Beruflich Dokumente
Kultur Dokumente
1 -- August 18 2015
* All Platforms
* Bug 16771: Fix crash on some websites due to blob URIs
Tor Browser 5.5a1 -- August 11 2015
* All Platforms
* Update Firefox to 38.2.0esr
* Update NoScript to 2.6.9.34
* Update Torbutton to 1.9.3.3
* Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
* Bug 16730: Reset NoScript whitelist on upgrade
* Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
* Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
* Bug 14429: Make sure the automatic resizing is enabled
* Translation updates
* Update Tor Launcher to 0.2.7.7
* Translation updates
* Bug 16730: Prevent NoScript from updating the default whitelist
* Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
* Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
* Bug 16311: Fix navigation timing in ESR 38
* Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
Tor Browser 5.0 -- August 11 2015
* All Platforms
* Update Firefox to 38.2.0esr
* Update OpenSSL to 1.0.1p
* Update HTTPS-Everywhere to 5.0.7
* Update NoScript to 2.6.9.34
* Update meek to 0.20
* Update Tor to 0.2.6.10 with patches:
* Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name ch
ecks.
* Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
* Bug 15482: Don't allow circuits to change while a site is in use
* Update Torbutton to 1.9.3.2
* Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
* Bug 16730: Reset NoScript whitelist on upgrade
* Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
* Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
* Bug 16268: Show Tor Browser logo on About page
* Bug 16639: Check for Updates menu item can cause update download failure
* Bug 15781: Remove the sessionstore filter
* Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
* Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1
)
* Bug 16200: Update Cache API usage and prefs for FF38
* Bug 16357: Use Mozilla API to wipe permissions db
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Update Tor Launcher to 0.2.7.7
* Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1
)
* Bug 15145: Visually distinguish "proxy" and "bridge" screens.
* Translation updates
* Bug 16730: Prevent NoScript from updating the default whitelist
* Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
* Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
* Bug 16884: Prefer IPv6 when supported by the current Tor exit
* Bug 16488: Remove "Sign in to Sync" from the browser menu
*
*
*
*
*
Bug
Bug
Bug
Bug
Bug
re
* Bug 16523: Fix in-browser JavaScript debugger
* Bug 16236: Windows updater: avoid writing to the registry
* Bug 16625: Fully disable network connection prediction
* Bug 16495: Fix SVG crash when security level is set to "High"
* Bug 13247: Fix meek profile error after bowser restarts
* Bug 16005: Relax WebGL minimal mode
* Bug 16300: Isolate Broadcast Channels to first party
* Bug 16439: Remove Roku screencasting code
* Bug 16285: Disabling EME bits
* Bug 16206: Enforce certificate pinning
* Bug 15910: Disable Gecko Media Plugins for now
* Bug 13670: Isolate OCSP requests by first party domain
* Bug 16448: Isolate favicon requests by first party
* Bug 7561: Disable FTP request caching
* Bug 6503: Fix single-word URL bar searching
* Bug 15526: ES6 page crashes Tor Browser
* Bug 16254: Disable GeoIP-based search results.
* Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
* Bug 13024: Disable DOM Resource Timing API
* Bug 16340: Disable User Timing API
* Bug 14952: Disable HTTP/2
* Bug 1517: Reduce precision of time for Javascript
* Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
* Bug 16311: Fix navigation timing in ESR 38
* Windows
* Bug 16014: Staged update fails if meek is enabled
* Bug 16269: repeated add-on compatibility check after update (meek enabled)
* Mac OS
* Use OSX 10.7 SDK
* Bug 16253: Tor Browser menu on OS X is broken with ESR 38
* Bug 15773: Enable ICU on OS X
* Build System
* Bug 16351: Upgrade our toolchain to use GCC 5.1
* Bug 15772 and child tickets: Update build system for Firefox 38
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
* Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
Tor Browser 5.0a4 -- August 3 2015
* All Platforms
* Update Tor to 0.2.7.2-alpha with patches:
* Bug 15482: Don't allow circuits to change while a site is in use
* Update OpenSSL to 1.0.1p
* Update HTTPS-Everywhere to 5.0.7
* Update NoScript to 2.6.9.31
* Update Torbutton to 1.9.3.1
* Bug 16268: Show Tor Browser logo on About page
* Bug 16639: Check for Updates menu item can cause update download failure
* Bug 15781: Remove the sessionstore filter
* Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
* Translation updates
* Bug 16884: Prefer IPv6 when supported by the current Tor exit
* Bug 16488: Remove "Sign in to Sync" from the browser menu
* Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
* Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
*
*
*
*
*
Bug
Bug
Bug
Bug
Bug
re
* Bug
* Bug
* Bug
* Bug
* Bug
* Build
* Bug
16523:
16236:
16005:
16625:
16495:
System
15864:
* Bug 15510: Close Tor Circuit UI control port connections on New Identity
* Bug 15472: Make node text black in circuit status UI
* Bug 15502: Wipe blob URIs on New Identity
* Bug 15795: Some security slider prefs do not trigger custom checkbox
* Bug 14429: Disable automatic window resizing for now
* Bug 4100: Raise HTTP Keep-Alive back to 115 second default
* Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
* Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
* Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info d
isplay
* Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
* Bug 15794: Crash on some pages with SVG images if SVG is disabled
* Bug 15562: Disable Javascript SharedWorkers due to third party tracking
* Bug 15757: Disable Mozilla video statistics API extensions
* Bug 15758: Disable Device Sensor APIs
* Linux
* Bug 15747: Improve start-tor-browser argument handling
* Bug 15672: Provide desktop app registration+unregistration for Linux
* Windows
* Bug 15539: Make installer exe signatures reproducibly removable
* Bug 10761: Fix instances of shutdown crashes
Tor Browser 4.5a5 -- Mar 31 2015
* All Platforms
* Update Firefox to 31.6.0esr
* Update OpenSSL to 1.0.1m
* Update Tor to 0.2.6.6
* Update NoScript to 2.6.9.19
* Update HTTPS-Everywhere to 5.0
* Update meek to 0.16
* Update Tor Launcher to 0.2.7.3
* Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
* Update Torbutton to 1.9.1.0
* Bug 9387: "Security Slider 1.0"
* Include descriptions and tooltip hints for security levels
* Notify users that the security slider exists
* Flip slider so that "low" is on the bottom
* Make use of new SVG and MathML prefs
* Bug 13766: Set a 10 minute circuit lifespan for non-content requests
* Bug 15460: Ensure FTP urls use content-window circuit isolation
* Bug 13650: Clip initial window height to 1000px
* Bug 14429: Ensure windows can only be resized to 200x100px multiples
* Bug 15334: Display Cookie Protections menu if disk records are enabled
* Bug 14324: Show HS circuit in Tor circuit display
* Bug 15086: Handle RTL text in Tor circuit display
* Bug 15085: Fix about:tor RTL text alignment problems
* Bug 10216: Add a pref to disable the local tor control port test
* Bug 14937: Show meek and flashproxy bridges in tor circuit display
* Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
* Bug 13019: Change locale hiding pref to boolean
* Bug 7255: Warn users about maximizing windows
* Bug 14631: Improve profile access error msgs (strings).
* Pluggable Transport Dependency Updates:
* Bug 15448: Use golang 1.4.2 for meek and obs4proxy
* Bug 15265: Switch go.net repo to golang.org/x/net
* Bug 14937: Hard-code meek and flashproxy node fingerprints
* Bug 13019: Prevent Javascript from leaking system locale
* Bug 10280: Improved fix to prevent loading plugins into address space
* Bug 15406: Only include addons in incremental updates if they actually upda
te
*
*
*
*
Bug 14849: Remove new NoScript menu option to make permissions permanent
Bug 14851: Set NoScript pref to disable permanent permissions
Bug 14490: Make Disconnect the default omnibox search engine
Bug 11236: Fix omnibox order for non-English builds
* Also remove Amazon, eBay and bing; add Youtube and Twitter
* Bug 10280: Don't load any plugins into the address space.
* Bug 14392: Make about:tor hide itself from the URL bar
* Bug 12430: Provide a preference to disable remote jar: urls
* Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
* Bug 5698: Fix branding in "About Torbrowser" window
* Windows:
* Bug 13169: Don't use /dev/random on Windows for SSP
* Linux:
* Bug 13717: Make sure we use the bash shell on Linux
Tor Browser 4.0.4 -- Feb 24 2015
* All Platforms
* Update Firefox to 31.5.0esr
* Update OpenSSL to 1.0.1l
* Update NoScript to 2.6.9.15
* Update HTTPS-Everywhere to 4.0.3
* Bug 14203: Prevent meek from displaying an extra update notification
* Bug 14849: Remove new NoScript menu option to make permissions permanent
* Bug 14851: Set NoScript pref to disable permanent permissions
Tor Browser 4.5a3 -- Jan 19 2015
* All Platforms
* Update Firefox to 31.4.0esr
* Update Tor to 0.2.6.2-alpha
* Update NoScript to 2.6.9.10
* Update HTTPS Everywhere to 5.0development.2
* Update meek to 0.15
* Update Torbutton to 1.8.1.3
* Bug 13998: Handle changes in NoScript 2.6.9.8+
* Bug 14100: Option to hide NetworkSettings menuitem
* Bug 13079: Option to skip control port verification
* Bug 13835: Option to change default Tor Browser homepage
* Bug 11449: Fix new identity error if NoScript is not enabled
* Bug 13881: Localize strings for tor circuit display
* Bug 9387: Incorporate user feedback
* Bug 13671: Fixup for circuit display if bridges are used
* Translation updates
* Update Tor Launcher to 0.2.7.1
* Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
* Translation updates
* Bug 13379: Sign our MAR files
* Bug 13788: Fix broken meek in 4.5-alpha series
* Bug 13439: No canvas prompt for content callers
Tor Browser 4.0.3 -- Jan 13 2015
* All Platforms
* Update Firefox to 31.4.0esr
* Update NoScript to 2.6.9.10
* Update meek to 0.15
* Update Tor Launcher to 0.2.7.0.2
* Translation updates only
Tor Browser 4.5-alpha-2 -- Dec 5 2014
* All Platforms
* Update Firefox to 31.3.0esr
* Mac
* Bug 10138: Switch to 64bit builds for MacOS
Tor Browser 4.0.1 -- Oct 30 2014
* All Platforms
* Update Tor to 0.2.5.10
* Update NoScript to 2.6.9.3
* Bug 13301: Prevent extensions incompatibility error after upgrades
* Bug 13460: Fix MSVC compilation issue
* Windows
* Bug 13443: Disable DirectShow to prevent crashes on many sites
* Bug 13091: Make app name "Tor Browser" instead of "Tor"
Tor Browser 4.0 -- Oct 15 2014
* All Platforms
* Update Firefox to 31.2.0esr
* Update Torbutton to 1.7.0.1
* Bug 13378: Prevent addon reordering in toolbars on first-run.
* Bug 10751: Adapt Torbutton to ESR31's Australis UI.
* Bug 13138: ESR31-about:tor shows "Tor is not working"
* Bug 12947: Adapt session storage blocker to ESR 31.
* Bug 10716: Take care of drag/drop events in ESR 31.
* Bug 13366: Fix cert exemption dialog when disk storage is enabled.
* Update Tor Launcher to 0.2.7.0.1
* Translation updates only
* Udate fteproxy to 0.2.19
* Update NoScript to 2.6.9.1
* Bug 13416: Defend against new SSLv3 attack (poodle).
* Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
* Bug 13016: Hide CSS -moz-osx-font-smoothing values.
* Bug 13356: Meek and other symlinks missing after complete update.
* Bug 13025: Spoof screen orientation to landscape-primary.
* Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
* Bug 13318: Minimize number of buttons on the browser toolbar.
* Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
* Bug 13023: Disable the gamepad API.
* Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
* Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
* Bug 13186: Disable DOM Performance timers
* Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
Tor Browser 4.0-alpha-3 -- Sep 24 2014
* All Platforms
* Update Tor to 0.2.5.8-rc
* Update Firefox to 24.8.1esr
* Update meek to 0.11
* Update NoScript to 2.6.8.42
* Update Torbutton to 1.6.12.3
* Bug 13091: Use "Tor Browser" everywhere
* Bug 10804: Workaround fix for some cases of startup hang
* Bug 13091: Use "Tor Browser" everywhere
* Bug 13049: Browser update failure (self.update is undefined)
* Bug 13047: Updater should not send Kernel and GTK version
* Bug 12998: Prevent intermediate certs from being written to disk
* Bug 13245: Prevent non-english TBBs from upgrading to english version.
* Linux:
* Bug 9150: Make RPATH unavailable on Tor binary.
* Bug 13031: Add full RELRO protection.
Tor Browser Bundle 3.6.6 -- Sep 24 2014
* All Platforms
* Update Tor to tor-0.2.4.24
* Update Firefox to 24.8.1esr
* Update NoScript to 2.6.8.42
* Update HTTPS Everywhere to 4.0.1
* Bug 12998: Prevent intermediate certs from being written to disk
* Update Torbutton to 1.6.12.3
* Bug 13091: Use "Tor Browser" everywhere
* Bug 10804: Workaround fix for some cases of startup hang
* Linux
* Bug 9150: Make RPATH unavailable on Tor binary.
Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014
* All Platforms
* Update Firefox to 24.8.0esr
* Update NoScript to 2.6.8.39
* Update Tor Launcher to 0.2.7.0
* Bug 11405: Remove firewall prompt from wizard.
* Bug 12895: Mention @riseup.net as a valid bridge request email address
* Bug 12444: Provide feedback when Copy Tor Log is clicked.
* Bug 11199: Improve error messages if Tor exits unexpectedly
* Update Torbutton to 1.6.12.1
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 4234: Automatic Update support (off by default)
* Bug 9881: Open popups in new tabs by default
* Meek Pluggable Transport:
* Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
* Windows:
* Bug 10065: Enable DEP, ASLR, and SSP hardening options
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 3.6.5 -- Sep 2 2014
* All Platforms
* Update Firefox to 24.8.0esr
* Update NoScript to 2.6.8.39
* Update HTTPS Everywhere to 4.0.0
* Update Torbutton to 1.6.12.1
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 9531: Workaround to avoid rare hangs during New Identity
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 9881: Open popups in new tabs by default
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 4.0-alpha-1 -- Aug 8 2014
* All Platforms
* Ticket 10935: Include the Meek Pluggable Transport (version 0.10)
* Two modes of Meek are provided: Meek over Google and Meek over Amazon
*
*
*
*
* Bug #8364: Change the default entry page for the addons tab to the
installed addons page.
* Bug #9867: Make flash objects really be click-to-play if flash is enabled.
* Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify
caller usage of the API
* Bug #3661: Remove polipo and privoxy from the banned ports list.
* misc: Fix a potential memory leak in the Image Cache isolation
* misc: Fix a potential crash if OS theme information is ever absent
* Update Tor-Launcher to 0.2.3.1-beta
* Bug #9114: Handle new directory structure
* misc: Tor Launcher now supports Thunderbird
* Update Torbutton to 1.6.4
* Bug #9224: Support multiple Tor socks ports for about:tor status check
* Bug #9587: Add TBB version number to about:tor
* Bug #9144: Workaround to handle missing translation properties
* Windows:
* Bug #9084: Fix startup crash on Windows XP.
* Linux:
* Bug #9487: Create detached debuginfo files for Linux Tor and Tor
Browser binaries.
Tor Browser Bundle 3.0alpha4 -- Sep 24 2013
* All Platforms:
* Bug #8751: Randomize TLS HELLO timestamp in HTTPS connections
* Bug #9790 (workaround): Temporarily re-enable JS-Ctypes for cache
isolation and SSL Observatory
* Update Firefox to 17.0.9esr
* Update Tor to 0.2.4.17-rc
* Update NoScript to 2.6.7.1
* Update Tor-Launcher to 0.2.2-alpha
* Bug #9675: Provide feedback mechanism for clock-skew and other early
startup issues
* Bug #9445: Allow user to enter bridges with or without 'bridge' keyword
* Bug #9593: Use UTF16 for Tor process launch to handle unicode paths.
* misc: Detect when Tor exits and display appropriate notification
* Update Torbutton to 1.6.2.1
* Bug 9492: Fix Torbutton logo on OSX and Windows (and related
initialization code)
* Bug 8839: Disable Google/Startpage search filters using Tor-specific urls
Tor Browser Bundle 3.0alpha3 -- Aug 01 2013
* All Platforms:
* Update Firefox to 17.0.8esr
* Update Tor to 0.2.4.15-rc
* Update HTTPS-Everywhere to 3.3.1
* Update NoScript to 2.6.6.9
* Improve build input fetching and authentication
* Bug #9283: Update NoScript prefs for usability.
* Bug #6152 (partial): Disable JSCtypes support at compile time
* Update Torbutton to 1.6.1
* Bug 8478: Change when window resize code fires to avoid rounding errors
* Bug 9331: Hack an update URL for the next TBB release
* Bug 9144: Change an aboutTor.dtd string so transifex will accept it
* Update Tor-Launcher to 0.2.1-alpha
* Bug #9128: Remove dependency on JSCtypes
* Windows
* Bug #9195: Disable download manager AV scanning (to prevent cloud
reporting+scanning of downloaded files)
* Mac: