ASAN related code
618 * Bug 21927: Remove the ability to install/update the hardened bundle
619 * Bug 21244: Update the MAR signing key for 7.0
620 * Bug 21536: Remove asn's scramblesuit bridge from Tor Browser
621 * Add back the old release MAR signing key
622 * Add `prlimit64` to the firefox system call whitelist
623 * Fix compilation with Go 1.8
624 * Use Config.Clone() to clone TLS configs when available
625 * Update Go to 1.7.5 (bug 21709)
626 * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
627 * Bug 21887: Fix broken error pages on higher security levels
628 * Bug 21876: Enable e10s by default on all supported platforms
629 * Bug 21876: Always use esr policies for e10s
630 * Bug 20905: Fix resizing issues after moving to a direct Firefox patch
631 * Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
632 * Bug 21885: SVG is not disabled in Tor Browser based on ESR52
633 * Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
634 * Bug 3246: Double-key cookies
635 * Bug 8842: Fix XML parsing error
636 * Bug 16886: "Add-on compatibility check dialog" contains Firefox logo
637 * Bug 19192: Untrust Blue Coat CA
638 * Bug 19955: Avoid confusing warning that favicon load request got cancelled
639 * Bug 20005: Backport fixes for memory leaks investigation
640 * Bug 20755: ltn.com.tw is broken in Tor Browser
641 * Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
642 * Bug 20680: Rebase Tor Browser patches to 52 ESR
643 * Bug 21917: Add new obfs4 bridges
644 * Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
645 * Windows
646 * Bug 21795: Fix Tor Browser crashing on github.com
647 * Bug 12426: Make use of HeapEnableTerminationOnCorruption
649 * Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
650 * OS X
651 * Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
652 * Bug 21724: Make Firefox and Tor Browser distinct macOS apps
653 * Bug 21931: Backport OSX SetupMacCommandLine updater fixes
655 * Linux
656 * Bug 21907: Fix runtime error on CentOS 6
657 * Bug 21748: Fix broken Snowflake build and update bridge details
658 * Bug 21954: Snowflake breaks the 7.0a3 build
660 * Build system
661 * Windows
662 * Bug 21837: Fix reproducibility of accessibility code for Windows
663 * Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
664 * Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
665 * Bug 18831: Use own Yasm for Firefox cross-compilation
666 * OS X
667 * Bug 21328: Updating to clang 3.8.0
668 * Bug 21754: Remove old GCC toolchain and macOS SDK
669 * Bug 19783: Remove unused macOS helper scripts
670 * Bug 10369: Don't use old GCC toolchain anymore for utils
671 * Bug 21753: Replace our old GCC toolchain in PT descriptor
672 * Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
673 * Linux
674 * Bug 21930: NSS libraries are missing from mar-tools archive
675 * Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
676 * Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore
677 * Bug 21629: Fix broken ASan builds when switching to ESR 52
678
679 Tor Browser 6.5.2 -- April 19 2017
680 * All Platforms
684 * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
686 * Bug 21917: Add new obfs4 bridges
687 * Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
688 * Windows
689 * Bug 21795: Fix Tor Browser crashing on github.com
690
691 Tor Browser 7.0a2-hardened -- March 7 2017
692 * All Platforms
694 * Tor to 0.3.0.4-rc
695 * OpenSSL to 1.0.2k
697 * Bug 21396: Allow leaking of resource/chrome URIs (off by default)
698 * Bug 21574: Add link for zh manual and create manual links dynamically
699 * Bug 21330: Non-usable scrollbar appears in tor browser security settings
700 * Bug 21324: Don't update NoScript button with timer update
701 * Translation updates
703 * Bug 21514: Restore W^X JIT implementation removed from ESR45
704 * Bug 21536: Remove scramblesuit bridge
705 * Bug 21342: Move meek-azure to the meek.azureedge.net backend and
cymrubridge02 bridge
706 * Bug 21326: Update the "Using a system-installed Tor" section in start script
707 * Build system
708 * Bug 17034: Use our built binutils and GCC for building tor
709 * Code clean-up
710
711 Tor Browser 7.0a2 -- March 7 2017
712 * All Platforms
714 * Tor to 0.3.0.4-rc
720 * Bug 21324: Don't update NoScript button with timer update
726 * Bug 21348: Make snowflake only available on Linux for now
727 * Linux
729 * Build system
730 * OS X
731 * Bug 21343: Remove unused FTE related parts for macOS
732 * Linux
733 * Bug 17034: Use our built binutils and GCC for building tor
734 * Clean-up
735
736 Tor Browser 6.5.1 -- March 7 2017
737 * All Platforms
739 * Tor to 0.2.9.10
750 * Linux
752
753 Tor Browser 7.0a1-hardened -- January 25 2017
754 * All Platforms
756 * Tor to 0.3.0.2-alpha
758 * Bug 19898: Use DuckDuckGo on about:tor
759 * Bug 21091: Hide the update check menu entry when running under the sandbox
760 * Bug 21243: Add links to es, fr, and pt Tor Browser manual
761 * Bug 21194: Show snowflake in the circuit display
762 * Bug 21131: Remove 2016 donation banner
766 * Bug 20471: Allow javascript: links from HTTPS first party pages
767 * Bug 20651: DuckDuckGo does not work with JavaScript disabled
768 * Bug 20589: Add new MAR signing key
769 * Bug 20735: Add snowflake pluggable transport to alpha Linux builds
770 * Build system
771 * All platforms
772 * Bug 20927: Upgrade Go to 1.7.4
773
774 Tor Browser 7.0a1 -- January 25 2017
775 * All Platforms
777 * Tor to 0.3.0.2-alpha
781 * Bug 21243: Add links to es, fr, and pt Tor Browser manual
782 * Bug 21194: Show snowflake in the circuit display
789 * Bug 20589: Add new MAR signing key
790 * Windows
791 * Bug 20981: On Windows, check TZ for timezone first
792 * OS X
793 * Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
794 * Linux
796 * Bug 20735: Add snowflake pluggable transport to alpha Linux builds
797 * Build system
798 * All platforms
799 * Bug 20927: Upgrade Go to 1.7.4
800 * Linux
801 * Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3
802
803 Tor Browser 6.5 -- January 24 2017
804 * All Platforms
806 * Tor to 0.2.9.9
807 * OpenSSL to 1.0.2j
809 * Bug 16622: Timezone spoofing moved to tor-browser.git
810 * Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
811 * Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
812 * Bug 20701: Allow the directory listing stylesheet in the content policy
813 * Bug 19837: Whitelist internal URLs that Firefox requires for media
814 * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
815 * Bug 19273: Improve external app launch handling and associated warnings
816 * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
817 * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
818 * Bug 17767: Make "JavaScript disabled" more visible in Security Slider
819 * Bug 20556: Use pt-BR strings from now on
820 * Bug 20614: Add links to Tor Browser User Manual
821 * Bug 20414: Fix non-rendering arrow on OS X
822 * Bug 20728: Fix bad preferences.xul dimensions
825 * Bug 19459: Move resizing code to tor-browser.git
826 * Bug 20264: Change security slider to 3 options
827 * Bug 20347: Enhance security slider's custom mode
828 * Bug 20123: Disable remote jar on all security levels
829 * Bug 20244: Move privacy checkboxes to about:preferences#privacy
830 * Bug 17546: Add tooltips to explain our privacy checkboxes
831 * Bug 17904: Allow security settings dialog to resize
832 * Bug 18093: Remove 'Restore Defaults' button
833 * Bug 20373: Prevent redundant dialogs opening
834 * Bug 20318: Remove helpdesk link from about:tor
835 * Bug 21243: Add links for pt, es, and fr Tor Browser manuals
836 * Bug 20753: Remove obsolete StartPage locale strings
838 * Bug 18980: Remove obsolete toolbar button code
839 * Bug 18238: Remove unused Torbutton code and strings
840 * Bug 20388+20399+20394: Code clean-up
843 * Bug 19568: Set CurProcD for Thunderbird/Instantbird
844 * Bug 19432: Remove special handling for Instantbird/Thunderbird
848 * Bug 16622: Spoof timezone with Firefox patch
849 * Bug 17334: Spoof referrer when leaving a .onion domain
850 * Bug 19273: Write C++ patch for external app launch handling
851 * Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
852 * Bug 12523: Mark JIT pages as non-writable
853 * Bug 20123: Always block remote jar files
854 * Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and
MediaStream
855 * Bug 19164: Remove support for SHA-1 HPKP pins
856 * Bug 19186: KeyboardEvents are only rounding to 100ms
857 * Bug 16998: Isolate preconnect requests to URL bar domain
858 * Bug 19478: Prevent millisecond resolution leaks in File API
861 * Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
862 * Bug 20709: Fix wrong update URL in alpha bundles
863 * Bug 19481: Point the update URL to aus1.torproject.org
864 * Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
865 * Bug 20442: Backport fix for local path disclosure after drag and drop
866 * Bug 20160: Backport fix for broken MP3-playback
867 * Bug 20043: Isolate SharedWorker script requests to first party
868 * Bug 18923: Add script to run all Tor Browser regression tests
870 * Bug 19336+19835: Enhance about:tbupdate page
871 * Bug 20399+15852: Code clean-up
872 * Windows
873 * Bug 20981: On Windows, check TZ for timezone first
874 * Bug 18175: Maximizing window and restarting leads to non-rounded window size
875 * Bug 13437: Rounded inner window accidentally grows to non-rounded size
876 * OS X
877 * Bug 20590: Badly resized window due to security slider notification bar on OS X
878 * Bug 20439: Make the build PIE on OSX
879 * Linux
880 * Bug 20691: Updater breaks if unix domain sockets are used
881 * Bug 15953: Weird resizing dance on Tor Browser startup
882 * Build system
883 * All platforms
884 * Bug 20927: Upgrade Go to 1.7.4
885 * Bug 20583: Make the downloads.json file reproducible
886 * Bug 20133: Don't apply OpenSSL patch anymore
887 * Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
888 * Bug 18291: Remove some uses of libfaketime
889 * Bug 18845: Make zip and tar helpers generate reproducible archives
890 * OS X
891 * Bug 20258: Make OS X Tor archive reproducible again
892 * Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
893 * Bug 19856: Make OS X builds reproducible (getting libfaketime back)
894 * Bug 19410: Fix incremental updates by taking signatures into account
895 * Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new
one
896
897 Tor Browser 6.5a6-hardened -- December 14 2016
898 * All Platforms
900 * Tor to 0.2.9.7-rc
910 * Bug 20947: Donation banner improvements
917 * Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
918 * Bug 20837: Activate iat-mode for certain obfs4 bridges
919 * Bug 20838: Uncomment NX01 default obfs4 bridge
920 * Bug 20840: Rotate ports a third time for default obfs4 bridges
921
923 * All Platforms
925 * Tor to 0.2.9.6-rc
945 * Linux
946 * Bug 20352: Integrate sandboxed-tor-browser into our Gitian build
947 * Bug 20758: Make Linux sandbox build deterministic
948 * Bug 10281: Use jemalloc4 and abort on redzone corruption
949 * OS X
950 * Bug 20121: Create Seatbelt profile(s) for Tor Browser
951
953 * All Platforms
955 * Tor to 0.2.8.11
957 * Bug 20947: Donation banner improvements
963
965 * All Platforms
968 * Linux
970
972 * All Platforms
975 * Linux
977
979 * All Platforms
982
983 Tor Browser 6.5a4-hardened -- November 16 2016
984 * All Platforms
987 * Update OpenSSL to 1.0.2j
989 * Bug 20414: Add donation banner on about:tor for 2016 campaign
990 * Bug 20111: use Unix domain sockets for SOCKS port by default
1000 * Bug 20388+20399+20394: Code clean-up
1004 * Bug 20185: Avoid using Unix domain socket paths that are too long
1005 * Bug 20429: Do not open progress window if tor doesn't get started
1006 * Bug 19646: Wrong location for meek browser profile on OS X
1009 * Update meek to 0.25
1011 * Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
1012 * Bug 20304: Support spaces and other special characters for SOCKS socket
1013 * Bug 20490: Fix assertion failure due to fix for #20304
1020 * Bug 19838: Add dgoulet's bridge and add another one commented out
1022 * Bug 20296: Rotate ports again for default obfs4 bridges
1024 * Bug 20399+15852: Code clean-up
1026 * Build system
1027 * All platforms
1028 * Bug 20023: Upgrade Go to 1.7.3
1030
1032 * All Platforms
1035 * Update OpenSSL to 1.0.2j
1048 * Bug 20388+20399+20394: Code clean-up
1052 * Bug 20185: Avoid using Unix domain socket paths that are too long
1060 * Bug 20304: Support spaces and other special characters for SOCKS socket
1061 * Bug 20490: Fix assertion failure due to fix for #20304
1072 * Bug 20399+15852: Code clean-up
1073 * Windows
1074 * Bug 20342: Add tor-gencert.exe to expert bundle
1075 * Bug 18175: Maximizing window and restarting leads to non-rounded window size
1076 * Bug 13437: Rounded inner window accidentally grows to non-rounded size
1077 * OS X
1078 * Bug 20204: Windows don't drag on macOS Sierra anymore
1079 * Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
1080 * Bug 20590: Badly resized window due to security slider notification bar on OS X
1081 * Bug 20439: Make the build PIE on OSX
1082 * Linux
1084 * Build system
1086 * Bug 20023: Upgrade Go to 1.7.3
1088 * OS X
1089 * Bug 20258: Make OS X Tor archive reproducible again
1090 * Bug 20184: Make OS X builds reproducible again
1091 * Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new
one
1092
1093 Tor Browser 6.0.6 -- November 15
1095 *Update Firefox to 45.5.0esr
1096 *Update Tor to 0.2.8.9
1097 *Update OpenSSL to 1.0.1u
1098 *Update Torbutton to 1.9.5.12
1110 * Bug 19735: Switch default search engine to DuckDuckGo
1111 * Bug 20118: Don't unpack HTTPS Everywhere anymore
1112 * Windows
1113 * Bug 20342: Add tor-gencert.exe to expert bundle
1114 * OS X
1115 * Bug 20204: Windows don't drag on macOS Sierra anymore
1116 * Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
1117 * Build system
1119 * Bug 20023: Upgrade Go to 1.7.3
1120
1121 Tor Browser 6.5a3-hardened -- September 20 2016
1125 * Update OpenSSL to 1.0.2h (bug 20095)
1129 * Bug 19995: Clear site security settings during New Identity
1130 * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
1134 * Bug 14271: Make Torbutton work with Unix Domain Socket option
1137 * Bug 14272: Make Tor Launcher work with Unix Domain Socket option
1143 * Bug 19851: Fix ASan error by upgrading GCC to 5.4.0
1144 * Bug 17858: Fix creation of incremental MARs for hardened builds
1145 * Bug 14273: Backport patches for Unix Domain Socket support
1146 * Bug 19890: Disable installation of system addons
1148 * Bug 20092: Rotate ports for default obfs4 bridges
1149 * Bug 20040: Add update support for unpacked HTTPS Everywhere
1152 * Build system
1156
1161 * Update OpenSSL to 1.0.2h (bug 20095)
1170 * Bug 14271: Make Torbutton work with Unix Domain Socket option
1173 * Bug 14272: Make Tor Launcher work with Unix Domain Socket option
1179 * Bug 14273: Backport patches for Unix Domain Socket support
1186 * Android
1187 * Bug 19706: Store browser data in the app home directory
1188 * Build system
1192 * OS X
1193 * Bug 19856: Make OS X builds reproducible again
1194 * Bug 19410: Fix incremental updates by taking signatures into account
1195
1196 Tor Browser 6.0.5 -- September 16
1199 * Update Tor to 0.2.8.7
1206 * Windows
1207 * Bug 19725: Remove old updater files left on disk after upgrade to 6.x
1208 * Linux
1210 * Android
1211 * Bug 19706: Store browser data in the app home directory
1212 * Build system
1214 * Upgrade Go to 1.4.3
1215
1218 * Update Tor to 0.2.8.6
1221
1222 Tor Browser 6.5a2-hardened -- August 3 2016
1225 * Update Tor to tor-0.2.8.5-rc
1227 * Bug 19689: Use proper parent window for plugin prompt
1229 * Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
1234 * Bug 17406: Include Selfrando into our hardened builds
1235 * Bug 19417: Disable asmjs for now
1236 * Bug 19715: Disable the meek-google pluggable transport option
1237 * Bug 19714: Remove mercurius4 obfs4 bridge
1238 * Bug 19585: Fix regression test for keyboard layout fingerprinting
1239 * Bug 19515: Tor Browser is crashing in graphics code
1240 * Bug 18513: Favicon requests can bypass New Identity
1245 * Bug 19401: Fix broken PDF download button
1246 * Bug 19411: Don't show update icon if a partial update failed
1247 * Bug 19400: Back out GCC bug workaround to avoid asmjs crash
1249 * Bug 19276: Disable Xrender due to possible performance regressions
1251 * Build System
1253 * Bug 19703: Upgrade Go to 1.6.3
1254
1258 * Update Tor to tor-0.2.8.5-rc
1262 * Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
1281 * Windows
1282 * Bug 19348: Adapt to more than one build target on Windows (fixes updates)
1284 * Linux
1287 * OS X
1288 * Bug 19269: Icon doesn't appear in Applications folder or Dock
1289 * Android
1290 * Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
1291 * Build System
1293 * Bug 19703: Upgrade Go to 1.6.3
1294
1309 * OS X
1310 * Bug 19269: Icon doesn't appear in Applications folder or Dock
1311 * Android
1312 * Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
1313
1314 Tor Browser 6.0.2 -- June 21 2016
1317 * Bug 19417: Clear asmjscache
1321 * Windows
1322 * Bug 19348: Adapt to more than one build target on Windows (fixes updates)
1323 * Linux
1325
1326 Tor Browser 6.5a1-hardened -- June 8 2016
1331 * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
1332 * Bug 18905: Hide unusable items from help menu
1333 * Bug 17599: Provide shortcuts for New Identity and New Circuit
1337 * Code clean-up
1339 * Bug 18947: Tor Browser is not starting on OS X if put into /Applications
1341 * Update meek to 0.22 (tag 0.22-18371-3)
1342 * Bug 19121: The update.xml hash should get checked during update
MediaStream
1347 * Bug 18884: Don't build the loop extension
1348 * Bug 19187: Backport fix for crash related to popup menus
1349 * Bug 19212: Fix crash related to network panel in developer tools
1350 * Bug 18703: Fix circuit isolation issues on Page Info dialog
1351 * bug 19115: Tor Browser should not fall back to Bing as its search engine
1352 * Bug 18915+19065: Use our search plugins in localized builds
1353 * Bug 19176: Zip our language packs deterministically
1354 * Bug 18811: Fix first-party isolation for blobs URLs in Workers
1355 * Bug 18950: Disable or audit Reader View
1356 * Bug 18886: Remove Pocket
1357 * Bug 18619: Tor Browser reports "InvalidStateError" in browser console
1358 * Bug 18945: Disable monitoring the connected state of Tor Browser users
1359 * Bug 18855: Don't show error after add-on directory clean-up
1360 * Bug 18885: Disable the option of logging TLS/SSL key material
1361 * Bug 18770: SVGs should not show up on Page Info dialog when disabled
1362 * Bug 18958: Spoof screen.orientation values
1363 * Bug 19047: Disable Heartbeat prompts
1364 * Bug 18914: Use English-only label in <isindex/> tags
1365 * Bug 18996: Investigate server logging in esr45-based Tor Browser
1366 * Bug 17790: Add unit tests for keyboard fingerprinting defenses
1367 * Bug 18995: Regression test to ensure CacheStorage is disabled
1368 * Bug 18912: Add automated tests for updater cert pinning
1369 * Bug 16728: Add test cases for favicon isolation
1370 * Bug 18976: Remove some FTE bridges
1371 * Linux
1372 * Bug 19189: Backport for working around a linker (gold) bug
1373 * Build System
1374 * All PLatforms
1375 * Bug 18333: Upgrade Go to 1.6.2
1376 * Bug 18919: Remove unused keys and unused dependencies
1379
1396 * Bug 18904: Mac OS: meek-http-helper profile not updated
MediaStream
1426 * OS X
1427 * Bug 18951: HTTPS-E is missing after update
1428 * Bug 18904: meek-http-helper profile not updated
1429 * Bug 18928: Upgrade is not smooth (requires another restart)
1430 * Linux
1432 * Build System
1433 * All PLatforms
1434 * Bug 18333: Upgrade Go to 1.6.2
1438
1439 Tor Browser 6.0.1 -- June 7 2016
1445 * Linux
1447
1448 Tor Browser 6.0 -- May 30 2016
1451 * Update OpenSSL to 1.0.1t
1453 * Bug 18466: Make Torbutton compatible with Firefox ESR 45
1456 * Bug 16017: Allow users to more easily set a non-tor SSH proxy
1461 * Bug 13252: Do not store data in the application bundle
1463 * Bug 11773: Setup wizard UI flow improvements
1467 * Bug 18371: Symlinks are incompatible with Gatekeeper signing
1468 * Bug 18904: Mac OS: meek-http-helper profile not updated
1469 * Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
1470 * Bug 18900: Fix broken updater on Linux
1472 * Bug 18042: Disable SHA1 certificate support
1473 * Bug 18821: Disable libmdns support for desktop and mobile
1474 * Bug 18848: Disable additional welcome URL shown on first start
1475 * Bug 14970: Exempt our extensions from signing requirement
1476 * Bug 16328: Disable MediaDevices.enumerateDevices
1477 * Bug 16673: Disable HTTP Alternative-Services
1478 * Bug 17167: Disable Mozilla's tracking protection
1479 * Bug 18603: Disable performance-based WebGL fingerprinting option
1480 * Bug 18738: Disable Selfsupport and Unified Telemetry
1481 * Bug 18799: Disable Network Tickler
1482 * Bug 18800: Remove DNS lookup in lockfile code
1483 * Bug 18801: Disable dom.push preferences
1484 * Bug 18802: Remove the JS-based Flash VM (Shumway)
1485 * Bug 18863: Disable MozTCPSocket explicitly
1486 * Bug 15640: Place Canvas MediaStream behind site permission
1487 * Bug 16326: Verify cache isolation for Request and Fetch APIs
1488 * Bug 18741: Fix OCSP and favicon isolation for ESR 45
1489 * Bug 16998: Disable <link rel="preconnect"> for now
1490 * Bug 18898: Exempt the meek extension from the signing requirement as well
1491 * Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
1492 * Bug 18890: Test importScripts() for cache and network isolation
1493 * Bug 18886: Hide pocket menu items when Pocket is disabled
1515 * Windows
1516 * Bug 13419: Support ICU in Windows builds
1517 * Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
1518 * Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
1519 * OS X
1520 * Bug 6540: Support OS X Gatekeeper
1521 * Bug 13252: Tor Browser should not store data in the application bundle
1522 * Bug 18951: HTTPS-E is missing after update
1523 * Bug 18904: meek-http-helper profile not updated
1524 * Bug 18928: Upgrade is not smooth (requires another restart)
1525 * Build System
1527 * Bug 18127: Add LXC support for building with Debian guest VMs
1528 * Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
1530 * Windows
1531 * Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
1532 * Bug 18290: Bump mingw-w64 commit we use
1533 * OS X
1534 * Bug 18331: Update toolchain for Firefox 45 ESR
1535 * Bug 18690: Switch to Debian Wheezy guest VMs
1536 * Linux
1537 * Bug 18699: Stripping fails due to obsolete Browser/components directory
1538 * Bug 18698: Include libgconf2-dev for our Linux builds
1539 * Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
1540
1541 Tor Browser 6.0a5-hardened -- April 28 2016
1550 * Bug 10534: Don't advertise the help desk directly anymore
1576 * Bug 17506: Reenable building hardened Tor Browser with startup cache
1580 * Bug 18726: Add new default obfs4 bridge (GreenBelt)
1581 * Build System
1585
1586 Tor Browser 6.0a5 -- April 28 2016
1625 * Windows
1626 * Bug 13419: Support ICU in Windows builds
1627 * Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
1628 * Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
1629 * OS X
1630 * Bug 6540: Support OS X Gatekeeper
1631 * Bug 13252: Tor Browser should not store data in the application bundle
1632 * Build System
1634 * Bug 18127: Add LXC support for building with Debian guest VMs
1636 * Windows
1637 * Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
1638 * Bug 18290: Bump mingw-w64 commit we use
1639 * OS X
1640 * Bug 18331: Update toolchain for Firefox 45 ESR
1641 * Bug 18690: Switch to Debian Wheezy guest VMs
1642 * Linux
1645
1646 Tor Browser 5.5.5 -- April 26 2016
1655
1660 * Bug 18557: Exempt Graphite from the Security Slider
1661 * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443
1662
1669
1676
1681 * Update OpenSSL to 1.0.1s
1685 * Bug 16990: Don't mishandle multiline commands
1686 * Bug 18144: about:tor update arrow position is wrong
1687 * Bug 16725: Allow resizing with non-default homepage
1690 * Bug 18030: Isolate favicon requests on Page Info dialog
1691 * Bug 18297: Use separate Noto JP,KR,SC,TC fonts
1692 * Bug 18170: Make sure the homepage is shown after an update as well
1694 * Windows
1695 * Bug 18292: Disable staged updates on Windows
1696
1714 * Windows
1716
1731 * Windows
1733
1734 Tor Browser 6.0a2-hardened -- February 15 2016
1738 * Bug 18168: Don't clear an iframe's window.name (fix of #16620)
1739 * Bug 18137: Add two new obfs4 default bridges
1740 * Windows
1741 * Bug 18169: Whitelist zh-CN UI font
1742 * OSX
1743 * Bug 18172: Add Emoji support
1744 * Linux
1746 * Build System
1747 * Linux
1749 * Bug 18198: Building the hardened Tor Browser in a Debian Wheezy VM is broken
1750
1751 Tor Browser 6.0a2 -- February 15 2016
1757 * Windows
1759 * OSX
1761 * Linux
1763
1764 Tor Browser 5.5.2 -- February 12 2016
1768
1769 Tor Browser 5.5.1 -- February 4 2016
1773 * Windows
1775 * OS X
1777 * Linux
1779
1785 * Bug 16990: Show circuit display for connections using multi-party channels
1786 * Bug 18019: Avoid empty prompt shown after non-en-US update
1787 * Bug 18004: Remove Tor fundraising donation banner
1788 * Code cleanup
1791 * Bug 18113: Randomly permutate available default bridges of chosen type
1794 * Bug 17428: Remove Flashproxy
1795 * Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
1796 * Bug 18072: Change recommended pluggable transport type to obfs4
1797 * Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
1798 * Bug 16322: Use onion address for DuckDuckGo search engine
1799 * Bug 17917: Changelog after update is empty if JS is disabled
1800 * Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
1801
1810 * Code cleanup
1823 * Build System
1824 * Linux
1826
1827 Tor Browser 5.5 -- January 26 2016
1830 * Update libevent to 2.0.22-stable
1836 * Bug 16940: After update, load local change notes
1837 * Bug 17108: Polish about:tor appearance
1838 * Bug 17568: Clean up tor-control-port.js
1839 * Bug 16620: Move window.name handling into a Firefox patch
1840 * Bug 17351: Code cleanup
1844 * Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
1845 * Bug 10140: Add new Tor Browser locale (Japanese)
1847 * Bug 13512: Load a static tab with change notes after an update
1848 * Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
1849 * Bug 15564: Isolate SharedWorkers by first-party domain
1851 * Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
1852 * Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
1854 * Bug 17369: Disable RC4 fallback
1855 * Bug 17442: Remove custom updater certificate pinning
1857 * Bug 17220: Support math symbols in font whitelist
1858 * Bug 10599+17305: Include updater and build patches needed for hardened builds
1864 * Windows
1865 * Bug 17250: Add localized font names to font whitelist
1866 * Bug 16707: Allow more system fonts to get used on Windows
1867 * Bug 13819: Ship expert bundles with console enabled
1868 * Bug 17250: Fix broken Japanese fonts
1869 * Bug 17870: Add intermediate certificate for authenticode signing
1870 * OS X
1871 * Bug 17122: Rename Japanese OS X bundle
1872 * Bug 16707: Allow more system fonts to get used on OS X
1873 * Bug 17661: Whitelist font .Helvetica Neue DeskInterface
1874 * Linux
1875 * Bug 16672: Don't use font whitelisting for Linux users
1876
1879 * Update NoScript to 2.9
1881 * Bug 17931: Tor Browser crashes in LogMessageToConsole()
1882 * Bug 17875: Discourage editing of torrc-defaults
1883
1890 * Bug 17870: Add intermediate certificate for authenticode signing
1891
1892 Tor Browser 5.0.7 -- January 7 2016
1898
1902 * Update Tor to 0.2.7.6
1903 * Update OpenSSL to 1.0.1q
1907 * Bug 16990: Avoid matching '250 ' to the end of node name
1908 * Bug 17565: Tor fundraising campaign donation banner
1909 * Bug 17770: Fix alignments on donation banner
1910 * Bug 17792: Include donation banner in some non en-US Tor Browsers
1915 * Bug 17344: Enumerate available language packs for language prompt
1918 * Bug 12516: Compile Tor Browser with -fwrapv
1923 * Bug 17747: Add ndnop3 as new default obfs4 bridge
1927 * Bug 16863: Avoid confusing error when loop.enabled is false
1928 * Bug 17502: Add a preference for hiding "Open with" on download dialog
1929 * Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
1930 * Bug 16441: Suppress "Reset Tor Browser" prompt
1931
1935 * Update Tor to 0.2.7.6
1959 * Windows
1960 * Bug 13819: Ship expert bundles with console enabled
1961 * Bug 17250: Fix broken Japanese fonts
1962 * OS X
1963 * Bug 17661: Whitelist font .Helvetica Neue DeskInterface
1964
1967 * Bug 17877: Tor Browser 5.0.5 is using the wrong Mozilla build tag
1968
1972 * Update Tor to 0.2.7.6
1982 * Bug 17207: Hide MIME types and plugins from websites
1983 * Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
1989
1997 * Bug 9623: Spoof Referer when leaving a .onion domain
1998 * Bug 16620: Remove old window.name handling code
1999 * Bug 17164: Don't show text-select cursor on circuit display
2000 * Bug 17351: Remove unused code
2002 * Bug 17207: Hide MIME types and plugins from websites
2003 * Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
2005 * Bug 17220: Support math symbols in font whitelist
2006 * Bug 10599+17305: Include updater and build patches needed for hardened builds
2007 * Bug 17318: Remove dead ScrambleSuit bridge
2008 * Bug 17428: Remove default Flashproxy bridges
2009 * Bug 17473: Update meek-amazon fingerprint
2010 * Windows
2011 * Bug 17250: Add localized font names to font whitelist
2012 * OS X
2013 * Bug 17122: Rename Japanese OS X bundle
2014 * Linux
2015 * Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
2016
2022 * Bug 9623: Spoof Referer when leaving a .onion domain
2023 * Bug 16735: about:tor should accommodate different fonts/font sizes
2024 * Bug 16937: Don't translate the homepage/spellchecker dictionary string
2025 * Bug 17164: Don't show text-select cursor on circuit display
2026 * Bug 17351: Remove unused code
2028 * Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
2029 * Bug 17318: Remove dead ScrambleSuit bridge
2030 * Bug 17473: Update meek-amazon fingerprint
2031 * Bug 16983: Isolate favicon requests caused by the tab list dropdown
2032 * Bug 17102: Don't crash while opening a second Tor Browser
2033 * Windows:
2034 * Bug 16906: Don't depend on Windows crypto DLLs
2035 * Linux:
2036 * Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
2037
2041 * Update libevent to 2.0.22-stable
2043 * Bug 16937: Don't translate the homepage/spellchecker dictionary string
2044 * Bug 16735: about:tor should accommodate different fonts/font sizes
2045 * Bug 16887: Update intl.accept_languages value
2046 * Bug 15493: Update circuit display on new circuit info
2047 * Bug 16797: brandShorterName is missing from brand.properties
2049 * Bug 10140: Add new Tor Browser locale (Japanese)
2050 * Bug 17102: Don't crash while opening a second Tor Browser
2051 * Bug 16983: Isolate favicon requests caused by the tab list dropdown
2052 * Bug 13512: Load a static tab with change notes after an update
2053 * Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
2054 * Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
2055 * Bug 16837: Disable Firefox Hotfix updates
2056 * Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
2057 * Bug 16781: Allow saving pdf files in built-in pdf viewer
2058 * Bug 16842: Restore Media tab on Page information dialog
2059 * Bug 16727: Disable about:healthreport page
2060 * Bug 16783: Normalize NoScript default whitelist
2061 * Bug 16775: Fix preferences dialog with security slider set to "High"
2062 * Bug 13579: Update download progress bar automatically
2063 * Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
2064 * Bug 17046: Event.timeStamp should not reveal startup time
2065 * Bug 16872: Fix warnings when opening about:downloads
2066 * Bug 17097: Fix intermittent crashes when using the print dialog
2067 * Windows
2068 * Bug 16906: Fix Mingw-w64 compilation/Don't depend on Windows crypto DLLs
2069 * Bug 16707: Allow more system fonts to get used on Windows
2070 * OS X
2071 * Bug 16910: Update copyright year in OS X bundles
2072 * Bug 16707: Allow more system fonts to get used on OS X
2073 * Linux
2074 * Bug 16672: Don't use font whitelisting for Linux users
2075
2080 * Bug 16887: Update intl.accept_languages value
2081 * Bug 15493: Update circuit display on new circuit info
2082 * Bug 16797: brandShorterName is missing from brand.properties
2083 * Bug 14429: Make sure the automatic resizing is disabled
2085 * Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
2086 * Bug 16837: Disable Firefox Hotfix updates
2087 * Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
2088 * Bug 16781: Allow saving pdf files in built-in pdf viewer
2089 * Bug 16842: Restore Media tab on Page information dialog
2090 * Bug 16727: Disable about:healthreport page
2091 * Bug 16783: Normalize NoScript default whitelist
2092 * Bug 16775: Fix preferences dialog with security slider set to "High"
2093 * Bug 13579: Update download progress bar automatically
2094 * Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
2095 * Bug 17046: Event.timeStamp should not reveal startup time
2096 * Bug 16872: Fix warnings when opening about:downloads
2097 * Bug 17097: Fix intermittent crashes when using the print dialog
2098 * Windows
2099 * Bug 16906: Fix Mingw-w64 compilation breakage
2100 * OS X
2101 * Bug 16910: Update copyright year in OS X bundles
2102
2104 * All Platforms:
2107 * Bug 16771: Fix crash on some websites due to blob URIs
2108 * Linux
2109 * Bug 16860: Avoid duplicate desktop icons on Gnome and Unity
2110
2115 * Linux
2116 * Bug 16860: Avoid duplicate icons on Unity and Gnome
2117
2120 * Bug 16771: Fix crash on some websites due to blob URIs
2121
2127 * Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
2128 * Bug 16730: Reset NoScript whitelist on upgrade
2129 * Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
2130 * Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
2131 * Bug 14429: Make sure the automatic resizing is enabled
2135 * Bug 16730: Prevent NoScript from updating the default whitelist
2136 * Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
2137 * Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
2138 * Bug 16311: Fix navigation timing in ESR 38
2139 * Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
2140 * Bug 16672: Change font whitelists and configs for rendering issues (partial)
2141
2142 Tor Browser 5.0 -- August 11 2015
2145 * Update OpenSSL to 1.0.1p
2149 * Update Tor to 0.2.6.10 with patches:
2150 * Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name
checks.
2151 * Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
2152 * Bug 15482: Don't allow circuits to change while a site is in use
2154 * Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
2155 * Bug 16730: Reset NoScript whitelist on upgrade
2156 * Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
2157 * Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
2158 * Bug 16268: Show Tor Browser logo on About page
2159 * Bug 16639: Check for Updates menu item can cause update download failure
2160 * Bug 15781: Remove the sessionstore filter
2161 * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
2162 * Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
2163 * Bug 16200: Update Cache API usage and prefs for FF38
2164 * Bug 16357: Use Mozilla API to wipe permissions db
2169 * Bug 15145: Visually distinguish "proxy" and "bridge" screens.
2171 * Bug 16730: Prevent NoScript from updating the default whitelist
2172 * Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
2173 * Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
2174 * Bug 16884: Prefer IPv6 when supported by the current Tor exit
2175 * Bug 16488: Remove "Sign in to Sync" from the browser menu
2176 * Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
2177 * Bug 15703: Isolate mediasource URIs and media streams to first party
2178 * Bug 16429+16416: Isolate blob URIs to first party
2179 * Bug 16632: Turn on the background updater and restart prompting
2180 * Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
2181 * Bug 16523: Fix in-browser JavaScript debugger
2182 * Bug 16236: Windows updater: avoid writing to the registry
2183 * Bug 16625: Fully disable network connection prediction
2184 * Bug 16495: Fix SVG crash when security level is set to "High"
2185 * Bug 13247: Fix meek profile error after bowser restarts
2186 * Bug 16005: Relax WebGL minimal mode
2187 * Bug 16300: Isolate Broadcast Channels to first party
2188 * Bug 16439: Remove Roku screencasting code
2189 * Bug 16285: Disabling EME bits
2190 * Bug 16206: Enforce certificate pinning
2191 * Bug 15910: Disable Gecko Media Plugins for now
2192 * Bug 13670: Isolate OCSP requests by first party domain
2193 * Bug 16448: Isolate favicon requests by first party
2194 * Bug 7561: Disable FTP request caching
2195 * Bug 6503: Fix single-word URL bar searching
2196 * Bug 15526: ES6 page crashes Tor Browser
2197 * Bug 16254: Disable GeoIP-based search results.
2198 * Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
2199 * Bug 13024: Disable DOM Resource Timing API
2200 * Bug 16340: Disable User Timing API
2201 * Bug 14952: Disable HTTP/2
2202 * Bug 1517: Reduce precision of time for Javascript
2203 * Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
2204 * Bug 16311: Fix navigation timing in ESR 38
2205 * Windows
2206 * Bug 16014: Staged update fails if meek is enabled
2207 * Bug 16269: repeated add-on compatibility check after update (meek enabled)
2208 * Mac OS
2209 * Use OSX 10.7 SDK
2210 * Bug 16253: Tor Browser menu on OS X is broken with ESR 38
2211 * Bug 15773: Enable ICU on OS X
2212 * Build System
2213 * Bug 16351: Upgrade our toolchain to use GCC 5.1
2214 * Bug 15772 and child tickets: Update build system for Firefox 38
2215 * Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
2216 * Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
2217
2220 * Update Tor to 0.2.7.2-alpha with patches:
2222 * Update OpenSSL to 1.0.1p
2226 * Bug 16268: Show Tor Browser logo on About page
2227 * Bug 16639: Check for Updates menu item can cause update download failure
2228 * Bug 15781: Remove the sessionstore filter
2229 * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
2231 * Bug 16884: Prefer IPv6 when supported by the current Tor exit
2232 * Bug 16488: Remove "Sign in to Sync" from the browser menu
2233 * Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
2234 * Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
2235 * Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
2236 * Bug 15703: Isolate mediasource URIs and media streams to first party
2237 * Bug 16429+16416: Isolate blob URIs to first party
2238 * Bug 16632: Turn on the background updater and restart prompting
2239 * Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
2240 * Bug 16523: Fix in-browser JavaScript debugger
2241 * Bug 16236: Windows updater: avoid writing to the registry
2242 * Bug 16005: Restrict WebGL minimal mode a bit (fixup)
2243 * Bug 16625: Fully disable network connection prediction
2244 * Bug 16495: Fix SVG crash when security level is set to "High"
2245 * Build System
2246 * Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
2247
2251 * Update OpenSSL to 1.0.1o
2254 * Tor patch backport
2257 * Bug 16403: Set search parameters for Disconnect
2260 * Bug 16200: Update Cache API usage and prefs for FF38
2261 * Bug 16357: Use Mozilla API to wipe permissions db
2265 * Bug 15145: Visually distinguish "proxy" and "bridge" screens.
2267 * Bug 13247: Fix meek profile error after bowser restarts
2268 * Bug 16397: Fix crash related to disabling SVG
2270 * Bug 16446: Update FTE bridge #1 fingerprint
2271 * Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
2272 * Bug 16005: Relax WebGL minimal mode
2273 * Bug 16300: Isolate Broadcast Channels to first party
2274 * Bug 16439: Remove Roku screencasting code
2275 * Bug 16285: Disabling EME bits
2276 * Bug 16206: Enforce certificate pinning
2277 * Bug 15910: Disable GMPs for now
2278 * Bug 13670: Isolate OCSP requests by first party domain
2279 * Bug 16448: Isolate favicon requests by first party
2280 * Bug 7561: Disable FTP request caching
2281 * Bug 6503: Fix single-word URL bar searching
2282 * Bug 15526: ES6 page crashes Tor Browser
2283 * Bug 16254: Disable GeoIP-based search results.
2284 * Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
2285 * Bug 13024: Disable DOM Resource Timing API
2286 * Bug 16340: Disable User Timing API
2287 * Bug 14952: Disable HTTP/2
2288 * Mac OS
2289 * Use OSX 10.7 SDK
2290 * Bug 16253: Tor Browser menu on OS X is broken with ESR 38
2291 * Build System
2292 * Bug 16351: Upgrade our toolchain to use GCC 5.1
2293 * Bug 15772 and child tickets: Update build system for Firefox 38
2294
2295 Tor Browser 4.5.3 -- June 30 2015
2298 * Update OpenSSL to 1.0.1o
2304 * Bug 16397: Fix crash related to disabling SVG
2306 * Bug 16446: Update FTE bridge #1 fingerprint
2307 * Tor patch backport
2309
2318 * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
2319 * Bug 14429: Make sure the automatic resizing is enabled
2321 * Bug 16130: Defend against logjam attack
2323 * Windows
2324 * Bug 16014: Staged update fails if meek is enabled
2325 * Bug 16269: repeated add-on compatibility check after update (meek enabled)
2326 * Linux
2327 * Bug 16026: Fix crash in GStreamer
2328 * Bug 16083: Update comment in start-tor-browser
2329
2330 Tor Browser 4.5.2 -- June 15 2015
2332 * Update Tor to 0.2.6.9
2340 * Bug 16130: Defend against logjam attack
2342 * Linux
2343 * Bug 16026: Fix crash in GStreamer
2344 * Bug 16083: Update comment in start-tor-browser
2345
2346 Tor Browser 5.0a1 -- May 14 2015
2351 * Translation updates only
2353 * Bug 15837: Show descriptions if unchecking custom mode
2354 * Bug 15927: Force update of the NoScript UI when changing security level
2355 * Bug 15915: Hide circuit display if it is disabled.
2356 * Bug 14429: Improved automatic window resizing
2358 * Bug 15945: Disable NoScript's ClearClick protection for now
2359 * Bug 15933: Isolate by base (top-level) domain name instead of FQDN
2360 * Bug 15857: Fix file descriptor leak in updater that caused update failures
2361 * Bug 15899: Fix errors with downloading and displaying PDFs
2362 * Bug 15773: Enable ICU on OS X
2363 * Bug 1517: Reduce precision of time for Javascript
2364 * Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
2365 * Bug 13875: Improve the spoofing of window.devicePixelRatio
2366 * Windows
2367 * Bug 15872: Fix meek pluggable transport startup issue with Windows 7
2368 * Build System
2369 * Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
2371
2372 Tor Browser 4.5.1 -- May 12 2015
2379 * Bug 15837: Show descriptions if unchecking custom mode
2380 * Bug 15927: Force update of the NoScript UI when changing security level
2381 * Bug 15915: Hide circuit display if it is disabled.
2383 * Bug 15945: Disable NoScript's ClearClick protection for now
2384 * Bug 15933: Isolate by base (top-level) domain name instead of FQDN
2385 * Bug 15857: Fix file descriptor leak in updater that caused update failures
2386 * Bug 15899: Fix errors with downloading and displaying PDFs
2387 * Windows
2388 * Bug 15872: Fix meek pluggable transport startup issue with Windows 7
2389 * Build System
2390 * Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
2392
2393 Tor Browser 4.5 -- Apr 28 2015
2395 * Update Tor to 0.2.6.7 with additional patches:
2396 * Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
2399 * Bug 15689: Resume building HTTPS-Everywhere from git tags
2401 * Update obfs4proxy to 0.0.5
2403 * Bug 15704: Do not enable network if wizard is opened
2404 * Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
2405 * Bug 13576: Don't strip "bridge" from the middle of bridge lines
2406 * Bug 15657: Display the host:port of any connection faiures in bootstrap
2408 * Bug 15562: Bind SharedWorkers to thirdparty pref
2409 * Bug 15533: Restore default security level when restoring defaults
2410 * Bug 15510: Close Tor Circuit UI control port connections on New Identity
2411 * Bug 15472: Make node text black in circuit status UI
2412 * Bug 15502: Wipe blob URIs on New Identity
2413 * Bug 15795: Some security slider prefs do not trigger custom checkbox
2414 * Bug 14429: Disable automatic window resizing for now
2415 * Bug 4100: Raise HTTP Keep-Alive back to 115 second default
2416 * Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
2417 * Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
2418 * Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info
display
2419 * Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
2420 * Bug 15794: Crash on some pages with SVG images if SVG is disabled
2421 * Bug 15562: Disable Javascript SharedWorkers due to third party tracking
2422 * Bug 15757: Disable Mozilla video statistics API extensions
2423 * Bug 15758: Disable Device Sensor APIs
2424 * Linux
2425 * Bug 15747: Improve start-tor-browser argument handling
2426 * Bug 15672: Provide desktop app registration+unregistration for Linux
2427 * Windows
2428 * Bug 15539: Make installer exe signatures reproducibly removable
2429 * Bug 10761: Fix instances of shutdown crashes
2430
2431 Tor Browser 4.5a5 -- Mar 31 2015
2434 * Update OpenSSL to 1.0.1m
2435 * Update Tor to 0.2.6.6
2437 * Update HTTPS-Everywhere to 5.0
2440 * Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
2442 * Bug 9387: "Security Slider 1.0"
2443 * Include descriptions and tooltip hints for security levels
2444 * Notify users that the security slider exists
2445 * Flip slider so that "low" is on the bottom
2446 * Make use of new SVG and MathML prefs
2447 * Bug 13766: Set a 10 minute circuit lifespan for non-content requests
2448 * Bug 15460: Ensure FTP urls use content-window circuit isolation
2449 * Bug 13650: Clip initial window height to 1000px
2450 * Bug 14429: Ensure windows can only be resized to 200x100px multiples
2451 * Bug 15334: Display Cookie Protections menu if disk records are enabled
2452 * Bug 14324: Show HS circuit in Tor circuit display
2453 * Bug 15086: Handle RTL text in Tor circuit display
2454 * Bug 15085: Fix about:tor RTL text alignment problems
2455 * Bug 10216: Add a pref to disable the local tor control port test
2456 * Bug 14937: Show meek and flashproxy bridges in tor circuit display
2457 * Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
2458 * Bug 13019: Change locale hiding pref to boolean
2459 * Bug 7255: Warn users about maximizing windows
2460 * Bug 14631: Improve profile access error msgs (strings).
2461 * Pluggable Transport Dependency Updates:
2462 * Bug 15448: Use golang 1.4.2 for meek and obs4proxy
2463 * Bug 15265: Switch go.net repo to golang.org/x/net
2464 * Bug 14937: Hard-code meek and flashproxy node fingerprints
2465 * Bug 13019: Prevent Javascript from leaking system locale
2466 * Bug 10280: Improved fix to prevent loading plugins into address space
2467 * Bug 15406: Only include addons in incremental updates if they actually update
2468 * Bug 15029: Don't prompt to include missing plugins
2469 * Bug 12827: Create preference to disable SVG images (for security slider)
2470 * Bug 13548: Create preference to disable MathML (for security slider)
2471 * Bug 14631: Improve startup error messages for filesystem permissions issues
2473 * Linux
2474 * Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
2475 * Bug 12468: Only print/write log messages if launched with --debug
2476 * Windows
2477 * Bug 3861: Begin signing Tor Browser for Windows the Windows way
2478 * Bug 15201: Disable 'runas Administrator' codepaths in updater
2479 * Bug 14688: Create shortcuts to desktop and start menu by default (optional)
2480
2481 Tor Browser 4.0.6 -- Mar 31 2015
2485 * Update OpenSSL to 1.0.1m
2486
2487 Tor Browser 4.0.5 -- Mar 23 2015
2490 * Update Tor to 0.2.5.11
2492
2493 Tor Browser 4.5a4 -- Feb 24 2015
2499 * Update obfs4proxy to 0.0.4
2500 * Use obfs4proxy for ScrambleSuit bridges
2502 * Bug 13882: Fix display of bridges after bridge settings have been changed
2503 * Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
2504 * Bug 10280: Strings and pref for preventing plugin initialization.
2505 * Bug 14866: Show correct circuit when more than one exists for a given domain
2506 * Bug 9442: Add New Circuit button to Torbutton menu
2507 * Bug 9906: Warn users before closing all windows and performing new identity.
2508 * Bug 8400: Prompt for restart if disk records are enabled/disabled.
2509 * Bug 14630: Hide Torbutton's proxy settings tab.
2510 * Bug 14632: Disable Cookie Manager until we get it working.
2511 * Bug 11175: Remove "About Torbutton" from onion menu.
2512 * Bug 13900: Remove remaining SafeCache code in favor of C++ patch
2513 * Bug 14490: Use Disconnect search in about:tor search box
2514 * Bug 14392: Don't steal input focus in about:tor search box
2515 * Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
2516 * Bug 13406: Stop directing users to download-easy.html.en on update
2517 * Bug 9387: Handle "custom" mode better in Security Slider
2518 * Bug 12430: Bind jar: pref to Security Slider
2519 * Bug 14448: Restore Torbutton menu operation on non-English localizations
2522 * Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
2523 * Bug 14336: Fix navigation button display issues on some wizard panes
2525 * Bug 14203: Prevent meek from displaying an extra update notification
2526 * Bug 14849: Remove new NoScript menu option to make permissions permanent
2527 * Bug 14851: Set NoScript pref to disable permanent permissions
2528 * Bug 14490: Make Disconnect the default omnibox search engine
2529 * Bug 11236: Fix omnibox order for non-English builds
2530 * Also remove Amazon, eBay and bing; add Youtube and Twitter
2531 * Bug 10280: Don't load any plugins into the address space.
2532 * Bug 14392: Make about:tor hide itself from the URL bar
2533 * Bug 12430: Provide a preference to disable remote jar: urls
2534 * Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
2535 * Bug 5698: Fix branding in "About Torbrowser" window
2536 * Windows:
2537 * Bug 13169: Don't use /dev/random on Windows for SSP
2538 * Linux:
2539 * Bug 13717: Make sure we use the bash shell on Linux
2540
2541 Tor Browser 4.0.4 -- Feb 24 2015
2547 * Bug 14203: Prevent meek from displaying an extra update notification
2548 * Bug 14849: Remove new NoScript menu option to make permissions permanent
2549 * Bug 14851: Set NoScript pref to disable permanent permissions
2550
2551 Tor Browser 4.5a3 -- Jan 19 2015
2556 * Update HTTPS Everywhere to 5.0development.2
2559 * Bug 13998: Handle changes in NoScript 2.6.9.8+
2560 * Bug 14100: Option to hide NetworkSettings menuitem
2561 * Bug 13079: Option to skip control port verification
2562 * Bug 13835: Option to change default Tor Browser homepage
2563 * Bug 11449: Fix new identity error if NoScript is not enabled
2564 * Bug 13881: Localize strings for tor circuit display
2565 * Bug 9387: Incorporate user feedback
2566 * Bug 13671: Fixup for circuit display if bridges are used
2569 * Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
2571 * Bug 13379: Sign our MAR files
2572 * Bug 13788: Fix broken meek in 4.5-alpha series
2573 * Bug 13439: No canvas prompt for content callers
2574
2575 Tor Browser 4.0.3 -- Jan 13 2015
2580 * Update Tor Launcher to 0.2.7.0.2
2582
2583 Tor Browser 4.5-alpha-2 -- Dec 5 2014
2589 * Bug 13672: Make circuit display optional
2590 * Bug 13671: Make bridges visible on circuit display
2591 * Bug 9387: Incorporate user feedback
2592 * Bug 13784: Remove third party authentication tokens
2593 * Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in ESR 31.3.0)
2594
2595 Tor Browser 4.0.2 -- Dec 2 2014
2601 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
2602 * Bug 13746: Properly link Torbutton UI to thirdparty pref.
2603 * Bug 13742: Fix domain isolation for content cache and disk-enabled browsing
mode
2604 * Bug 5926: Prevent JS engine locale leaks (by setting the C library locale)
2605 * Bug 13504: Remove unreliable/unreachable non-public bridges
2606 * Bug 13435: Remove our custom POODLE fix
2607 * Windows
2608 * Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
2609 * Bug 13558: Fix crash on Windows XP during download folder changing
2610 * Bug 13594: Fix update failure for Windows XP users
2611
2612 Tor Browser 4.5-alpha-1 -- Nov 14 2014
2614 * Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
2615 * Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
2616 * Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
2617 * Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
2618 * Bug 13301: Prevent extensions incompatibility error after upgrades
2619 * Bug 13460: Fix MSVC compilation issue
2620 * Bug 13504: Remove stale bridges from default bridge set
2621 * Bug 13742: Fix domain isolation for content cache and disk-enabled browsing
mode
2625 * Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
2626 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
2627 * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url
domain
2628 * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
2629 * Bug 13651: Prevent circuit-status related UI hang.
2630 * Bug 13666: Various circuit status UI fixes
2631 * Bugs 13742+13751: Remove cache isolation code in favor of direct C++ patch
2632 * Bug 13746: Properly update third party isolation pref if disabled from UI
2633 * Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
2634 * Bug 12903: Include obfs4proxy pluggable transport
2635 * Windows
2636 * Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
2637 * Bug 13558: Fix crash on Windows XP during download folder changing
2638 * Bug 13091: Make app name "Tor Browser" instead of "Tor"
2639 * Bug 13594: Fix update failure for Windows XP users
2640 * Mac
2641 * Bug 10138: Switch to 64bit builds for MacOS
2642
2643 Tor Browser 4.0.1 -- Oct 30 2014
2645 * Update Tor to 0.2.5.10
2647 * Bug 13301: Prevent extensions incompatibility error after upgrades
2648 * Bug 13460: Fix MSVC compilation issue
2649 * Windows
2650 * Bug 13443: Disable DirectShow to prevent crashes on many sites
2651 * Bug 13091: Make app name "Tor Browser" instead of "Tor"
2652
2653 Tor Browser 4.0 -- Oct 15 2014
2657 * Bug 13378: Prevent addon reordering in toolbars on first-run.
2658 * Bug 10751: Adapt Torbutton to ESR31's Australis UI.
2659 * Bug 13138: ESR31-about:tor shows "Tor is not working"
2660 * Bug 12947: Adapt session storage blocker to ESR 31.
2661 * Bug 10716: Take care of drag/drop events in ESR 31.
2662 * Bug 13366: Fix cert exemption dialog when disk storage is enabled.
2663 * Update Tor Launcher to 0.2.7.0.1
2665 * Udate fteproxy to 0.2.19
2667 * Bug 13416: Defend against new SSLv3 attack (poodle).
2668 * Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
2669 * Bug 13016: Hide CSS -moz-osx-font-smoothing values.
2670 * Bug 13356: Meek and other symlinks missing after complete update.
2671 * Bug 13025: Spoof screen orientation to landscape-primary.
2672 * Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
2673 * Bug 13318: Minimize number of buttons on the browser toolbar.
2674 * Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
2675 * Bug 13023: Disable the gamepad API.
2676 * Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
2677 * Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
2678 * Bug 13186: Disable DOM Performance timers
2679 * Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
2680
2681 Tor Browser 4.0-alpha-3 -- Sep 24 2014
2683 *Update Tor to 0.2.5.8-rc
2684 *Update Firefox to 24.8.1esr
2685 *Update meek to 0.11
2686 *Update NoScript to 2.6.8.42
2687 *Update Torbutton to 1.6.12.3
2688 * Bug 13091: Use "Tor Browser" everywhere
2689 * Bug 10804: Workaround fix for some cases of startup hang
2691 * Bug 13049: Browser update failure (self.update is undefined)
2692 * Bug 13047: Updater should not send Kernel and GTK version
2693 * Bug 12998: Prevent intermediate certs from being written to disk
2694 * Bug 13245: Prevent non-english TBBs from upgrading to english version.
2695 * Linux:
2696 * Bug 9150: Make RPATH unavailable on Tor binary.
2697 * Bug 13031: Add full RELRO protection.
2698
2699 Tor Browser Bundle 3.6.6 -- Sep 24 2014
2701 * Update Tor to tor-0.2.4.24
2705 * Bug 12998: Prevent intermediate certs from being written to disk
2708 * Bug 10804: Workaround fix for some cases of startup hang
2709 * Linux
2710 * Bug 9150: Make RPATH unavailable on Tor binary.
2711
2712 Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014
2717 * Bug 11405: Remove firewall prompt from wizard.
2718 * Bug 12895: Mention @riseup.net as a valid bridge request email address
2719 * Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
2720 * Bug 11199: Improve error messages if Tor exits unexpectedly
2722 * Bug 12684: New strings for canvas image extraction message
2723 * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
2724 * Bug 12684: Improve Canvas image extraction permissions prompt
2725 * Bug 7265: Only prompt for first party canvas access. Log all scripts
2726 that attempt to extract canvas images to Browser console.
2727 * Bug 12974: Disable NTLM and Negotiate HTTP Auth
2728 * Bug 2874: Remove Components.* from content access (regression)
2729 * Bug 4234: Automatic Update support (off by default)
2730 * Bug 9881: Open popups in new tabs by default
2731 * Meek Pluggable Transport:
2732 * Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
2733 * Windows:
2734 * Bug 10065: Enable DEP, ASLR, and SSP hardening options
2735 * Linux:
2736 * Bug 12103: Adding RELRO hardening back to browser binaries.
2737
2738 Tor Browser Bundle 3.6.5 -- Sep 2 2014
2744 * Bug 12684: New strings for canvas image extraction message
2745 * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
2746 * Bug 9531: Workaround to avoid rare hangs during New Identity
2747 * Bug 12684: Improve Canvas image extraction permissions prompt
2748 * Bug 7265: Only prompt for first party canvas access. Log all scripts
2749 that attempt to extract canvas images to Browser console.
2750 * Bug 12974: Disable NTLM and Negotiate HTTP Auth
2751 * Bug 2874: Remove Components.* from content access (regression)
2752 * Bug 9881: Open popups in new tabs by default
2753 * Linux:
2754 * Bug 12103: Adding RELRO hardening back to browser binaries.
2755
2756 Tor Browser Bundle 4.0-alpha-1 -- Aug 8 2014
2758 * Ticket 10935: Include the Meek Pluggable Transport (version 0.10)
2759 * Two modes of Meek are provided: Meek over Google and Meek over Amazon
2762 * Update OpenSSL to 1.0.1i
2764 * Script permissions now apply based on URL bar
2767 * Bug 12221: Remove obsolete Javascript components from the toggle era
2768 * Bug 10819: Bind new third party isolation pref to Torbutton security UI
2769 * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
2770 * Bug 12680: Change Torbutton URL in about dialog.
2771 * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
2772 * Bug 9531: Workaround to avoid rare hangs during New Identity
2774 * Bug 11199: Improve behavior if tor exits
2775 * Bug 12451: Add option to hide TBB's logo
2776 * Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
2777 * Bug 11471: Ensure text fits the initial configuration dialog
2778 * Bug 9516: Send Tor Launcher log messages to Browser Console
2779 * Bug 11641: Reorganize bundle directory structure to mimic Firefox
2780 * Bug 10819: Create a preference to enable/disable third party isolation
2781 * Backported Tor Patches:
2782 * Bug 11200: Fix a hang during bootstrap introduced in the initial
2783 bug11200 patch.
2784 * Linux:
2785 * Bug 10178: Make it easier to set an alternate Tor control port and password
2786 * Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
2787 * Bug 12249: Don't create PT debug files anymore
2788
2789 Tor Browser Bundle 3.6.4 -- Aug 8 2014
2791 * Update Tor to 0.2.4.23
2792 * Update Tor launcher to 0.2.5.6
2793 * Bug 9516: Show Tor log in TorBrowser's Browser Console
2794 * Update OpenSSL to 1.0.1i
2796 * Bug 11654: Properly apply the fix for malformed bug11156 log message
2797 * Bug 11200: Fix a hang during bootstrap introduced in the initial
2798 bug11200 patch.
2801 * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
2802 * Bug 12680: Fix Torbutton about url.
2803
2804 Tor Browser Bundle 3.6.3 -- Jul 24 2014
2807 * Update obfsproxy to 0.2.12
2808 * Update FTE to 0.2.17
2811 * Bug 12673: Update FTE bridges
2813 * Bug 12221: Remove obsolete Javascript components from the toggle era
2814 * Bug 10819: Bind new third party isolation pref to Torbutton security UI
2815 * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
2816 * Linux:
2817 * Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
2818 * Bug 12249: Don't create PT debug files anymore
2819
2820 Tor Browser Bundle 3.6.2 -- Jun 9 2014
2823 * Update OpenSSL to 1.0.1h
2825 * Update Tor to 0.2.4.22
2827 * Bug 10425: Provide geoip6 file location to Tor process
2828 * Bug 11754: Remove untranslated locales that were dropped from Transifex
2829 * Bug 11772: Set Proxy Type menu correctly after restart
2830 * Bug 11699: Change &#160 to in UI elements
2832 * Bug 11510: about:tor should not report success if tor proxy is unreachable
2833 * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
2834 * Bug 11722: Add hidden pref to force remote Tor check
2835 * Bug 11763: Fix pref dialog double-click race that caused settings to be reset
2836 * Bug 11629: Support proxies with Pluggable Transports
2837 * Updates FTEProxy to 0.2.15
2838 * Updates obfsproxy to 0.2.9
2840 * Bug 11654: Fix malformed log message in bug11156 patch.
2841 * Bug 10425: Add in Tor's geoip6 files to the bundle distribution
2842 * Bugs 11834 and 11835: Include Pluggable Transport documentation
2843 * Bug 9701: Prevent ClipBoardCache from writing to disk.
2844 * Bug 12146: Make the CONNECT Host header the same as the Request-URI.
2845 * Bug 12212: Disable deprecated webaudio API
2846 * Bug 11253: Turn on TLS 1.1 and 1.2.
2847 * Bug 11817: Don't send startup time information to Mozilla.
2848
2849 Tor Browser Bundle 3.6.1 -- May 6 2014
2853 * Bug 11658: Fix proxy configuration for non-Pluggable Transports users
2854 * Backport Pending Tor Patches:
2855 * Bug 8402: Allow Tor proxy configuration while PTs are present
2856 * Note: The Pluggable Transports themselves have not been updated to
2857 support proxy configuration yet.
2858
2859 Tor Browser Bundle 3.6 -- Apr 29 2014
2863 * Bug #11482: Hide bridge settings prompt if no default bridges.
2864 * Bug #11484: Show help button even if no default bridges.
2866 * Bug 7439: Improve download warning dialog text.
2867 * Bug 11384: Completely remove hidden toggle menu item.
2869 * Update fte transport to 0.2.13
2871 * Bug 11156: Additional obfsproxy startup error message fixes
2872 * Bug 11586: Include license files for component software in Docs directory.
2873 * Windows and Mac:
2874 * Bug 9308: Prevent install path from leaking in some JS exceptions
2875 on Mac and Windows builds
2876
2877 Tor Browser Bundle 3.6-beta-2 -- Apr 8 2014
2879 * Update OpenSSL to 1.0.1g
2880 * Bug 9010: Add Turkish language support.
2881 * Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
2882 * Update fte transport to 0.2.12
2885 * Bug 11242: Fix improper "update needed" message after in-place upgrade.
2886 * Bug 10398: Ease translation of about:tor page elements
2888 * Bug 9665: Localize Tor's unreachable bridges bootstrap error
2890 * Bug 9665: Report a bootstrap error if all bridges are unreachable
2891 * Bug 11200: Prevent spurious error message prior to enabling network.
2892 * Linux:
2893 * Bug 11190: Switch linux PT build process to python2
2894 * Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
2895 * Windows:
2896 * Bug 11286: Fix fte transport launch error
2897
2898 Tor Browser Bundle 3.5.4 -- Apr 7 2014
2900 * Update OpenSSL to 1.0.1g
2901
2902 Tor Browser Bundle 3.5.3 -- Mar 19 2014
2905 * Update Torbutton to 1.6.7.0:
2906 * Bug 9901: Fix browser freeze due to content type sniffing
2907 * Bug 10611: Add Swedish (sv) to extra locales to update
2909 * Update Tor to 0.2.4.21
2910 * Bug 10237: Disable the media cache to prevent disk leaks for videos
2911 * Bug 10703: Force the default charset to avoid locale fingerprinting
2912 * Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
2913 * Linux:
2914 * Bug 9353: Fix keyboard input on Ubuntu 13.10
2915 * Bug 9896: Provide debug symbols for Tor Browser binary
2916 * Bug 10472: Pass arguments to the browser from Linux startup script
2917
2918 Tor Browser Bundle 3.6-beta-1 -- Mar 17 2014
2921 * Include Pluggable Transports by default:
2922 * Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
2924 * Bug 10418: Provide UI configuration for Pluggable Transports
2925 * Bug 10604: Allow Tor status & error messages to be translated
2926 * Bug 10894: Make bridge UI clear that helpdesk is a last resort for
2927 bridges
2928 * Bug 10610: Clarify wizard UI text describing obstacles/blocking
2929 * Bug 11074: Support Tails use case (XULRunner and optional
2930 customizations)
2931 * Update Torbutton to 1.6.7.0:
2932 * Bug 9901: Fix browser freeze due to content type sniffing
2933 * Bug 10611: Add Swedish (sv) to extra locales to update
2935 * Update Tor to 0.2.4.21
2937 * Bug 5018: Don't launch Pluggable Transport helpers if not in use
2938 * Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
2939 * Bug 11069: Detect and report Pluggable Transport bootstrap failures
2940 * Bug 11156: Prevent spurious warning about missing pluggable transports
2941 * Bug 10237: Disable the media cache to prevent disk leaks for videos
2942 * Bug 10703: Force the default charset to avoid locale fingerprinting
2943 * Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
2944 * Mac:
2945 * Bug 4261: Use DMG instead of ZIP for Mac packages
2946 * Linux:
2947 * Bug 9353: Fix keyboard input on Ubuntu 13.10
2948 * Bug 9896: Provide debug symbols for Tor Browser binary
2949 * Bug 10472: Pass arguments to the browser from Linux startup script
2950
2951 Tor Browser Bundle 3.5.2.1 -- Feb 14 2014
2953 * Bug 10895: Fix broken localized bundles
2954 * Windows:
2955 * Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist
2956
2957 Tor Browser Bundle 3.5.2 -- Feb 8 2014
2959 * Rebase Tor Browser to Firefox 24.3.0ESR
2960 * Bug 10419: Block content window connections to localhost
2962 * Bug 10800: Prevent findbox exception and popup in New Identity
2963 * Bug 10640: Fix about:tor's update pointer position for RTL languages.
2964 * Bug 10095: Fix some cases where resolution is not a multiple of 200x100
2965 * Bug 10374: Clear site permissions on New Identity
2966 * Bug 9738: Fix for auto-maximizing on browser start
2967 * Bug 10682: Workaround to really disable updates for Torbutton
2968 * Bug 10419: Don't allow connections to localhost if Torbutton is toggled
2969 * Bug 10140: Move Japanese to extra locales (not part of TBB dist)
2970 * Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
2972 * Bug 10682: Workaround to really disable updates for Tor Launcher
2974
2975 Tor Browser Bundle 3.5.1 -- Jan 22 2014
2977 * Bug 10447: Remove SocksListenAddress to allow multiple socks ports.
2978 * Bug 10464: Remove addons.mozilla.org from NoScript whitelist
2979 * Bug 10537: Build an Arabic version of TBB 3.5
2981 * Bug 9486: Clear NoScript Temporary Permissions on New Identity
2982 * Include Arabic translations
2984 * Include Arabic translations
2985 * Update Tor to 0.2.4.20
2986 * Update OpenSSL to 1.0.1f
2989 * Windows
2990 * Bug 9259: Enable Accessibility (screen reader) support
2991 * Mac
2992 * misc: Update bundle version field in Info.plist (for MacUpdates service)
2993
2994 Tor Browser Bundle 3.5 -- Dec 17 2013
2996 * Update Tor to 0.2.4.19
2998 * Bug 10382: Fix a Tor Launcher hang on TBB exit
3000 * Misc: Switch update download URL back to download-easy
3001
3002 Tor Browser Bundle 3.5rc1 -- Dec 12 2013
3006 * Update HTTPS-Everywhere to 3.4.4tbb (special TBB tag)
3007 * Tag includes a patch to handle enabling/disabling Mixed Content Blocking
3008 * Bug 5060: Disable health report service
3009 * Bug 10367: Disable prompting about health report and Mozilla Sync
3010 * Misc Prefs: Disable HTTPS-Everywhere first-run tooltips
3011 * Misc Prefs: Disable layer acceleration to avoid crashes on Windows
3012 * Misc Prefs: Disable Mixed Content Blocker pending backport of Mozilla Bug
878890
3014 * Bug 10147: Adblock Plus interferes w/Tor Launcher dialog
3015 * Bug 10201: FF ESR 24 hangs during exit on Mac OS
3016 * Bug 9984: Support running Tor Launcher from InstantBird
3017 * Misc: Support browser directory location API changes in Firefox 24
3019 * Bug 10352: Clear FF24 Private Browsing Mode data during New Identity
3020 * Bug 8167: Update cache isolation for FF24 API changes
3021 * Bug 10201: FF ESR 24 hangs during exit on Mac OS
3022 * Bug 10078: Properly clear crypto tokens during New Identity on FF24
3023 * Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24
3024 * Linux
3025 * Bug 10213; Use LD_LIBRARY_PATH (fixes launch issues on old Linux distros)
3026
3027 Tor Browser Bundle 3.0rc1 -- Nov 21 2013
3031 * Remove unsupported PDF.JS addon from the bundle
3032 * Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshake.
3034 * Bug #10002: Make the TBB3.0 blog tag our update download URL for now
3035 * Windows
3036 * Bug #10102: Patch binutils to remove nondeterministic bytes in compiled
binaries
3037 * Linux
3038 * Bug #10049: Fix architecture check to work from outside TBB's directory
3039 * Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
3040 * Misc: Disable Firefox updater during compile time (in addition to pref)
3041
3042 Tor Browser Bundle 3.0beta1 -- Oct 31 2013
3047 * Bug #9114: Reorganize the bundle directory structure to ease future
3048 autoupdates
3049 * Bug #9173: Patch Tor Browser to auto-detect profile directory if
3050 launched without the wrapper script.
3051 * Bug #9012: Hide Tor Browser infobar for missing plugins.
3052 * Bug #8364: Change the default entry page for the addons tab to the
3053 installed addons page.
3054 * Bug #9867: Make flash objects really be click-to-play if flash is enabled.
3055 * Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify
3056 caller usage of the API
3057 * Bug #3661: Remove polipo and privoxy from the banned ports list.
3058 * misc: Fix a potential memory leak in the Image Cache isolation
3059 * misc: Fix a potential crash if OS theme information is ever absent
3060 * Update Tor-Launcher to 0.2.3.1-beta
3061 * Bug #9114: Handle new directory structure
3062 * misc: Tor Launcher now supports Thunderbird
3064 * Bug #9224: Support multiple Tor socks ports for about:tor status check
3065 * Bug #9587: Add TBB version number to about:tor
3066 * Bug #9144: Workaround to handle missing translation properties
3067 * Windows:
3068 * Bug #9084: Fix startup crash on Windows XP.
3069 * Linux:
3070 * Bug #9487: Create detached debuginfo files for Linux Tor and Tor
3071 Browser binaries.
3072
3073 Tor Browser Bundle 3.0alpha4 -- Sep 24 2013
3075 * Bug #8751: Randomize TLS HELLO timestamp in HTTPS connections
3076 * Bug #9790 (workaround): Temporarily re-enable JS-Ctypes for cache
3077 isolation and SSL Observatory
3081 * Update Tor-Launcher to 0.2.2-alpha
3082 * Bug #9675: Provide feedback mechanism for clock-skew and other early
3083 startup issues
3084 * Bug #9445: Allow user to enter bridges with or without 'bridge' keyword
3085 * Bug #9593: Use UTF16 for Tor process launch to handle unicode paths.
3086 * misc: Detect when Tor exits and display appropriate notification
3088 * Bug 9492: Fix Torbutton logo on OSX and Windows (and related
3089 initialization code)
3090 * Bug 8839: Disable Google/Startpage search filters using Tor-specific urls
3091
3092
3093 Tor Browser Bundle 3.0alpha3 -- Aug 01 2013
3099 * Improve build input fetching and authentication
3100 * Bug #9283: Update NoScript prefs for usability.
3101 * Bug #6152 (partial): Disable JSCtypes support at compile time
3103 * Bug 8478: Change when window resize code fires to avoid rounding errors
3104 * Bug 9331: Hack an update URL for the next TBB release
3105 * Bug 9144: Change an aboutTor.dtd string so transifex will accept it
3106 * Update Tor-Launcher to 0.2.1-alpha
3107 * Bug #9128: Remove dependency on JSCtypes
3108 * Windows
3109 * Bug #9195: Disable download manager AV scanning (to prevent cloud
3110 reporting+scanning of downloaded files)
3111 * Mac:
3112 * Bug #9173 (partial): Launch firefox-bin on MacOS instead of TorBrowser.app
3113 (improves dock behavior).
3114
3115
3116 Tor Browser Bundle 3.0alpha2 -- June 27 2013
3120 * Include Tor's GeoIP file
3121 * This should fix custom torrc issues with country-based node
3122 restrictions
3123 * Fix several build determinism issues
3124 * Include ChangeLog in bundles.
3125 * Linux:
3126 * Use Ubuntu's 'hardening-wrapper' to build our Linux binaries
3127

Change Log

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Change Log

Caricato da

Copyright:

Formati disponibili

1 Tor Browser 7.

Potrebbero piacerti anche