Change Log

Tor Browser 4.5.
3 -- June 30 2015
* All Platforms
* Update Firefox to 31.8.0esr
* Update OpenSSL to 1.0.1o
* Update NoScript to 2.6.9.27
* Update Torbutton to 1.9.2.8
* Bug 16403: Set search parameters for Disconnect
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Bug 16397: Fix crash related to disabling SVG
* Bug 16403: Set search parameters for Disconnect
* Bug 16446: Update FTE bridge #1 fingerprint
* Tor patch backport
* Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
Tor Browser 5.0a2 -- June 15 2015
* All Platforms
* Update Tor to 0.2.7.1-alpha
* Update HTTPS-Everywhere to 5.0.5
* Update OpenSSL to 1.0.1n
* Update meek to 0.19
* Bug 15984: Disabling Torbutton breaks the Add-ons Manager
* Bug 14429: Make sure the automatic resizing is enabled
* Bug 16130: Defend against logjam attack
* Windows
* Bug 16014: Staged update fails if meek is enabled
* Bug 16269: repeated add-on compatibility check after update (meek enabled)
* Linux
* Bug 16026: Fix crash in GStreamer
* Bug 16083: Update comment in start-tor-browser
Tor Browser 4.5.2 -- June 15 2015
* All Platforms
* Update Tor to 0.2.6.9
* Update OpenSSL to 1.0.1n
* Bug 14429: Make sure the automatic resizing is disabled
* Bug 16130: Defend against logjam attack
* Linux
* Bug 16026: Fix crash in GStreamer
* Bug 16083: Update comment in start-tor-browser
Tor Browser 5.0a1 -- May 14 2015
* All Platforms
* Update Tor Launcher to 0.2.7.5
* Translation updates only
* Bug 15837: Show descriptions if unchecking custom mode
* Bug 15927: Force update of the NoScript UI when changing security level
* Bug 15915: Hide circuit display if it is disabled.

* Bug 14429: Improved automatic window resizing
* Bug 15945: Disable NoScript's ClearClick protection for now
* Bug 15933: Isolate by base (top-level) domain name instead of FQDN
* Bug 15857: Fix file descriptor leak in updater that caused update failures
* Bug 15899: Fix errors with downloading and displaying PDFs
* Bug 15773: Enable ICU on OS X
* Bug 1517: Reduce precision of time for Javascript
* Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
* Bug 13875: Improve the spoofing of window.devicePixelRatio
* Windows
* Bug 15872: Fix meek pluggable transport startup issue with Windows 7
* Build System
* Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env v
ar
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Tor Browser 4.5.1 -- May 12 2015
* All Platforms
* Bug 15837: Show descriptions if unchecking custom mode
* Bug 15927: Force update of the NoScript UI when changing security level
* Bug 15915: Hide circuit display if it is disabled.
* Bug 15945: Disable NoScript's ClearClick protection for now
* Bug 15933: Isolate by base (top-level) domain name instead of FQDN
* Bug 15857: Fix file descriptor leak in updater that caused update failures
* Bug 15899: Fix errors with downloading and displaying PDFs
* Windows
* Bug 15872: Fix meek pluggable transport startup issue with Windows 7
* Build System
* Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env v
ar
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Tor Browser 4.5 -- Apr 28 2015
* All Platforms
* Update Tor to 0.2.6.7 with additional patches:
* Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
* Bug 15689: Resume building HTTPS-Everywhere from git tags
* Update obfs4proxy to 0.0.5
* Bug 15704: Do not enable network if wizard is opened
* Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
* Bug 13576: Don't strip "bridge" from the middle of bridge lines
* Bug 15657: Display the host:port of any connection faiures in bootstrap
* Bug 15562: Bind SharedWorkers to thirdparty pref
* Bug 15533: Restore default security level when restoring defaults
* Bug 15510: Close Tor Circuit UI control port connections on New Identity
* Bug 15472: Make node text black in circuit status UI
* Bug 15502: Wipe blob URIs on New Identity
* Bug 15795: Some security slider prefs do not trigger custom checkbox
* Bug 14429: Disable automatic window resizing for now
* Bug 4100: Raise HTTP Keep-Alive back to 115 second default
* Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
* Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
* Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info d
isplay
* Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
* Bug 15794: Crash on some pages with SVG images if SVG is disabled
* Bug 15562: Disable Javascript SharedWorkers due to third party tracking
* Bug 15757: Disable Mozilla video statistics API extensions
* Bug 15758: Disable Device Sensor APIs
* Linux
* Bug 15747: Improve start-tor-browser argument handling
* Bug 15672: Provide desktop app registration+unregistration for Linux
* Windows
* Bug 15539: Make installer exe signatures reproducibly removable
* Bug 10761: Fix instances of shutdown crashes
Tor Browser 4.5a5 -- Mar 31 2015
* All Platforms
* Update OpenSSL to 1.0.1m
* Update HTTPS-Everywhere to 5.0
* Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
* Bug 9387: "Security Slider 1.0"
* Include descriptions and tooltip hints for security levels
* Notify users that the security slider exists
* Flip slider so that "low" is on the bottom
* Make use of new SVG and MathML prefs
* Bug 13766: Set a 10 minute circuit lifespan for non-content requests
* Bug 15460: Ensure FTP urls use content-window circuit isolation
* Bug 13650: Clip initial window height to 1000px
* Bug 14429: Ensure windows can only be resized to 200x100px multiples
* Bug 15334: Display Cookie Protections menu if disk records are enabled
* Bug 14324: Show HS circuit in Tor circuit display
* Bug 15086: Handle RTL text in Tor circuit display
* Bug 15085: Fix about:tor RTL text alignment problems
* Bug 10216: Add a pref to disable the local tor control port test
* Bug 14937: Show meek and flashproxy bridges in tor circuit display
* Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
* Bug 13019: Change locale hiding pref to boolean
* Bug 7255: Warn users about maximizing windows
* Bug 14631: Improve profile access error msgs (strings).
* Pluggable Transport Dependency Updates:
* Bug 15448: Use golang 1.4.2 for meek and obs4proxy
* Bug 15265: Switch go.net repo to golang.org/x/net
* Bug 14937: Hard-code meek and flashproxy node fingerprints
* Bug 13019: Prevent Javascript from leaking system locale
* Bug 10280: Improved fix to prevent loading plugins into address space
* Bug 15406: Only include addons in incremental updates if they actually upda
te
* Bug 15029: Don't prompt to include missing plugins
* Bug 12827: Create preference to disable SVG images (for security slider)
* Bug 13548: Create preference to disable MathML (for security slider)
* Bug 14631: Improve startup error messages for filesystem permissions issues
* Bug 15482: Don't allow circuits to change while a site is in use
* Linux
* Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
* Bug 12468: Only print/write log messages if launched with --debug
* Windows
* Bug 3861: Begin signing Tor Browser for Windows the Windows way
* Bug 15201: Disable 'runas Administrator' codepaths in updater
* Bug 14688: Create shortcuts to desktop and start menu by default (optional)
Tor Browser 4.0.6 -- Mar 31 2015
* All Platforms
* Update OpenSSL to 1.0.1m
Tor Browser 4.0.5 -- Mar 23 2015
* All Platforms
Tor Browser 4.5a4 -- Feb 24 2015
* All Platforms
* Update OpenSSL to 1.0.1l
* Update obfs4proxy to 0.0.4
* Use obfs4proxy for ScrambleSuit bridges
* Bug 13882: Fix display of bridges after bridge settings have been changed
* Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
* Bug 10280: Strings and pref for preventing plugin initialization.
* Bug 14866: Show correct circuit when more than one exists for a given dom
ain
* Bug 9442: Add New Circuit button to Torbutton menu
* Bug 9906: Warn users before closing all windows and performing new identi
ty.
* Bug 8400: Prompt for restart if disk records are enabled/disabled.
* Bug 14630: Hide Torbutton's proxy settings tab.
* Bug 14632: Disable Cookie Manager until we get it working.
* Bug 11175: Remove "About Torbutton" from onion menu.
* Bug 13900: Remove remaining SafeCache code in favor of C++ patch
* Bug 14490: Use Disconnect search in about:tor search box
* Bug 14392: Don't steal input focus in about:tor search box
* Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
* Bug 13406: Stop directing users to download-easy.html.en on update
* Bug 9387: Handle "custom" mode better in Security Slider
* Bug 12430: Bind jar: pref to Security Slider
* Bug 14448: Restore Torbutton menu operation on non-English localizations
* Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
* Bug 14336: Fix navigation button display issues on some wizard panes
* Bug 14203: Prevent meek from displaying an extra update notification
* Bug 14849: Remove new NoScript menu option to make permissions permanent
* Bug 14851: Set NoScript pref to disable permanent permissions
* Bug 14490: Make Disconnect the default omnibox search engine
* Bug 11236: Fix omnibox order for non-English builds

* Also remove Amazon, eBay and bing; add Youtube and Twitter
* Bug 10280: Don't load any plugins into the address space.
* Bug 14392: Make about:tor hide itself from the URL bar
* Bug 12430: Provide a preference to disable remote jar: urls
* Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
* Bug 5698: Fix branding in "About Torbrowser" window
* Windows:
* Bug 13169: Don't use /dev/random on Windows for SSP
* Linux:
* Bug 13717: Make sure we use the bash shell on Linux
Tor Browser 4.0.4 -- Feb 24 2015
* All Platforms
* Update OpenSSL to 1.0.1l
* Bug 14203: Prevent meek from displaying an extra update notification
* Bug 14849: Remove new NoScript menu option to make permissions permanent
* Bug 14851: Set NoScript pref to disable permanent permissions
Tor Browser 4.5a3 -- Jan 19 2015
* All Platforms
* Update HTTPS Everywhere to 5.0development.2
* Bug 13998: Handle changes in NoScript 2.6.9.8+
* Bug 14100: Option to hide NetworkSettings menuitem
* Bug 13079: Option to skip control port verification
* Bug 13835: Option to change default Tor Browser homepage
* Bug 11449: Fix new identity error if NoScript is not enabled
* Bug 13881: Localize strings for tor circuit display
* Bug 9387: Incorporate user feedback
* Bug 13671: Fixup for circuit display if bridges are used
* Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
* Bug 13379: Sign our MAR files
* Bug 13788: Fix broken meek in 4.5-alpha series
* Bug 13439: No canvas prompt for content callers
Tor Browser 4.0.3 -- Jan 13 2015
* All Platforms
* Update Tor Launcher to 0.2.7.0.2
Tor Browser 4.5-alpha-2 -- Dec 5 2014
* All Platforms
* Bug 13672: Make circuit display optional

* Bug 13671: Make bridges visible on circuit display
* Bug 9387: Incorporate user feedback
* Bug 13784: Remove third party authentication tokens
* Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in ESR 31.3.0)
Tor Browser 4.0.2 -- Dec 2 2014
* All Platforms
* Update HTTPS Everywhere to 4.0.2
* Bug 13019: Synchronize locale spoofing pref with our Firefox patch
* Bug 13746: Properly link Torbutton UI to thirdparty pref.
* Bug 13742: Fix domain isolation for content cache and disk-enabled browsing
mode
* Bug 5926: Prevent JS engine locale leaks (by setting the C library locale)
* Bug 13504: Remove unreliable/unreachable non-public bridges
* Bug 13435: Remove our custom POODLE fix
* Windows
* Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
* Bug 13558: Fix crash on Windows XP during download folder changing
* Bug 13594: Fix update failure for Windows XP users
Tor Browser 4.5-alpha-1 -- Nov 14 2014
* All Platforms
* Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolatio
n
* Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
* Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33
)
* Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
* Bug 13301: Prevent extensions incompatibility error after upgrades
* Bug 13460: Fix MSVC compilation issue
* Bug 13504: Remove stale bridges from default bridge set
* Bug 13742: Fix domain isolation for content cache and disk-enabled browsing
mode
* Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
* Bug 13019: Synchronize locale spoofing pref with our Firefox patch
* Bug 3455: Use SOCKS user+pass to isolate all requests from the same url d
omain
* Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
* Bug 13651: Prevent circuit-status related UI hang.
* Bug 13666: Various circuit status UI fixes
* Bugs 13742+13751: Remove cache isolation code in favor of direct C++ patc
h
* Bug 13746: Properly update third party isolation pref if disabled from UI
* Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
* Bug 12903: Include obfs4proxy pluggable transport
* Windows
* Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
* Bug 13558: Fix crash on Windows XP during download folder changing
* Bug 13091: Make app name "Tor Browser" instead of "Tor"
* Bug 13594: Fix update failure for Windows XP users
* Mac
* Bug 10138: Switch to 64bit builds for MacOS
Tor Browser 4.0.1 -- Oct 30 2014

* All Platforms
* Bug 13301: Prevent extensions incompatibility error after upgrades
* Bug 13460: Fix MSVC compilation issue
* Windows
* Bug 13443: Disable DirectShow to prevent crashes on many sites
* Bug 13091: Make app name "Tor Browser" instead of "Tor"
Tor Browser 4.0 -- Oct 15 2014
* All Platforms
* Bug 13378: Prevent addon reordering in toolbars on first-run.
* Bug 10751: Adapt Torbutton to ESR31's Australis UI.
* Bug 13138: ESR31-about:tor shows "Tor is not working"
* Bug 12947: Adapt session storage blocker to ESR 31.
* Bug 10716: Take care of drag/drop events in ESR 31.
* Bug 13366: Fix cert exemption dialog when disk storage is enabled.
* Update Tor Launcher to 0.2.7.0.1
* Udate fteproxy to 0.2.19
* Bug 13416: Defend against new SSLv3 attack (poodle).
* Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
* Bug 13016: Hide CSS -moz-osx-font-smoothing values.
* Bug 13356: Meek and other symlinks missing after complete update.
* Bug 13025: Spoof screen orientation to landscape-primary.
* Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
* Bug 13318: Minimize number of buttons on the browser toolbar.
* Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
* Bug 13023: Disable the gamepad API.
* Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
* Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
* Bug 13186: Disable DOM Performance timers
* Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
Tor Browser 4.0-alpha-3 -- Sep 24 2014
* All Platforms
* Update Tor to 0.2.5.8-rc
* Bug 13091: Use "Tor Browser" everywhere
* Bug 10804: Workaround fix for some cases of startup hang
* Bug 13049: Browser update failure (self.update is undefined)
* Bug 13047: Updater should not send Kernel and GTK version
* Bug 12998: Prevent intermediate certs from being written to disk
* Bug 13245: Prevent non-english TBBs from upgrading to english version.
* Linux:
* Bug 9150: Make RPATH unavailable on Tor binary.
* Bug 13031: Add full RELRO protection.
Tor Browser Bundle 3.6.6 -- Sep 24 2014
* All Platforms
* Update Tor to tor-0.2.4.24
*
*
*
*
Update NoScript to 2.6.8.42

Update HTTPS Everywhere to 4.0.1
Bug 12998: Prevent intermediate certs from being written to disk
Update Torbutton to 1.6.12.3
* Bug 10804: Workaround fix for some cases of startup hang
* Linux
* Bug 9150: Make RPATH unavailable on Tor binary.
Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014
* All Platforms
* Bug 11405: Remove firewall prompt from wizard.
* Bug 12895: Mention @riseup.net as a valid bridge request email address
* Bug 12444: Provide feedback when Copy Tor Log is clicked.
* Bug 11199: Improve error messages if Tor exits unexpectedly
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 4234: Automatic Update support (off by default)
* Bug 9881: Open popups in new tabs by default
* Meek Pluggable Transport:
* Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
* Windows:
* Bug 10065: Enable DEP, ASLR, and SSP hardening options
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 3.6.5 -- Sep 2 2014
* All Platforms
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 9531: Workaround to avoid rare hangs during New Identity
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 9881: Open popups in new tabs by default
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 4.0-alpha-1 -- Aug 8 2014
* All Platforms
* Ticket 10935: Include the Meek Pluggable Transport (version 0.10)
* Two modes of Meek are provided: Meek over Google and Meek over Amazon
* Update OpenSSL to 1.0.1i

* Script permissions now apply based on URL bar
* Bug 12221: Remove obsolete Javascript components from the toggle era
* Bug 10819: Bind new third party isolation pref to Torbutton security UI
* Bug 9268: Fix some window resizing corner cases with DPI and taskbar size
.
* Bug 12680: Change Torbutton URL in about dialog.
* Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
* Bug 9531: Workaround to avoid rare hangs during New Identity
* Bug 11199: Improve behavior if tor exits
* Bug 12451: Add option to hide TBB's logo
* Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
* Bug 11471: Ensure text fits the initial configuration dialog
* Bug 9516: Send Tor Launcher log messages to Browser Console
* Bug 11641: Reorganize bundle directory structure to mimic Firefox
* Bug 10819: Create a preference to enable/disable third party isolation
* Backported Tor Patches:
* Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.
* Linux:
* Bug 10178: Make it easier to set an alternate Tor control port and password
* Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
* Bug 12249: Don't create PT debug files anymore
Tor Browser Bundle 3.6.4 -- Aug 8 2014
* All Platforms
* Update Tor launcher to 0.2.5.6
* Bug 9516: Show Tor log in TorBrowser's Browser Console
* Update OpenSSL to 1.0.1i
* Bug 11654: Properly apply the fix for malformed bug11156 log message
* Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.
* Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
* Bug 12680: Fix Torbutton about url.
Tor Browser Bundle 3.6.3 -- Jul 24 2014
* All Platforms
* Update obfsproxy to 0.2.12
* Update FTE to 0.2.17
* Bug 12673: Update FTE bridges
* Bug 12221: Remove obsolete Javascript components from the toggle era
* Bug 10819: Bind new third party isolation pref to Torbutton security UI
* Bug 9268: Fix some window resizing corner cases with DPI and taskbar size
.
* Linux:
* Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
* Bug 12249: Don't create PT debug files anymore
Tor Browser Bundle 3.6.2 -- Jun 9 2014
* All Platforms
* Update OpenSSL to 1.0.1h
* Bug 10425: Provide geoip6 file location to Tor process
* Bug 11754: Remove untranslated locales that were dropped from Transifex
* Bug 11772: Set Proxy Type menu correctly after restart
* Bug 11699: Change &#160 to in UI elements
* Bug 11510: about:tor should not report success if tor proxy is unreachabl
e
* Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
* Bug 11722: Add hidden pref to force remote Tor check
* Bug 11763: Fix pref dialog double-click race that caused settings to be r
eset
* Bug 11629: Support proxies with Pluggable Transports
* Updates FTEProxy to 0.2.15
* Updates obfsproxy to 0.2.9
* Bug 11654: Fix malformed log message in bug11156 patch.
* Bug 10425: Add in Tor's geoip6 files to the bundle distribution
* Bugs 11834 and 11835: Include Pluggable Transport documentation
* Bug 9701: Prevent ClipBoardCache from writing to disk.
* Bug 12146: Make the CONNECT Host header the same as the Request-URI.
* Bug 12212: Disable deprecated webaudio API
* Bug 11253: Turn on TLS 1.1 and 1.2.
* Bug 11817: Don't send startup time information to Mozilla.
Tor Browser Bundle 3.6.1 -- May 6 2014
* All Platforms
* Bug 11658: Fix proxy configuration for non-Pluggable Transports users
* Backport Pending Tor Patches:
* Bug 8402: Allow Tor proxy configuration while PTs are present
* Note: The Pluggable Transports themselves have not been updated to
support proxy configuration yet.
Tor Browser Bundle 3.6 -- Apr 29 2014
* All Platforms
* Bug #11482: Hide bridge settings prompt if no default bridges.
* Bug #11484: Show help button even if no default bridges.
* Bug 7439: Improve download warning dialog text.
* Bug 11384: Completely remove hidden toggle menu item.
* Update fte transport to 0.2.13
* Bug 11156: Additional obfsproxy startup error message fixes
* Bug 11586: Include license files for component software in Docs directory.
* Windows and Mac:
* Bug 9308: Prevent install path from leaking in some JS exceptions
on Mac and Windows builds
Tor Browser Bundle 3.6-beta-2 -- Apr 8 2014
* All Platforms
*
*
*
*
*
*
Update OpenSSL to 1.0.1g

Bug 9010: Add Turkish language support.
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
Update fte transport to 0.2.12
Update NoScript to 2.6.8.19
Update Torbutton to 1.6.8.1
* Bug 11242: Fix improper "update needed" message after in-place upgrade.
* Bug 10398: Ease translation of about:tor page elements
* Bug 9665: Localize Tor's unreachable bridges bootstrap error
* Bug 9665: Report a bootstrap error if all bridges are unreachable
* Bug 11200: Prevent spurious error message prior to enabling network.
* Linux:
* Bug 11190: Switch linux PT build process to python2
* Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
* Windows:
* Bug 11286: Fix fte transport launch error
Tor Browser Bundle 3.5.4 -- Apr 7 2014
* All Platforms
* Update OpenSSL to 1.0.1g
Tor Browser Bundle 3.5.3 -- Mar 19 2014
* All Platforms
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Linux:
* Bug 9353: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script
Tor Browser Bundle 3.6-beta-1 -- Mar 17 2014
* All Platforms
* Include Pluggable Transports by default:
* Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
* Bug 10418: Provide UI configuration for Pluggable Transports
* Bug 10604: Allow Tor status & error messages to be translated
* Bug 10894: Make bridge UI clear that helpdesk is a last resort for
bridges
* Bug 10610: Clarify wizard UI text describing obstacles/blocking
* Bug 11074: Support Tails use case (XULRunner and optional
customizations)
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Bug 5018: Don't launch Pluggable Transport helpers if not in use
* Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
* Bug 11069: Detect and report Pluggable Transport bootstrap failures

* Bug 11156: Prevent spurious warning about missing pluggable transports
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Mac:
* Bug 4261: Use DMG instead of ZIP for Mac packages
* Linux:
* Bug 9353: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script
Tor Browser Bundle 3.5.2.1 -- Feb 14 2014
* All Platforms
* Bug 10895: Fix broken localized bundles
* Windows:
* Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist
Tor Browser Bundle 3.5.2 -- Feb 8 2014
* All Platforms
* Rebase Tor Browser to Firefox 24.3.0ESR
* Bug 10419: Block content window connections to localhost
* Bug 10800: Prevent findbox exception and popup in New Identity
* Bug 10640: Fix about:tor's update pointer position for RTL languages.
* Bug 10095: Fix some cases where resolution is not a multiple of 200x100
* Bug 10374: Clear site permissions on New Identity
* Bug 9738: Fix for auto-maximizing on browser start
* Bug 10682: Workaround to really disable updates for Torbutton
* Bug 10419: Don't allow connections to localhost if Torbutton is toggled
* Bug 10140: Move Japanese to extra locales (not part of TBB dist)
* Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
* Bug 10682: Workaround to really disable updates for Tor Launcher
Tor Browser Bundle 3.5.1 -- Jan 22 2014
* All Platforms
* Bug 10447: Remove SocksListenAddress to allow multiple socks ports.
* Bug 10464: Remove addons.mozilla.org from NoScript whitelist
* Bug 10537: Build an Arabic version of TBB 3.5
* Bug 9486: Clear NoScript Temporary Permissions on New Identity
* Include Arabic translations
* Include Arabic translations
* Update OpenSSL to 1.0.1f
* Windows
* Bug 9259: Enable Accessibility (screen reader) support
* Mac
* misc: Update bundle version field in Info.plist (for MacUpdates service)
Tor Browser Bundle 3.5 -- Dec 17 2013
* All Platforms
* Bug 10382: Fix a Tor Launcher hang on TBB exit

* Misc: Switch update download URL back to download-easy
Tor Browser Bundle 3.5rc1 -- Dec 12 2013
* All Platforms
* Update HTTPS-Everywhere to 3.4.4tbb (special TBB tag)
* Tag includes a patch to handle enabling/disabling Mixed Content Blocking
* Bug 5060: Disable health report service
* Bug 10367: Disable prompting about health report and Mozilla Sync
* Misc Prefs: Disable HTTPS-Everywhere first-run tooltips
* Misc Prefs: Disable layer acceleration to avoid crashes on Windows
* Misc Prefs: Disable Mixed Content Blocker pending backport of Mozilla Bug 8
78890
* Bug 10147: Adblock Plus interferes w/Tor Launcher dialog
* Bug 10201: FF ESR 24 hangs during exit on Mac OS
* Bug 9984: Support running Tor Launcher from InstantBird
* Misc: Support browser directory location API changes in Firefox 24
* Bug 10352: Clear FF24 Private Browsing Mode data during New Identity
* Bug 8167: Update cache isolation for FF24 API changes
* Bug 10201: FF ESR 24 hangs during exit on Mac OS
* Bug 10078: Properly clear crypto tokens during New Identity on FF24
* Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF2
4
* Linux
* Bug 10213; Use LD_LIBRARY_PATH (fixes launch issues on old Linux distros)
Tor Browser Bundle 3.0rc1 -- Nov 21 2013
* All Platforms:
* Remove unsupported PDF.JS addon from the bundle
* Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshak
e.
* Bug #10002: Make the TBB3.0 blog tag our update download URL for now
* Windows
* Bug #10102: Patch binutils to remove nondeterministic bytes in compiled bin
aries
* Linux
* Bug #10049: Fix architecture check to work from outside TBB's directory
* Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
* Misc: Disable Firefox updater during compile time (in addition to pref)
Tor Browser Bundle 3.0beta1 -- Oct 31 2013
* All Platforms:
* Bug #9114: Reorganize the bundle directory structure to ease future
autoupdates
* Bug #9173: Patch Tor Browser to auto-detect profile directory if
launched without the wrapper script.
* Bug #9012: Hide Tor Browser infobar for missing plugins.
* Bug #8364: Change the default entry page for the addons tab to the
installed addons page.
* Bug #9867: Make flash objects really be click-to-play if flash is enabled.
* Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify

caller usage of the API
* Bug #3661: Remove polipo and privoxy from the banned ports list.
* misc: Fix a potential memory leak in the Image Cache isolation
* misc: Fix a potential crash if OS theme information is ever absent
* Update Tor-Launcher to 0.2.3.1-beta
* Bug #9114: Handle new directory structure
* misc: Tor Launcher now supports Thunderbird
* Update Torbutton to 1.6.4
* Bug #9224: Support multiple Tor socks ports for about:tor status check
* Bug #9587: Add TBB version number to about:tor
* Bug #9144: Workaround to handle missing translation properties
* Windows:
* Bug #9084: Fix startup crash on Windows XP.
* Linux:
* Bug #9487: Create detached debuginfo files for Linux Tor and Tor
Browser binaries.
Tor Browser Bundle 3.0alpha4 -- Sep 24 2013
* All Platforms:
* Bug #8751: Randomize TLS HELLO timestamp in HTTPS connections
* Bug #9790 (workaround): Temporarily re-enable JS-Ctypes for cache
isolation and SSL Observatory
* Update Tor-Launcher to 0.2.2-alpha
* Bug #9675: Provide feedback mechanism for clock-skew and other early
startup issues
* Bug #9445: Allow user to enter bridges with or without 'bridge' keyword
* Bug #9593: Use UTF16 for Tor process launch to handle unicode paths.
* misc: Detect when Tor exits and display appropriate notification
* Bug 9492: Fix Torbutton logo on OSX and Windows (and related
initialization code)
* Bug 8839: Disable Google/Startpage search filters using Tor-specific urls
Tor Browser Bundle 3.0alpha3 -- Aug 01 2013
* All Platforms:
* Improve build input fetching and authentication
* Bug #9283: Update NoScript prefs for usability.
* Bug #6152 (partial): Disable JSCtypes support at compile time
* Bug 8478: Change when window resize code fires to avoid rounding errors
* Bug 9331: Hack an update URL for the next TBB release
* Bug 9144: Change an aboutTor.dtd string so transifex will accept it
* Update Tor-Launcher to 0.2.1-alpha
* Bug #9128: Remove dependency on JSCtypes
* Windows
* Bug #9195: Disable download manager AV scanning (to prevent cloud
reporting+scanning of downloaded files)
* Mac:
* Bug #9173 (partial): Launch firefox-bin on MacOS instead of TorBrowser.app
(improves dock behavior).
Tor Browser Bundle 3.0alpha2 -- June 27 2013

* All Platforms:
* Include Tor's GeoIP file
* This should fix custom torrc issues with country-based node
restrictions
* Fix several build determinism issues
* Include ChangeLog in bundles.
* Linux:
* Use Ubuntu's 'hardening-wrapper' to build our Linux binaries
* Windows:
* Fix many crash issues by disabling Direct2D support for now.
* Mac:
* Bug 8987: Disable TBB's 'Saved Application State' disk records on OSX 10.7+
Tor Browser Bundle 3.0alpha1 -- June 17 2013
* All Platforms:
* Remove Vidalia; Use the new Tor Launcher Firefox Addon instead
* bug 7494: Create a local home page for TBB as about:tor
* misc: Perform a control port test of proper Tor configuration by default.
Only use https://check.torproject.org if the control port is
unavailable.
* misc: Add an icon menu option for Tor Launcher's Network Settings
* misc: Add branding string overrides (primarily controls browser name and
homepage)
* Update PDF.JS to 0.8.1
* Windows:
* Use MinGW-w64 (via Gitian) to cross-compile the bundles from Ubuntu
* Use TBB-Windows-Installer to guide Windows users through TBB extraction
* Temporarily disable WebGL and Accessibility support due to minor MinGW
issues
* Mac:
* Use 'Toolchain4' fork by Ray Donnelley to cross-compile the bundles from
Ubuntu

Change Log

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Change Log

Transféré par

Droits d'auteur :

Formats disponibles

Tor Browser 4.5.

* Bug 15915: Hide circuit display if it is disabled.

* Bug 11236: Fix omnibox order for non-English builds

* Bug 13672: Make circuit display optional

Tor Browser 4.0.1 -- Oct 30 2014

Update NoScript to 2.6.8.42

* Update NoScript to 2.6.8.36

Update OpenSSL to 1.0.1g

* Bug 11069: Detect and report Pluggable Transport bootstrap failures

* Update Torbutton to 1.6.5.2

* Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify

Tor Browser Bundle 3.0alpha2 -- June 27 2013

Vous aimerez peut-être aussi