CHANGELOG 45 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083
  1. 1.9.6.9
  2. * Bug 20947: Donation banner improvements
  3. 1.9.6.8
  4. * Bug 16622: Timezone spoofing moved to tor-browser.git
  5. * Bug 20701: Allow the directory listing stylesheet in the content policy
  6. * Bug 20556: Use pt-BR strings from now on
  7. * Bug 20614: Add links to Tor Browser User Manual
  8. * Bug 20414: Fix non-rendering arrow on OS X
  9. * Bug 20728: Fix bad preferences.xul dimensions
  10. * Bug 20318: Remove helpdesk link from about:tor
  11. * Bug 20753: Remove obsolete StartPage locale strings
  12. * Translation updates
  13. 1.9.6.7
  14. * Bug 20414: Add donation banner on about:tor for 2016 campaign
  15. * Bug 20111: use Unix domain sockets for SOCKS port by default
  16. * Bug 19459: Move resizing code to tor-browser.git
  17. * Bug 20264: Change security slider to 3 options
  18. * Bug 20347: Enhance security slider's custom mode
  19. * Bug 20123: Disable remote jar on all security levels
  20. * Bug 20244: Move privacy checkboxes to about:preferences#privacy
  21. * Bug 17546: Add tooltips to explain our privacy checkboxes
  22. * Bug 17904: Allow security settings dialog to resize
  23. * Bug 18093: Remove 'Restore Defaults' button
  24. * Bug 20373: Prevent redundant dialogs opening
  25. * Bug 20388+20399+20394: Code clean-up
  26. * Translation updates
  27. 1.9.6.4
  28. * Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
  29. * Bug 17767: Make "JavaScript disabled" more visible in Security Slider
  30. 1.9.6.2
  31. * Bug 18589: Clear site security settings during New Identity
  32. * Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
  33. * Bug 19837: Whitelist internal URLs that Firefox requires for media
  34. * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
  35. * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
  36. * Bug 14271: Make Torbutton work with Unix Domain Socket option
  37. * Translation updates
  38. 1.9.6.1
  39. * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
  40. * Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
  41. * Bug 19689: Plugin usage prompt is parented to wrong window
  42. * Bug 19273: Improve external app launch handling and associated warnings
  43. * Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
  44. 1.9.6
  45. * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
  46. * Bug 18905: Hide unusable items from help menu
  47. * Bug 17599: Provide shortcuts for New Identity and New Circuit
  48. * Bug 18980: Remove obsolete toolbar button code
  49. * Bug 18238: Remove unused Torbutton code and strings
  50. * Translation updates
  51. * Code clean-up
  52. 1.9.5.4
  53. * Bug 18466: Make Torbutton compatible with Firefox ESR 45
  54. * Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
  55. * Bug 18905: Hide unusable items from help menu
  56. * Bug 16017: Allow users to more easily set a non-tor SSH proxy
  57. * Bug 17599: Provide shortcuts for New Identity and New Circuit
  58. * Bug 18980: Remove obsolete toolbar button code
  59. * Bug 14429: Make sure the automatic resizing is disabled
  60. * Translation updates
  61. * Code clean-up
  62. 1.9.5.3
  63. * Bug 18466: Make Torbutton compatible with Firefox ESR 45
  64. * Translation updates
  65. 1.9.5.2
  66. * Bug 18557: Exempt Graphite preference from Security Slider
  67. 1.9.4.5
  68. * Bug 18557: Exempt Graphite preference from Security Slider
  69. 1.9.5.1
  70. * Bug 16990: Don't mishandle multiline commands
  71. * Bug 18144: about:tor update arrow position is wrong
  72. * Bug 16725: Allow resizing with non-default homepage
  73. * Bug 16017: Allow users to more easily set a non-tor SSH proxy
  74. * Translation updates
  75. 1.9.4.4
  76. * Bug 16990: Don't mishandle multiline commands
  77. * Bug 18144: about:tor update arrow position is wrong
  78. * Bug 16725: Allow resizing with non-default homepage
  79. * Translation updates
  80. 1.9.5
  81. * Bug 16990: Show circuit display for connections using multi-party channels
  82. * Bug 18019: Avoid empty prompt shown after non-en-US update
  83. * Bug 18004: Remove Tor fundraising donation banner
  84. * Code cleanup
  85. * Translation updates
  86. 1.9.4.3
  87. * Bug 16990: Show circuit display for connections using multi-party channels
  88. * Bug 18019: Avoid empty prompt shown after non-en-US update
  89. * Bug 18004: Remove Tor fundraising donation banner
  90. * Bug 16940: After update, load local change notes
  91. * Bug 17108: Polish about:tor appearance
  92. * Bug 17568: Clean up tor-control-port.js
  93. * Bug 16620: Move window.name handling into a Firefox patch
  94. * Bug 17351: Code cleanup
  95. * Translation updates
  96. 1.9.4.2
  97. * Bug 16940: After update, load local change notes
  98. * Bug 16990: Avoid matching '250 ' to the end of node name
  99. * Bug 17108: Polish about:tor appearance
  100. * Bug 17565: Tor fundraising campaign donation banner
  101. * Bug 17568: Clean up tor-control-port.js
  102. * Bug 17770: Fix alignments on donation banner
  103. * Bug 17792: Include donation banner in some non en-US Tor Browsers
  104. * Translation updates
  105. 1.9.4.1
  106. * Bug 9623: Spoof Referer when leaving a .onion domain
  107. * Bug 16620: Move window.name handling into a Firefox patch
  108. * Bug 17164: Don't show text-select cursor on circuit display
  109. * Bug 17351: Remove unused code
  110. * Translation updates
  111. 1.9.4
  112. * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
  113. * Bug 16735: about:tor should accommodate different fonts/font sizes
  114. * Bug 16887: Update intl.accept_languages value
  115. * Bug 15493: Update circuit display on new circuit info
  116. * Bug 16797: brandShorterName is missing from brand.properties
  117. * Translation updates
  118. 1.9.3.7
  119. * Bug 16990: Avoid matching '250 ' to the end of node name
  120. * Bug 17565: Tor fundraising campaign donation banner
  121. * Bug 17770: Fix alignments on donation banner
  122. * Bug 17792: Include donation banner in some non en-US Tor Browsers
  123. * Translation updates
  124. 1.9.3.5
  125. * Bug 9623: Spoof Referer when leaving a .onion domain
  126. * Bug 16735: about:tor should accommodate different fonts/font sizes
  127. * Bug 16937: Don't translate the hompepage/spellchecker dictionary string
  128. * Bug 17164: Don't show text-select cursor on circuit display
  129. * Bug 17351: Remove unused code
  130. * Translation updates
  131. 1.9.3.4
  132. * Bug 16887: Update intl.accept_languages value
  133. * Bug 15493: Update circuit display on new circuit info
  134. * Bug 16797: brandShorterName is missing from brand.properties
  135. * Bug 14429: Make sure the automatic resizing is disabled
  136. * Translation updates
  137. 1.9.3.3
  138. * Bug 14429: Make sure the automatic resizing is enabled
  139. 1.9.3.2
  140. * Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
  141. * Bug 16730: Reset NoScript whitelist on upgrade
  142. * Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
  143. * Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
  144. * Bug 14429: Make sure the automatic resizing is disabled
  145. * Translation updates
  146. 1.9.3.1
  147. * Bug 16268: Show Tor Browser logo on About page
  148. * Bug 16639: Check for Updates menu item can cause update failure
  149. * Bug 15781: Remove the sessionstore filter
  150. * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
  151. 1.9.3.0
  152. * Bug 16427: Use internal update URL
  153. * Bug 16200: Update Cache API usage and prefs for FF38
  154. * Bug 16357: Use Mozilla API to wipe permissions db
  155. 1.9.2.8
  156. * Bug 16403: Set search parameters for Disconnect
  157. * Bug 14429: Make sure the automatic resizing is disabled
  158. * Translation updates
  159. 1.9.2.7
  160. * Bug 14429: Make sure the automatic resizing is enabled
  161. 1.9.2.6
  162. * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  163. * Bug 14429: Make sure the automatic resizing is disabled
  164. * Translation updates
  165. 1.9.2.5
  166. * Translation updates
  167. 1.9.2.4
  168. * Bug 14429: Improved automatic window resizing
  169. 1.9.2.3:
  170. * Bug 15837: Show descriptions if unchecking custom mode
  171. * Bug 15927: Force update of the NoScript UI when changing security level
  172. * Bug 15915: Hide circuit display if it is disabled.
  173. 1.9.2.2:
  174. * Bug 15795: Some security slider prefs do not trigger custom checkbox
  175. 1.9.2.1:
  176. * Bug 14429: Disable window resizing for now.
  177. 1.9.2.0:
  178. * Bug 15562: Bind SharedWorkers to thirdparty pref
  179. * Bug 15533: Restore default security level when restoring defaults
  180. * Bug 15510: Close Tor Circuit UI control port connections on New Identity
  181. * Bug 15472: Make node text black in circuit status UI.
  182. * Bug 15502: Wipe blob URIs on New Identity
  183. 1.9.1.0:
  184. * Bug 9387: "Security Slider 1.0"
  185. * Include descriptions and tooltip hints for security levels
  186. * Notify users that the security slider exists
  187. * Flip slider so that "low" is on the bottom
  188. * Make use of new SVG and MathML prefs
  189. * Bug 13766: Set a 10 minute circuit lifespan for non-content requests
  190. * Bug 15460: Ensure FTP urls use content-window circuit isolation
  191. * Bug 13650: Clip initial window height to 1000px
  192. * Bug 14429: Ensure windows can only be resized to 200x100px multiples
  193. * Bug 15334: Display Cookie Protections menu if disk records are enabled
  194. * Bug 14324: Show HS circuit in Tor circuit display
  195. * Bug 15086: Handle RTL text in Tor circuit display
  196. * Bug 15085: Fix about:tor RTL text alignment problems
  197. * Bug 10216: Add a pref to disable the local tor control port test
  198. * Bug 14937: Show meek and flashproxy bridges in tor circuit display
  199. * Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
  200. * Bug 13019: Change locale hiding pref to boolean
  201. * Bug 7255: Warn users about maximizing windows
  202. * Bug 14631: Improve profile access error msgs (strings).
  203. 1.9.0.0
  204. * Bug 13882: Fix display of bridges after bridge settings have been changed
  205. * Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
  206. * Bug 10280: Strings and pref for preventing plugin initialization.
  207. * Bug 14866: Show correct circuit when more than one exists for a given domain
  208. * Bug 9442: Add New Circuit button to Torbutton menu
  209. * Bug 9906: Warn users before closing all windows and performing new identity.
  210. * Bug 8400: Prompt for restart if disk records are enabled/disabled.
  211. * Bug 14630: Hide Torbutton's proxy settings tab.
  212. * Bug 14632: Disable Cookie Manager until we get it working.
  213. * Bug 11175: Remove "About Torbutton" from onion menu.
  214. * Bug 13900: Remove SafeCache code.
  215. * Bug 14490: Use Disconnect search in about:tor search box
  216. * Bug 14392: Don't steal input focus in about:tor search box
  217. * Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
  218. * Bug 13406: Stop directing users to download-easy.html.en on update
  219. * Bug 9387: Handle "custom" mode better in Security Slider
  220. * Bug 12430: Bind jar: pref to Security Slider
  221. * Bug 14448: Restore Torbutton menu operation on non-English localizations
  222. 1.8.1.3
  223. * Bug 13998: Handle changes in NoScript 2.6.9.8+
  224. * Bug 14100: Option to hide NetworkSettings menuitem
  225. * Bug 13079: Option to skip control port verification
  226. * Bug 13835: Option to change default Tor Browser homepage
  227. * Bug 11449: Fix new identity error if NoScript is not enabled
  228. * Bug 13881: Localize strings for tor circuit display
  229. * Bug 9387: Incorporate user feedback
  230. * Bug 13671: Fixup for circuit display if bridges are used
  231. * Translation updates
  232. 1.8.1.2
  233. * Bug 13672: Make circuit display optional
  234. * Bug 13671: Make bridges visible on circuit display
  235. * Bug 9387: Incorporate user feedback
  236. * Bug 13784: Remove third party authentication tokens
  237. 1.8.1.1
  238. * Bug 13751: Remove remaining SafeCache code.
  239. 1.8.1.0
  240. * Bug 13746: Properly link Torbutton UI to thirdparty pref.
  241. * Bug 13742: Remove SafeCache code (in favor of C++ implementation)
  242. 1.8.0.3
  243. * misc: Translation imports for security slider
  244. 1.8.0.2
  245. * Bug 13666: Various fixes for circuit status display
  246. 1.8.0.1
  247. * Bug 13651: Fix hangs associated with circuit status UI from #8641.
  248. 1.8.0.0
  249. * Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
  250. * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
  251. * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
  252. * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
  253. 1.7.0.2
  254. * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
  255. * Bug 13746: Properly link Torbutton UI to thirdparty pref.
  256. 1.7.0.1
  257. * Bug 13378: Prevent addon reordering in toolbars on first-run.
  258. 1.7.0.0
  259. 9 Oct 2014
  260. * Bug 10751: Adapt Torbutton to ESR31's Australis UI.
  261. * Bug 13138: ESR31-about:tor shows "Tor is not working"
  262. * Bug 12947: Adapt session storage blocker to ESR 31.
  263. * Bug 10716: Take care of drag/drop events in ESR 31.
  264. * Bug 13366: Fix cert exemption dialog when disk storage is enabled.
  265. 1.6.12.3
  266. 23 Sep 2014
  267. * Bug 10804: Workaround for some TBB startup hangs
  268. 1.6.12.2
  269. 22 Sep 2014
  270. * Bug 13091: Use "Tor Browser" everywhere
  271. 1.6.12.1
  272. 1 Sep 2014
  273. * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file.
  274. * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org.
  275. 1.6.12.0
  276. 4 Aug 2014
  277. * Bug 9531: Workaround to avoid rare hangs during New Identity
  278. 1.6.11.1
  279. 24 Jul 2014
  280. * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
  281. * Bug 12680: Fix Torbutton about url.
  282. 1.6.11.0
  283. 27 Jun 2014
  284. * Bug 10819: Bind new third party isolation pref to Torbutton security UI
  285. * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
  286. 1.6.10.1
  287. 26 Jun 2014
  288. * Bug #12221: Remove obsolete Javascript components from the toggle era
  289. 1.6.10.0
  290. 5 Jun 2014
  291. * Bug 11510: about:tor should not report success if tor proxy is unreachable
  292. * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
  293. * Bug 11722: Add hidden pref to force remote Tor check
  294. * Bug 11763: Fix pref dialog double-click race that caused settings to be reset
  295. 1.6.9.0:
  296. 25 Apr 2014
  297. * Bug 7439: Improve download warning dialog text.
  298. * Bug 11384: Completely remove hidden toggle menu item.
  299. 1.6.8.0:
  300. 7 Apr 2014:
  301. * Bug 9010: Add Turkish to update locales.
  302. * Bug 11242: Fix improper "update needed" message after in-place upgrade.
  303. * Bug 10398: Ease translation of about:tor page elements
  304. 1.6.7.0:
  305. 7 Mar 2014:
  306. * Bug 9901: Fix browser freeze due to content type sniffing
  307. * Bug 10611: Add Swedish (sv) to extra locales to update
  308. 1.6.6.0:
  309. 3 Feb 2014
  310. * Bug 10800: Prevent exception in New Identity
  311. * Bug 10640: Fix about:tor's pointer position for RTL languages.
  312. * Bug 10095: Make inner window a multiple of 200x100
  313. * Bug 10285: Clear permissions on New Identity
  314. * Bug 9738: Fix for auto-maximizing on browser start
  315. * Bug 10682: Workaround to really disable updates for Torbutton.
  316. * Bug 10419: Don't allow connections to localhost
  317. * Bug 10140: Move Japanese to extra locales
  318. * Bug 10687: Add Basque (eu) to extra locales
  319. 1.6.5.5:
  320. 20 Jan 2014
  321. * Bug 9486: Properly clear NoScript Temporary Permissions
  322. 1.6.5.4:
  323. 14 Jan 2014
  324. * Bug 10537: Include Arabic locale in Torbutton.
  325. 1.6.5.3:
  326. 23 Dec 2013
  327. * Bug 9486: Clear NoScript Temporary Permissions on New Identity
  328. 1.6.5.2:
  329. 17 Dec 2013
  330. * Misc: Change the default update download link back to download-easy
  331. 1.6.5.1:
  332. 10 Dec 2013
  333. * Bug 10352: Clear FF24 Private Browsing Mode data during New Identity
  334. 1.6.5:
  335. 9 Dec 2013
  336. * Bug 8167: Update cache isolation to use getFirstPartyURIFromChannel() for FF24
  337. * Bug 10201: FF ESR 24 hangs during exit on Mac OS.
  338. * Bug 10078: Properly clear crypto tokens during New Identity on FF24
  339. * Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24
  340. 1.6.4.1:
  341. 15 Nov 2013
  342. * Bug 10002: Make the TBB3.0 blog tag our update download url for now.
  343. 1.6.4:
  344. 29 Oct 2013
  345. * Bug 9144: Workaround for missing translation properties
  346. 1.6.3:
  347. 11 Oct 2013:
  348. * Bug 9224: Support multiple Tor socks ports for about:tor status check
  349. * Bug 9587: Add TBB version number to about:tor
  350. 1.6.2.1:
  351. 23 Sep 2013:
  352. * Bug 8839: Switch about:tor search link to unfiltered startpage link
  353. 1.6.2:
  354. 18 Sep 2013
  355. * bug 9492: Fix Torbutton logo on OSX and Windows (and related
  356. initialization code)
  357. 1.6.1:
  358. 01 Aug 2013
  359. * bug 8478: Change when window resizing code fires to avoid rounding errors
  360. * bug 9331: Hack an update URL for the next TBB release
  361. * bug 9144: Change an aboutTor.dtd string to something transifex might accept
  362. 1.6.0:
  363. 05 Jun 2013
  364. * bug 7494: Create a local home page for TBB as about:tor
  365. * misc: Perform a control port test of proper Tor configuration by default.
  366. Only use check.torproject.org if the control port is unavailable.
  367. * misc: Add an icon menu option for Tor Launcher's Network Settings
  368. * misc: Add branding string overrides (primarily controls browser name and
  369. homepage)
  370. 1.5.2:
  371. 22 Apr 2013
  372. * bug 8457: Allow session restore if the user allows disk actvity
  373. * bug 8301: Remove the Display Settings panel and associated locales
  374. * bug 6566: Fix "Transparent Torification" option.
  375. * bug 8642: Fix a hang on New Identity.
  376. 1.5.1:
  377. 07 Mar 2013
  378. * bug 8324: Fix Drag+Drop crash by using a new TBB drag observer
  379. * bug 6202: Fix XML/E4X errors with Cookie Protections
  380. * bug 8423: Don't clear cookies at shutdown if user wants disk history
  381. * bug 8382: Leave IndexedDB and Offline Storage disabled.
  382. * bug 8422: Clear DOM localStorage on New Identity.
  383. * bug 8335: Don't strip "third party" HTTP auth from favicons
  384. * bug 5183: Localize the "Spoof english" button strings
  385. * bug 8313: Ask user for confirmation before enabling plugins
  386. * misc: Emit private browsing session clearing event on "New Identity"
  387. 1.5.0
  388. 18 Feb 2013
  389. * bug 5279: Remove old toggle observers and related code
  390. * bug 3100: Simplify Security Preference UI and associated pref updates
  391. * bug 1305: Eliminate redundancy in our Flash/plugin disabling code
  392. * bug 3944: Leave most preferences under Tor Browser's control
  393. * bug 7974: Disable toggle-on-startup and crash detection logic
  394. * bug 5279: Disable/remove toggle-mode code and related observers
  395. * bug 6431: Add menu hint to Torbutton icon
  396. * bug 7495: Make Torbutton icon flash a warning symbol if TBB is out of date
  397. * bug 6096: Perform version check every time there's a new tab.
  398. * bug 6156: Rate limit version check queries to once every 1.5hrs max.
  399. * misc: Allow WebGL and DOM storage.
  400. * misc: Disable independent Torbutton updates
  401. * misc: Change the recommended SOCKSPort to 9150 (to match TBB)
  402. 1.4.6.3
  403. 9 Oct 2012
  404. * bug 5856: Disable JS hooks to make way for direct Firefox patch
  405. 1.4.6.2
  406. 12 Sep 2012
  407. * bug 6803: Set proxy settings earlier to fix broken homepage load on FF15
  408. * bug 6254: Support transparent Tor mode through TOR_TRANSPROXY=1 env var.
  409. 1.4.6.1
  410. 30 Aug 2012
  411. * Bug 6737: Disable window.screen hooks for FF15+ (fixes exception alert)
  412. 1.4.6
  413. 30 May 2012
  414. * Bug 5710: Prevent all sessionstore data saving in TBB
  415. * Bug 5715: Explicitly clear image cache on TBB New Identity
  416. * Bug 4660: Clear search and find boxes on TBB New Identity
  417. * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  418. * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  419. * Bug 4718: Make TBB version check happen on New Window+New Identity
  420. * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  421. * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  422. * Bug 3838: Inform Torbutton users about TBB
  423. * Bug 5092: Sign Torbutton Updates
  424. * Bugs 5673+5732: Change captcha redirect to startpage.com
  425. * Bug 3845: Bump Firefox user agent to 10.0-ESR
  426. 1.4.5.1
  427. 17 Dec 2011
  428. * bug 4722: Fix ability to drag tabs on Windows (due to #4517)
  429. 1.4.5
  430. 14 Dec 2011
  431. * bug 4517: Disable external drag and drop (prevents proxy bypass)
  432. * bug 4099: Disable TLS session tickets to prevent linkability
  433. * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  434. * bug 4611: Notify user if "New Identity" fails
  435. * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  436. * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  437. * misc: Perform versioncheck at startup regardless of session restore status
  438. 1.4.4.1
  439. 11 Oct 2011
  440. * misc: Fix a homepage load error on Windows TBB first-run
  441. 1.4.4
  442. 9 Oct 2011
  443. * bug 4197: Allow Torbutton formfill blocking to be disabled
  444. * bug 4058: Fix yet more issues with links opening in new tabs
  445. * bug 4161: Make TBB version check work w/ SocksPort auto builds
  446. * bug 3686: Fix loading of localized homepage on Debian
  447. * bug 4016: Resize window on "New Identity"
  448. * bug 3928: Implement CookieAuthFile password reading
  449. * misc: Fix scoping issue for some stream variables
  450. 1.4.3
  451. 9 Sep 2011
  452. * bug 3933: Don't touch app.update.auto in TBB
  453. * bug 3960: Don't disable zoom.siteSpecific on TBB
  454. * bug 3928: Fix auto-scroll on twitter
  455. * bug 3649: Make permissions and disk errors human-readable
  456. 1.4.2
  457. 3 Sep 2011
  458. * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  459. * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  460. * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)
  461. 1.4.1
  462. 28 Aug 2011
  463. * bug 523: Implement New Identity (for TBB only)
  464. * bug 3580: Fix hotmail/live breakage (TBB only)
  465. * bug 3748: Disable 3rd party HTTP auth
  466. * bug 3665: Fix several corner cases SafeCache isolation
  467. * bug 3739: Fix https->http CORS failure for SafeCache
  468. * bug 3414: Isolate window.name based on referrer policy
  469. * bug 3809: Disable referer spoofing (fixes navigation issues)
  470. * bug 3819: Fix API issue with cookie protections
  471. * bug 3820: Fix warning w/ session store filter
  472. 1.4.0
  473. 30 Jun 2011
  474. * bug 3101: Disable WebGL. Too many unknowns for now.
  475. * bug 3345: Make Google Captcha redirect work again.
  476. * bug 3399: Fix a reversed exception check found by arno.
  477. * bug 3177: Update torbutton to use new TorBrowser prefs.
  478. * bug 2843: Update proxy preferences window to support env var.
  479. * bug 2338: Force toggle at startup if tor is enabled
  480. * bug 3554: Make Cookie protections obey disk settings
  481. * bug 3441: Enable cookie protection UI by default.
  482. * bug 3446: We're Firefox 5.0, we swear.
  483. * bug #3506: Remove window resize event listener.
  484. * bug #1282: Set fixed window size for each new window.
  485. * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  486. * bug #2361: Make about window work again on FF4+.
  487. * bug #3436: T(A)ILS was renamed to Tails.
  488. * bugfix: Fix a transparent context menu issue on Linux FF4+.
  489. * misc: Squelch exception from app launcher in error console.
  490. * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  491. * misc: Make it harder to accidentally toggle torbutton.
  492. 1.3.3-alpha
  493. 01 May 2011
  494. * bug 2777: Clear OCSP cache on tor toggle
  495. * bug 2832: Update spoofed user agent to Firefox 4.0
  496. * bug 2838: Make cookie protections dialog work
  497. * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
  498. * bug 3042: Fix version compatibility issue with FF4.0.1+
  499. 1.3.2-alpha
  500. 21 Mar 2011
  501. * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  502. * bug 1999: Disable tor:// urls by default
  503. * bug 1968: Reset window.name on tor toggle
  504. * bug 2148: Make refspoofing more uniform
  505. * bug 2359: Fix XHTML DTD errors on FF4
  506. * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  507. * bug 2458: Opt out of Firefox addon usage pings
  508. * bug 2377: Limit the Google captcha cookies copied between google TLDs
  509. * bug 2491: Clean up checks for when to jar protected cookies
  510. * bug 1110: Add popup to ask if we should spoof English Accept: headers
  511. * misc: Remove a noisy FF2 nsICookieManager2 fallback check.
  512. 1.3.1-alpha
  513. 03 Jan 2011
  514. * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  515. * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  516. * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
  517. * bugfix: Fix some incorrect log lines in RefSpoofer
  518. * new: Support Firefox 4.0 (many changes)
  519. * new: Place button in the nav-bar (FF4 killed the status-bar)
  520. * misc: No longer reimplement the session store, use new APIs instead
  521. * misc: Simplify crash detection and startup mode settings
  522. 1.3.0-alpha
  523. 30 Sep 2010
  524. * new: Support for transparent proxies in settings
  525. (patch from Jacob Appelbaum and Kory Kirk)
  526. * new: tor:// and tors:// url support to auto-toggle into tor mode
  527. (patch from Kory Kirk)
  528. * new: Cookie manager to allow individual Cookie protection
  529. (patch from Kory Kirk)
  530. * new: Add referrer spoofing based on modified same origin policy
  531. (patch from Kory Kirk)
  532. * new: Add DuckDuckGo.com as a Google captcha redirect destination
  533. (patch from aiden tighe)
  534. * bugfix: bug 1911: Fix broken useragent locale string on debian
  535. (patch from lunar)
  536. * bugfix: Fix captcha detection for encrypted.google.com
  537. 1.2.5
  538. 08 Apr 2010
  539. * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  540. * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  541. * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  542. * bugfix: bug 1321: Fix a session restore bug when closing the last window
  543. * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  544. * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  545. * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  546. * bugfix: bug 1337: Bind alert windows to correct browser window
  547. * bugfix: bug 1055: Make the error console the default log output location
  548. * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  549. * misc: Always tell a website our window size is rounded even if it's not
  550. * misc: Add some suggestions to warning about loading external content
  551. * new: Add option to always update Torbutton via Tor. On by default
  552. * new: Redirect Google queries elsewhere on captcha (default ixquick)
  553. * new: Strip identifying info off of Google searchbox queries
  554. 1.2.4
  555. 16 Dec 2009
  556. * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  557. * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  558. * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  559. * bugfix: bug 1163: Fix history loss in FF3.6
  560. * bugfix: Fix a typo error during logging
  561. * bugfix: Properly handle session restore in FF3.6
  562. * misc: Kill a warning message about missing properties in window-mapper.js
  563. * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)
  564. 1.2.3
  565. 02 Dec 2009
  566. * bugfix: bug 950: Preserve useragent and download settings across toggle
  567. * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  568. * bugfix: bug 1041: Preserve tab history in FF3.5
  569. * bugfix: bug 1047: Fix spurious user agent change notice
  570. * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  571. * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  572. * bugfix: bug 1085: Fix test settings issues with dead privoxy
  573. * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  574. * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  575. * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  576. * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  577. * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  578. * bugfix: bug 1154: Clarify "Last Tor test failed" message
  579. * misc: Disable geolocation in FF3.5 during Tor mode
  580. * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  581. * misc: Disable offline app cache during Tor mode
  582. * misc: Disable specific site zoom settings during Tor mode
  583. * new: Transfer Google cookies between country-code domains. This should
  584. make it such that captchas only need to be solved once per Tor session,
  585. as opposed to for each country.
  586. 1.2.2
  587. 09 Aug 2009
  588. * bugfix: Workaround Firefox Bug 440892 to prevent external apps from
  589. being launched (and thus bypassing proxy settings) without user
  590. confirmation. Independently reported by Greg Fleischer and optimist.
  591. * bugfix: Create a separate "No Proxy For" option and remove the
  592. string "localhost" from proxy exemptions. Prevents a theoretical
  593. proxy bypass condition discovered by optimist. Fix based on patch from
  594. optimist.
  595. * bugfix: bug 970: Purge undo tab list on Tor toggle.
  596. * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages.
  597. Mac OS writes Firefox console messages to disk by default.
  598. * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy
  599. strings to fail to display.
  600. * misc: bug 1006: Pop up a more specific failure message for pref
  601. changing errors during Tor toggle.
  602. * misc: Fix a couple of strict javascript warns on FF3.5
  603. * misc: Add chrome url protection call to conceal other addons during
  604. non-Tor usage. Patch by Sebastian Lisken.
  605. * misc: Remove torbutton log system init message that may have scared some
  606. paranoids.
  607. 1.2.1
  608. 21 Mar 2009
  609. * bugfix: bug 773: Fixed Noscript conflict issue.
  610. * bugfix: bug 866: Fixed conflict with ZoTero
  611. * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
  612. Torbutton's spoofed user agent if Tor is enabled.
  613. * bugfix: bug 909: Get Torbutton to "properly" react to users changing
  614. their Firefox cookie lifetime settings as opposed to using the Torbutton
  615. interface.
  616. * bugfix: bug 834: Fix session saving and startup issues
  617. * bugfix: bug 875: Removed docShell == null popup during toggle for
  618. some users
  619. * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  620. * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  621. * bugfix: Stop-gap timezone spoofing fix for Linux and Mac
  622. for FF3. Requires a one-line patch to Firefox for Windows to work.
  623. * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  624. * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  625. * misc: bug 836: redesign startup preference window to make it more
  626. understandable
  627. * misc: Torbutton now presents itself as Windows FF3.0.7.
  628. * misc: Change RDF to allow Torbutton to run on FF3.1 betas.
  629. 1.2.0
  630. 30 Jul 2008
  631. * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  632. * bugfix: bug 778: Preserve locale in spoofed version if user does not want
  633. locale spoofing.
  634. * bugfix: bug 780: Keep session cookies during Tor toggle.
  635. * bugfix: Potential fix for some PKCS#12 issues.
  636. * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  637. * misc: Translation updates.
  638. 1.2.0rc6:
  639. 12 Jul 2008
  640. * bugfix: Fix bug causing Firefox history to get cleared in some situations
  641. * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  642. * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  643. * bugfix: Fix some potential permission denied issues with cookie jars
  644. * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  645. * bugfix: Apply cookie lifetime settings to Tor settings on first install.
  646. * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
  647. * misc: Allow automatic updates in FF3 by default. They are secure now.
  648. * misc: Translation updates
  649. 1.2.0rc5
  650. 06 Jul 2008
  651. * bugfix: bug 734: Fix exception with clearing history on toggle
  652. * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
  653. * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  654. * misc: translation updates for French, Farsi, and others
  655. * misc: demote "mapper check" log message to info
  656. * new: Option to not write cookie jars to disk submitted by arno
  657. 1.2.0rc4
  658. 27 Jun 2008
  659. * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
  660. Bug 439384, but it's the best we can do. At least we won't destroy
  661. cookies anymore.
  662. * misc: Some strings were present twice in the en-US locale. Didn't seem
  663. to cause any problems, but probably should be fixed.
  664. 1.2.0rc3
  665. 27 Jun 2008
  666. * bugfix: Lots of compatibility updates with other extensions. Issues
  667. with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  668. * bugfix: Fix bug with first window/tab after restart being partially
  669. prevented from performing network activity and/or history access.
  670. * bugfix: Add an additional pref for blocking Non-Tor file url network
  671. activity. Off by default. This should fix issues with Sage addon in
  672. Non-Tor mode.
  673. * bugfix: Be better about saving all sorts of Firefox prefs that we touch
  674. so that users' Non-Tor preferences are remembered.
  675. * bugfix: Fix potential issues with FF3 sessionstore by updating component,
  676. and performing version detection.
  677. * bugfix: Separate toggle into a 3 stage process to eliminate potential
  678. race conditions and issues with javascript and other functionality
  679. not working after Tor toggle.
  680. * new: Added 'Test Settings' button to Proxy Preferences that uses
  681. check.torproject.org to verify Tor status.
  682. * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  683. * misc: Fix logging system to be more user-legible.
  684. 1.2.0rc2
  685. 08 Jun 2008
  686. * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are
  687. closed but app stays open
  688. * misc: Potential performance improvements when many windows+tabs are open
  689. * new: Add 'locked mode' pref to allow users to disable one-click toggling
  690. * new: Add prefs to start Firefox with a specific Tor state.
  691. 1.2.0rc1
  692. 01 Jun 2008
  693. * general: FF3 should now be functional, but timezone masking is not
  694. operational
  695. * bugfix: Fix Places/history component hooking in FF3
  696. * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
  697. if history writes are disabled.
  698. * bugfix: General component hooking fixes for FF3
  699. * bugfix: Block favicon leaking in FF3
  700. * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
  701. * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
  702. * bugfix: Properly reset cookie lifetime policy when user changes cookie
  703. handling options.
  704. * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  705. * bugfix: navigator.oscpu hooking was broken in 1.1.18
  706. * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  707. * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
  708. Not possible to cancel existing Livemarks timer (one fetch will still
  709. happen via Tor before disable). See Firefox Bug 436250
  710. * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
  711. mimetypes just in case our custom full page blocking code fails
  712. 1.1.18
  713. 17 Apr 2008
  714. * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
  715. unusable after recent updates by Google.
  716. * bugfix: Fix an exception in the content policy that may have prevented
  717. some AJAX page elements from loading.
  718. * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  719. * bugfix: Fix to make clear private data work again by fixing up history
  720. hooking (may also help FF3 compatibility).
  721. * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
  722. weirdness).
  723. * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
  724. preference
  725. * bugfix: Fix bug 638: eliminate cross-state history popup on session
  726. restore
  727. * bugfix: Only resize windows on document load. Hopefully this will make
  728. the resizing code less annoying, and drift less.
  729. * bugfix: Fix Object.prototype extensions involving the Date object
  730. (observed on LiveJournal)
  731. * bugfix: Fix javascript debugger compatibility issues involving source
  732. window display and other functionality.
  733. * misc: Prevent blocked popups from opening blank, unusable windows
  734. * misc: Updated firefox version to 2.0.0.14
  735. * new: New translations for French, Russian, Farsi, Italian, and Spanish.
  736. 1.1.17
  737. 15 Mar 2008
  738. * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  739. * bugfix: Block network access from file urls to workaround Firefox
  740. 'Content-Disposition' file stealing attack (found/fixed by Greg)
  741. * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  742. * bugfix: Improve Torbutton chrome concealment (found by Greg)
  743. * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  744. * bugfix: Don't resize maximized windows
  745. * misc: Improve window resizing to only resize on document load,
  746. and to try to address drift by remembering window sizes
  747. * misc: Clear session history if clear history on tor toggle is set
  748. * new: Remove history hooks in favor of nsISHistoryListeners that
  749. prevent history navigation from alternate Tor states
  750. 1.1.16
  751. 03 Mar 2008
  752. * bugfix: Fix yet more javascript unmasking issues found by Greg.
  753. Date is still unmaskable.
  754. * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  755. * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling
  756. 1.1.15
  757. 26 Feb 2008
  758. * bugfix: Fix hook unmasking of window.screen, window.history,
  759. and window.navigator discovered by Greg Fleischer. window.Date
  760. unmasking is still unfixed. window.history unmasking represents
  761. potential IP disclosure due to Firefox Bug 409737.
  762. * bugfix: Fix view-source extension disclosure bug found by Greg
  763. Fleischer.
  764. * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  765. * new: Attempt to prevent window sizes from drifting during resize.
  766. 1.1.14
  767. 24 Feb 2008
  768. * bugfix: set general.useragent.locale if user wants to spoof an English
  769. browser. This handles navigator.locale
  770. * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  771. * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  772. * bug 580: Resize preferences window to fit in 640x480 displays
  773. * new: Spoof window.screen to mask desktop resolution and resize the
  774. browser to multiples of 50px while tor is enabled.
  775. * new: Block content window access to chrome urls if Tor is enabled,
  776. and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for
  777. reporting the chrome disclosure issues
  778. * new: Added option to close all opened tabs on a Tor toggle. Useful
  779. for general convenience and also as a backup protection against
  780. Bug 409737.
  781. * new: Add Tor ports to the list of banned ports for Firefox. Should
  782. prevent http-ping based fingerprinting attacks.
  783. * new: Finally add support for automatic updates.
  784. 1.1.13
  785. 01 Feb 2008
  786. * bugfix: Implement workarounds to disable Javascript network access
  787. for Firefox Bug 409737
  788. * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296
  789. * misc: Set network.protocol-handler.warn-external.* to warn on external
  790. app handlers during Tor usage
  791. * misc: Disable browser.safebrowsing.enabled during Tor usage since it
  792. retrieves some information in plaintext.
  793. * misc: Disable browser.send_pings.
  794. * misc: Block Javascript back/forward manipulation if Tor is enabled
  795. * new: Option to clear HTTP auth on Tor toggle
  796. 1.1.12
  797. 26 Nov 2007
  798. * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
  799. is the whole bug.
  800. * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
  801. window was closed (introduced in 1.1.11)
  802. * bugfix: Fix a favicon proxy-leak discussed in onionland
  803. 1.1.11
  804. 16 Nov 2007
  805. * bugfix: Fix a scope issue with the JS hooks that caused problems with
  806. some sites (gmail, others?)
  807. * misc: Performance enhancements for speeding up toggle
  808. * new: Prevent Tor cookies from being written to disk if the user wants
  809. them cleared.
  810. 1.1.10
  811. 06 Nov 2007
  812. * bugfix: bug 522: Try harder to kill plugins before they do any network IO
  813. (discovered by goldy)
  814. * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
  815. location event.
  816. * misc: New logging system
  817. * new: Have user choose between starting in Tor or Non-Tor after crash.
  818. Leaving it to Firefox is non-deterministic and should not be an option.
  819. 1.1.9.1
  820. 23 Oct 2007
  821. * bugfix: 1.1.9 killed all plugins. Bring them back to life.
  822. 1.1.9
  823. 21 Oct 2007
  824. * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
  825. * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  826. * bugfix: bug 522: Block loading of direct clicks of plugin-handled content
  827. (discovered by goldy).
  828. 1.1.8
  829. 01 Oct 2007
  830. * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  831. * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  832. * bugfix: bug 474: Decouple password+form saving from history writing
  833. * bugfix: bug 460: Rework handling of hooking based on global events+window
  834. lookup
  835. * bugfix: Hooking fixes for pages with nested frames/iframes
  836. * bugfix: Cookies are now properly synced before storing into a jar
  837. * misc: Tightened up the alerts a bit more for the javascript hooking
  838. * misc: Changed defaults to be less intrusive to non-tor usage
  839. * new: Added options to start in Tor and reload cookies after browser crash
  840. * new: Added ability to have both tor and non-tor cookie jars
  841. 1.1.7
  842. 20 Sep 2007
  843. * bugfix: bug 495: couple of memory leaks found and fixed by arno
  844. * bugfix: bug 497: uninstall exception found and fixed by arno
  845. * bugfix: bug 460: No more alerts should happen. But does that mean its
  846. fixed? Outlook uncertain...
  847. * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  848. * bugfix: if javascript is disabled, the hooking code no longer complains
  849. * misc: Update spoofed Firefox version to 2.0.0.6
  850. * new: "Restore Defaults" button added to the preferences window
  851. 1.1.6
  852. 30 Jul 2007
  853. * bugfix: Fix an exception that may have messed up cookie/cache clearing
  854. if you allowed Tor to write history URLs (possibly kills bug #457)
  855. * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
  856. misses (possibly kills bug #460)
  857. * misc: Clean up annoying false positives with date hooking checks
  858. 1.1.5
  859. 17 Jul 2007
  860. * bugfix: Reset shutdown option if user wants to manually manage cookies
  861. * misc: Add code to detect date hooking failures to zero in on Bug #460
  862. * new: Pref to disable "DOM Storage" during Tor usage
  863. 1.1.4 - Defcon CD Release
  864. 6 Jul 2007
  865. * bugfix: Make plugin state tied to tab load state also
  866. * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  867. * new: Add options to spoof charset and language headers
  868. * new: Add option to disable referer header. This can break some sites.
  869. Seems to break digg in particular.
  870. * new: Copy English strings to all language DTDs so they are at least
  871. functional.
  872. 1.1.3 - Black Hat CD Release
  873. 30 Jun 2007
  874. * bugfix: Fully disable session store if option is set. Otherwise it
  875. can save Tor tabs and cause them to be reloaded during Tor usage!
  876. * new: Differentiate between crucial and recommended settings in preferences
  877. 1.1.2
  878. 22 Jun 2007
  879. * bugfix: Make js hooking a bit more invisible
  880. * bugfix: Improve navigator.* hooking for user agent spoofing
  881. * new: Block session saving during tor usage
  882. * new: Add options to clear cookies during Tor/Non-Tor shutdowns
  883. 1.1.1
  884. 20 Jun 2007
  885. * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
  886. who expect a fixed DOM structure.
  887. * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
  888. it to handle various Tor States+read/write differentiation.
  889. * new: Allow users to manually manage cookies
  890. * new: Mark tabs as having been fetched via Tor or in the clear
  891. * new: Add code to only enable javascript on tabs with the same Tor load
  892. state as the current
  893. * new: options to clear the cache, block disk cache, or block all caching
  894. * new: Created options tabbox
  895. * new: Option to block updates if Tor was enabled
  896. * new: Add nsIContentPolicy to block CSS popups from pages with a different
  897. load state than current Tor State.
  898. * new: Added user agent spoofing code
  899. * new: Support FireFox 2.0 only
  900. * new: Disable "safe browsing" remote lookups
  901. * new: block session saving
  902. 1.1.0 - Security Development begins (Alpha branch)
  903. 31 Mar 2007
  904. * new: Option to disable all plugins during Tor usage
  905. * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  906. * new: Options to clear history and cookies on Tor toggle
  907. * bugfix: Fix logging to use error console if logger extension not present
  908. 1.0.5
  909. 18 Nov 2006
  910. * bugfix: fix the about box in firefox 1.0
  911. * bugfix: set the toolbar button to the correct state upon insertion into
  912. the toolbar (ff >= 1.5 only)
  913. * bugfix: clarify the wording of the one-liner extension description
  914. * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
  915. * bugfix: remember previous "custom" proxy settings
  916. * misc: new icons
  917. * misc: keyboard shortcut re-assigned to ctrl-2
  918. * new: previous proxy settings are restored after exiting tor mode
  919. * new: if the torbutton proxy settings are changed while torbutton is
  920. enabled, then the active proxy settings are updated to reflect it
  921. * new: added twelve locales
  922. 1.0.4
  923. 01 Jun 2006
  924. * bugfix: without-privoxy settings were incorrect
  925. * bugfix: https settings did not take effect until firefox restart
  926. * bugfix: let firefox generate our about box, so it will include the version
  927. 1.0.3
  928. 31 May 2006
  929. * bugfix: statusbar style would reset to text after firefox restart
  930. 1.0.2
  931. 23 May 2006
  932. * bugfix: fixed problem with socks_remote_dns
  933. * new: mozilla thunderbird support
  934. * new: user may customize proxy settings for nonstandard configurations
  935. * new: option to not use privoxy in the standard configuration
  936. * new: slovenian translation
  937. * new: french translation
  938. * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  939. * new: context menu for toolbar button and statusbar panel
  940. * new: attractive tor icons
  941. * new: about dialog
  942. * new: option to display statusbar as an icon instead of text
  943. 1.0.1
  944. 16 Mar 2006
  945. * bugfix: toolbar button tooltips now display the correct status
  946. * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
  947. * bugfix: allow user to change proxy exclusion list ("no proxy for")
  948. * new: use socks_remote_dns on firefox versions that have it
  949. * new: added update functionality through the extensions manager
  950. * new: added preference: display statusbar panel (yes/no)
  951. * new: added compatibility with firefox 1.0 and 0.9
  952. 1.0
  953. 07 Mar 2006
  954. * initial release