Versie historie van Tor Browser Bundle for Mac (Nederlands) 64-bit

<<Terug naar software beschrijving

Veranderingen voor v9.0.6 - v9.0.7

  • All Platforms
  • Bump NoScript to 11.0.19
  • Bump Https-Everywhere to 2020.3.16
  • Bug 33613: Disable Javascript on Safest security level
  • Windows + OS X + Linux
  • Bump Tor to 0.4.2.7



Veranderingen voor v9.0 - v9.0.1

  • All Platforms
  • Update NoScript to 11.0.4
  • Bug 21004: Don't block JavaScript on onion services on medium security
  • Bug 27307: NoScript marks HTTP onions as not secure
  • Bug 30783: Fundraising banner for EOY 2019 campain
  • Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
  • Bug 27268: Preferences clean-up
  • Windows + OS X + Linux
  • Update Tor Launcher to 0.2.20.2
  • Bug 32164: Trim each received log line from tor
  • Translations update
  • Bug 31803: Replaced about:debugging logo with flat version
  • Bug 31764: Fix for error when navigating via 'Paste and go'
  • Bug 32169: Fix TB9 Wikipedia address bar search
  • Bug 32210: Hide the tor pane when using a system tor
  • Bug 31658: Use builtin --panel-disabled-color for security level text
  • Bug 32188: Fix localization on about:preferences#tor
  • Bug 32184: Red dot is shown while downloading an update



Veranderingen voor v8.5.2 - v8.5.3

  • * All platforms
  • * Pick up fix for Mozilla's bug 1560192



Veranderingen voor v8.5 - v8.5.2

  • Tor Browser 8.5.2 -- June 19 2019
  • * All platforms
  • * Pick up fix for Mozilla's bug 1544386
  • * Update NoScript to 10.6.3
  • * Bug 29904: NoScript blocks MP4 on higher security levels
  • * Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
  • Tor Browser 8.5.1 -- June 4 2019
  • * All platforms
  • * Update Torbutton to 2.1.10
  • * Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
  • * Bug 30464: Add WebGL to safer descriptions
  • * Translations update
  • * Update NoScript to 10.6.2
  • * Bug 29969: Remove workaround for Mozilla's bug 1532530
  • * Update HTTPS Everywhere to 2019.5.13
  • * Bug 30541: Disable WebGL readPixel() for web content
  • * Windows + OS X + Linux
  • * Bug 30560: Better match actual toolbar in onboarding toolbar graphic
  • * Bug 30571: Correct more information URL for security settings
  • * Android
  • * Bug 30635: Sync mobile default bridges list with desktop one
  • * Build System
  • * All platforms
  • * Bug 30480: Check that signed tag contains expected tag name



Veranderingen voor v8.0.8 - v8.0.9

  • All platforms
  • Update Torbutton to 2.0.13
  • Bug 30388: Make sure the updated intermediate certificate keeps working
  • Backport fixes for bug 1549010 and bug 1549061
  • Bug 30388: Make sure the updated intermediate certificate keeps working
  • Update NoScript to 10.6.1
  • Bug 29872: XSS popup with DuckDuckGo search on about:to



Veranderingen voor v8.0.7 - v8.0.8

  • All platforms
  • Update Firefox to 60.6.1esr
  • Update NoScript to 10.2.4
  • Bug 29733: Work around Mozilla's bug 1532530



Veranderingen voor v8.0.6 - v8.0.7

  • All platforms
  • Update Firefox to 60.6.0esr
  • Update Tor to 0.3.5.8
  • Bug 29660: XMPP can not connect to SOCKS5 anymore
  • Update Torbutton to 2.0.11
  • Bug 29021: Tell NoScript it is running within Tor Browser
  • Windows
  • Bug 29081: Harden libwinpthread



Veranderingen voor v8.0.5 - v8.0.6

  • All platforms
  • Update Firefox to 60.5.1esr
  • Update HTTPS Everywhere to 2019.1.31
  • Bug 29378: Remove 83.212.101.3 from default bridges
  • Build System
  • All Platforms
  • Bug 29235: Build our own version of python3.6 for HTTPS Everywhere



Veranderingen voor v8.0.1 - v8.0.2

  • All platforms
  • Update Firefox to 60.2.1esr
  • Backport fix for Mozilla bug 1493900 and 1493903
  • OS X
  • Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility



Veranderingen voor v8.0 - v8.0.1

  • All platforms
  • Update Tor to 0.3.4.8
  • Update Torbutton to 2.0.7
  • Bug 27097: Tor News signup banner
  • Bug 27663: Add New Identity menuitem again
  • Bug 26624: Only block OBJECT on highest slider level
  • Bug 26555: Don't show IP address for meek or snowflake
  • Bug 27478: Torbutton icons for dark theme
  • Bug 27506+14520: Move status version to upper left corner for RTL locales
  • Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
  • Bug 27558: Update the link to "Your Guard note may not change" text
  • Translations update
  • Update Tor Launcher to 0.2.16.6
  • Bug 27469: Adapt Moat URLs
  • Translations update
  • Clean-up
  • Update NoScript to 10.1.9.6
  • Bug 27763: Restrict Torbutton signing exemption to mobile
  • Bug 26146: Spoof HTTP User-Agent header for desktop platforms
  • Bug 27543: QR code is broken on web.whatsapp.com
  • Bug 27264: Bookmark items are not visible on the boomark toolbar
  • Bug 27535: Enable TLS 1.3 draft version
  • Backport of Mozilla bug 1490585, 1475775, and 1489744
  • OS X
  • Bug 27482: Fix crash during start-up on macOS 10.9.x systems



Veranderingen voor v7.5.1 - v7.5.2

  • Update Firefox to 52.7.2esr



Veranderingen voor v7.0.11 - v7.5

  • All Platforms
  • Update Firefox to 52.6.0esr
  • Update Tor to 0.3.2.9
  • Update OpenSSL to 1.0.2n
  • Update Torbutton to 1.9.8.5
  • Bug 21847: Update copy for security slider
  • Bug 21245: Add da translation to Torbutton and keep track of it
  • Bug 24702: Remove Mozilla text from banner
  • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
  • Translations update
  • Update Tor Launcher to 0.2.14.3
  • Bug 23262: Implement integrated progress bar
  • Bug 23261: implement configuration portion of new Tor Launcher UI
  • Bug 24623: Revise "country that censors Tor" text
  • Bug 24624: tbb-logo.svg may cause network access
  • Bug 23240: Retrieve current bootstrap progress before showing progress bar
  • Bug 24428: Bootstrap error message sometimes lost
  • Bug 22232: Add README on use of bootstrap status messages
  • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
  • Translations update
  • Update HTTPS Everywhere to 2018.1.11
  • Update NoScript to 5.1.8.3
  • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
  • Bug 24398: Plugin-container process exhausts memory
  • Bug 22501: Requests via javascript: violate FPI
  • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
  • Bug 16010: Enable content sandboxing on Windows
  • Bug 23230: Fix build error on Windows 64
  • OS X
  • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
  • Bug 23025: Add some hardening flags to macOS build
  • Linux
  • Bug 23970: Make "Print to File" work with sandboxing enabled
  • Bug 23016: "Print to File" is broken on some non-english Linux systems
  • Bug 10089: Set middlemouse.contentLoadURL to false by default
  • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Bug 22084: Spoof network information API
  • Build System
  • All Platforms
  • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
  • Windows
  • Bug 22563: Update mingw-w64 to fix W^X violations
  • Bug 20929: Bump GCC version to 5.4.0
  • Linux
  • Bug 20929: Bump GCC version to 5.4.0
  • Bug 23892: Include Firefox and Tor debug files in final build directory
  • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds



Veranderingen voor v7.0.10 - v7.0.11

  • All Platforms
  • Update Firefox to 52.5.2esr
  • Update Tor to 0.3.1.9
  • Update HTTPS-Everywhere to 2017.12.6
  • Update NoScript to 5.1.8.1



Veranderingen voor v7.0.9 - v7.0.10

  • * All Platforms
  • * Update Firefox to 52.5.0esr
  • * Update Tor to 0.3.1.8
  • * Update Torbutton to 1.9.7.10
  • * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
  • * Translations update
  • * Update HTTPS-Everywhere to 2017.10.30
  • * Bug 24178: Use make.sh for building HTTPS-Everywhere
  • * Update NoScript to 5.1.5
  • * Bug 23968: NoScript icon jumps to the right after update
  • * Windows
  • * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
  • * Bug 23396: Update the msvcr100.dll we ship
  • * Bug 24052: Block file:// redirects early



Veranderingen voor v7.0.4 - v7.0.5

  • All Platforms
  • Update Torbutton to 1.9.7.6
  • Bug 22989: Fix dimensions of new windows on macOS
  • Translations update
  • Update HTTPS-Everywhere to 2017.8.31
  • Update NoScript to 5.0.9
  • Bug 23166: Add new obfs4 bridge to the built-in ones
  • Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
  • Bug 21270: NoScript settings break WebExtensions add-ons



Veranderingen voor v7.0.2 - v7.0.4

  • All Platforms
  • Update Firefox to 52.3.0esr
  • Update Tor to 0.3.0.10
  • Update Torbutton to 1.9.7.5
  • Bug 21999: Fix display of language prompt in non-en-US locales
  • Bug 18193: Don't let about:tor have chrome privileges
  • Bug 22535: Search on about:tor discards search query
  • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
  • Code clean-up
  • Translations update
  • Update Tor Launcher to 0.2.12.3
  • Bug 22592: Default bridge settings are not removed
  • Translations update
  • Update HTTPS-Everywhere to 5.2.21
  • Update NoScript to 5.0.8.1
  • Bug 22362: Remove workaround for XSS related browser freezing
  • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
  • Bug 21321: Exempt .onions from HTTP related security warnings
  • Bug 22073: Disable GetAddons option on addons page
  • Bug 22884: Fix broken about:tor page on higher security levels
  • Windows
  • Bug 22829: Remove default obfs4 bridge riemann.
  • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
  • Bug 22829: Remove default obfs4 bridge riemann.



Veranderingen voor v7.0.1 - v7.0.2

  • This release features an important security update to Tor.



Veranderingen voor v7.0 - v7.0.1

  • All Platforms
  • Update Firefox to 52.2.0esr
  • Update Tor to 0.3.0.8
  • Update Torbutton to 1.9.7.4
  • Bug 22542: Security Settings window too small on macOS 10.12
  • Update HTTPS-Everywhere to 5.2.18
  • Bug 22362: NoScript's XSS filter freezes the browser
  • OS X
  • Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0



Veranderingen voor v6.5.2 - v7.0

  • All Platforms
  • Update Firefox to 52.1.2esr
  • Update Tor to 0.3.0.7
  • Update Torbutton to 1.9.7.3
  • Bug 22104: Adjust our content policy whitelist for ff52-esr
  • Bug 22457: Allow resources loaded by view-source://
  • Bug 21627: Ignore HTTP 304 responses when checking redirects
  • Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
  • Bug 21865: Update our JIT preferences in the security slider
  • Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
  • Bug 21745: Fix handling of catch-all circuit
  • Bug 21547: Fix circuit display under e10s
  • Bug 21268: e10s compatibility for New Identity
  • Bug 21267: Remove window resize implementation for now
  • Bug 21201: Make Torbutton multiprocess compatible
  • Translations update
  • Update Tor Launcher to 0.2.12.2
  • Bug 22283: Linux 7.0a4 broken after update due to unix: lines in torrc
  • Bug 20761: Don't ignore additional SocksPorts
  • Bug 21920: Don't show locale selection dialog
  • Bug 21546: Mark Tor Launcher as multiprocess compatible
  • Bug 21264: Add a README file
  • Translations update
  • Update HTTPS-Everywhere to 5.2.17
  • Update NoScript to 5.0.5
  • Update Go to 1.8.3 (bug 22398)
  • Bug 21962: Fix crash on about:addons page
  • Bug 21766: Fix crash when the external application helper dialog is invoked
  • Bug 21886: Download is stalled in non-e10s mode
  • Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
  • Bug 21569: Add first-party domain to Permissions key
  • Bug 22165: Don't allow collection of local IP addresses
  • Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
  • Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
  • Bug 13612: Disable Social API
  • Bug 10283: Disable SpeechSynthesis API
  • Bug 22333: Disable WebGL2 API for now
  • Bug 21861: Disable additional mDNS code to avoid proxy bypasses
  • Bug 21684: Don't expose navigator.AddonManager to content
  • Bug 21431: Clean-up system extensions shipped in Firefox 52
  • Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
  • Bug 16285: Don't ship ClearKey EME system and update EME preferences
  • Bug 21675: Spoof window.navigator.hardwareConcurrency
  • Bug 21792: Suppress MediaError.message
  • Bug 16337: Round times exposed by Animation API to nearest 100ms
  • Bug 21972: about:support is partially broken
  • Bug 21726: Keep Graphite support disabled
  • Bug 21323: Enable Mixed Content Blocking
  • Bug 21685: Disable remote new tab pages
  • Bug 21790: Disable captive portal detection
  • Bug 21686: Disable Microsoft Family Safety support
  • Bug 22073: Make sure Mozilla's experiments are disabled
  • Bug 21683: Disable newly added Safebrowsing capabilities
  • Bug 22071: Disable Kinto-based blocklist update mechanism
  • Bug 22415: Fix format error in our pipeline patch
  • Bug 22072: Hide TLS error reporting checkbox
  • Bug 20761: Don't ignore additional SocksPorts
  • Bug 21862: Rip out potentially unsafe Rust code
  • Bug 16485: Improve about:cache page
  • Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
  • Bug 21340: Identify and backport new patches from Firefox
  • Bug 22153: Fix broken feeds on higher security levels
  • Bug 22025: Fix broken certificate error pages on higher security levels
  • Bug 21887: Fix broken error pages on higher security levels
  • Bug 22458: Fix broken `about:cache` page on higher security levels
  • Bug 21876: Enable e10s by default on all supported platforms
  • Bug 21876: Always use esr policies for e10s
  • Bug 20905: Fix resizing issues after moving to a direct Firefox patch
  • Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
  • Bug 21885: SVG is not disabled in Tor Browser based on ESR52
  • Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
  • Bug 18531: Uncaught exception when opening ip-check.info
  • Bug 18574: Uncaught exception when clicking items in Library
  • Bug 22327: Isolate Page Info media previews to first party domain
  • Bug 22452: Isolate tab list menuitem favicons to first party domain
  • Bug 15555: View-source requests are not isolated by first party domain
  • Bug 3246: Double-key cookies
  • Bug 8842: Fix XML parsing error
  • Bug 5293: Neuter fingerprinting with Battery API
  • Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
  • Bug 19645: TBB zooms text when resizing browser window
  • Bug 19192: Untrust Blue Coat CA
  • Bug 19955: Avoid confusing warning that favicon load request got cancelled
  • Bug 20005: Backport fixes for memory leaks investigation
  • Bug 20755: ltn.com.tw is broken in Tor Browser
  • Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
  • Bug 20680: Rebase Tor Browser patches to 52 ESR
  • Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
  • Bug 22468: Add default obfs4 bridges frosty and dragon
  • Windows
  • Bug 22419: Prevent access to file://
  • Bug 12426: Make use of HeapEnableTerminationOnCorruption
  • Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
  • Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
  • OS X
  • Bug 21940: Don't allow privilege escalation during update
  • Bug 22044: Fix broken default search engine on macOS
  • Bug 21879: Use our default bookmarks on OSX
  • Bug 21779: Non-admin users can't access Tor Browser on macOS
  • Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
  • Bug 21724: Make Firefox and Tor Browser distinct macOS apps
  • Bug 21931: Backport OSX SetupMacCommandLine updater fixes
  • Bug 15910: Don't download GMPs via the local fallback
  • Linux
  • Bug 16285: Remove ClearKey related library stripping
  • Bug 22041: Fix update error during update to 7.0a3
  • Bug 22238: Fix use of hardened wrapper for Firefox build
  • Bug 21907: Fix runtime error on CentOS 6
  • Bug 15910: Don't download GMPs via the local fallback
  • Android
  • Bug 19078: Disable RtspMediaResource stuff in Orfox
  • Build system
  • Windows
  • Bug 21837: Fix reproducibility of accessibility code for Windows
  • Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
  • Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
  • Bug 18831: Use own Yasm for Firefox cross-compilation
  • OS X
  • Bug 21328: Updating to clang 3.8.0
  • Bug 21754: Remove old GCC toolchain and macOS SDK
  • Bug 19783: Remove unused macOS helper scripts
  • Bug 10369: Don't use old GCC toolchain anymore for utils
  • Bug 21753: Replace our old GCC toolchain in PT descriptor
  • Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
  • Bug 22328: Remove clang PIE wrappers



Veranderingen voor v6.5 - v6.5.1

  • All Platforms
  • Update Firefox to 45.8.0esr
  • Tor to 0.2.9.10
  • OpenSSL to 1.0.2k
  • Update Torbutton to 1.9.6.14
  • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
  • Bug 21574: Add link for zh manual and create manual links dynamically
  • Bug 21330: Non-usable scrollbar appears in tor browser security settings
  • Translation updates
  • Update HTTPS-Everywhere to 5.2.11
  • Bug 21514: Restore W^X JIT implementation removed from ESR45
  • Bug 21536: Remove scramblesuit bridge
  • Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge



Veranderingen voor v6.0.8 - v6.5

  • All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.2.9.9
  • OpenSSL to 1.0.2j
  • Update Torbutton to 1.9.6.12
  • Bug 16622: Timezone spoofing moved to tor-browser.git
  • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
  • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
  • Bug 20701: Allow the directory listing stylesheet in the content policy
  • Bug 19837: Whitelist internal URLs that Firefox requires for media
  • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
  • Bug 19273: Improve external app launch handling and associated warnings
  • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
  • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
  • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
  • Bug 20556: Use pt-BR strings from now on
  • Bug 20614: Add links to Tor Browser User Manual
  • Bug 20414: Fix non-rendering arrow on OS X
  • Bug 20728: Fix bad preferences.xul dimensions
  • Bug 19898: Use DuckDuckGo on about:tor
  • Bug 21091: Hide the update check menu entry when running under the sandbox
  • Bug 19459: Move resizing code to tor-browser.git
  • Bug 20264: Change security slider to 3 options
  • Bug 20347: Enhance security slider's custom mode
  • Bug 20123: Disable remote jar on all security levels
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 17546: Add tooltips to explain our privacy checkboxes
  • Bug 17904: Allow security settings dialog to resize
  • Bug 18093: Remove 'Restore Defaults' button
  • Bug 20373: Prevent redundant dialogs opening
  • Bug 20318: Remove helpdesk link from about:tor
  • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
  • Bug 20753: Remove obsolete StartPage locale strings
  • Bug 21131: Remove 2016 donation banner
  • Bug 18980: Remove obsolete toolbar button code
  • Bug 18238: Remove unused Torbutton code and strings
  • Bug 20388+20399+20394: Code clean-up
  • Translation updates
  • Update Tor Launcher to 0.2.10.3
  • Bug 19568: Set CurProcD for Thunderbird/Instantbird
  • Bug 19432: Remove special handling for Instantbird/Thunderbird
  • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 16622: Spoof timezone with Firefox patch
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 20123: Always block remote jar files
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
  • Bug 20709: Fix wrong update URL in alpha bundles
  • Bug 19481: Point the update URL to aus1.torproject.org
  • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
  • Bug 20442: Backport fix for local path disclosure after drag and drop
  • Bug 20160: Backport fix for broken MP3-playback
  • Bug 20043: Isolate SharedWorker script requests to first party
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 19336+19835: Enhance about:tbupdate page
  • Bug 20399+15852: Code clean-up
  • Windows
  • Bug 20981: On Windows, check TZ for timezone first
  • Bug 18175: Maximizing window and restarting leads to non-rounded window size
  • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
  • Bug 20590: Badly resized window due to security slider notification bar on OS X
  • Bug 20439: Make the build PIE on OSX
  • Linux
  • Bug 20691: Updater breaks if unix domain sockets are used
  • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build system
  • All platforms
  • Bug 20927: Upgrade Go to 1.7.4
  • Bug 20583: Make the downloads.json file reproducible
  • Bug 20133: Don't apply OpenSSL patch anymore
  • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
  • Bug 18291: Remove some uses of libfaketime
  • Bug 18845: Make zip and tar helpers generate reproducible archives
  • OS X
  • Bug 20258: Make OS X Tor archive reproducible again
  • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
  • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
  • Bug 19410: Fix incremental updates by taking signatures into account
  • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one



Veranderingen voor v6.0.7 - v6.0.8

  • All Platforms
  • Update Firefox to 45.6.0esr
  • Update Tor to 0.2.8.11
  • Update Torbutton to 1.9.5.13
  • Bug 20947: Donation banner improvements
  • Update HTTPS-Everywhere to 5.2.8
  • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
  • Bug 20837: Activate iat-mode for certain obfs4 bridges
  • Bug 20838: Uncomment NX01 default obfs4 bridge
  • Bug 20840: Rotate ports a third time for default obfs4 bridges



Veranderingen voor v6.0.6 - v6.0.7

  • All Platforms
  • Update Firefox to 45.5.1esr
  • Update NoScript to 2.9.5.2



Veranderingen voor v6.0.5 - v6.0.6

  • All Platforms
  • Update Firefox to 45.5.0esr
  • Update Tor to 0.2.8.9
  • Update OpenSSL to 1.0.1u
  • Update Torbutton to 1.9.5.12
  • Bug 20414: Add donation banner on about:tor for 2016 campaign
  • Translation updates
  • Update Tor Launcher to 0.2.9.4
  • Bug 20429: Do not open progress window if tor doesn't get started
  • Bug 19646: Wrong location for meek browser profile on OS X
  • Update HTTPS-Everywhere to 5.2.7
  • Update meek to 0.25
  • Bug 19646: Wrong location for meek browser profile on OS X
  • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
  • Bug 19838: Add dgoulet's bridge and add another one commented out
  • Bug 20296: Rotate ports again for default obfs4 bridges
  • Bug 19735: Switch default search engine to DuckDuckGo
  • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Windows
  • Bug 20342: Add tor-gencert.exe to expert bundle
  • OS X
  • Bug 20204: Windows don't drag on macOS Sierra anymore
  • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
  • Build system
  • All platforms
  • Bug 20023: Upgrade Go to 1.7.3



Veranderingen voor v6.0 - v6.0.1

  • All Platforms
  • Update Firefox to 45.2.0esr
  • Bug 18884: Don't build the loop extension
  • Bug 19187: Backport fix for crash related to popup menus
  • Bug 19212: Fix crash related to network panel in developer tools



Veranderingen voor v5.5.5 - v6.0

  • All Platforms
  • Update Firefox to 45.1.1esr
  • Update OpenSSL to 1.0.1t
  • Update Torbutton to 1.9.5.4
  • Bug 18466: Make Torbutton compatible with Firefox ESR 45
  • Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
  • Bug 18905: Hide unusable items from help menu
  • Bug 16017: Allow users to more easily set a non-tor SSH proxy
  • Bug 17599: Provide shortcuts for New Identity and New Circuit
  • Translation updates
  • Code clean-up
  • Update Tor Launcher to 0.2.9.3
  • Bug 13252: Do not store data in the application bundle
  • Bug 18947: Tor Browser is not starting on OS X if put into /Applications
  • Bug 11773: Setup wizard UI flow improvements
  • Translation updates
  • Update HTTPS-Everywhere to 5.1.9
  • Update meek to 0.22 (tag 0.22-18371-3)
  • Bug 18371: Symlinks are incompatible with Gatekeeper signing
  • Bug 18904: Mac OS: meek-http-helper profile not updated
  • Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
  • Bug 18900: Fix broken updater on Linux
  • Bug 19121: The update.xml hash should get checked during update
  • Bug 18042: Disable SHA1 certificate support
  • Bug 18821: Disable libmdns support for desktop and mobile
  • Bug 18848: Disable additional welcome URL shown on first start
  • Bug 14970: Exempt our extensions from signing requirement
  • Bug 16328: Disable MediaDevices.enumerateDevices
  • Bug 16673: Disable HTTP Alternative-Services
  • Bug 17167: Disable Mozilla's tracking protection
  • Bug 18603: Disable performance-based WebGL fingerprinting option
  • Bug 18738: Disable Selfsupport and Unified Telemetry
  • Bug 18799: Disable Network Tickler
  • Bug 18800: Remove DNS lookup in lockfile code
  • Bug 18801: Disable dom.push preferences
  • Bug 18802: Remove the JS-based Flash VM (Shumway)
  • Bug 18863: Disable MozTCPSocket explicitly
  • Bug 15640: Place Canvas MediaStream behind site permission
  • Bug 16326: Verify cache isolation for Request and Fetch APIs
  • Bug 18741: Fix OCSP and favicon isolation for ESR 45
  • Bug 16998: Disable for now
  • Bug 18898: Exempt the meek extension from the signing requirement as well
  • Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
  • Bug 18890: Test importScripts() for cache and network isolation
  • Bug 18886: Hide pocket menu items when Pocket is disabled
  • Bug 18703: Fix circuit isolation issues on Page Info dialog
  • Bug 19115: Tor Browser should not fall back to Bing as its search engine
  • Bug 18915+19065: Use our search plugins in localized builds
  • Bug 19176: Zip our language packs deterministically
  • Bug 18811: Fix first-party isolation for blobs URLs in Workers
  • Bug 18950: Disable or audit Reader View
  • Bug 18886: Remove Pocket
  • Bug 18619: Tor Browser reports "InvalidStateError" in browser console
  • Bug 18945: Disable monitoring the connected state of Tor Browser users
  • Bug 18855: Don't show error after add-on directory clean-up
  • Bug 18885: Disable the option of logging TLS/SSL key material
  • Bug 18770: SVGs should not show up on Page Info dialog when disabled
  • Bug 18958: Spoof screen.orientation values
  • Bug 19047: Disable Heartbeat prompts
  • Bug 18914: Use English-only label in tags
  • Bug 18996: Investigate server logging in esr45-based Tor Browser
  • Bug 17790: Add unit tests for keyboard fingerprinting defenses
  • Bug 18995: Regression test to ensure CacheStorage is disabled
  • Bug 18912: Add automated tests for updater cert pinning
  • Bug 16728: Add test cases for favicon isolation
  • Bug 18976: Remove some FTE bridges
  • Windows
  • Bug 13419: Support ICU in Windows builds
  • Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
  • Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
  • OS X
  • Bug 6540: Support OS X Gatekeeper
  • Bug 13252: Tor Browser should not store data in the application bundle
  • Bug 18951: HTTPS-E is missing after update
  • Bug 18904: meek-http-helper profile not updated
  • Bug 18928: Upgrade is not smooth (requires another restart)
  • Build System
  • All Platforms
  • Bug 18127: Add LXC support for building with Debian guest VMs
  • Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
  • Bug 18919: Remove unused keys and unused dependencies
  • Windows
  • Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
  • Bug 18290: Bump mingw-w64 commit we use
  • OS X
  • Bug 18331: Update toolchain for Firefox 45 ESR
  • Bug 18690: Switch to Debian Wheezy guest VMs
  • Linux
  • Bug 18699: Stripping fails due to obsolete Browser/components directory
  • Bug 18698: Include libgconf2-dev for our Linux builds
  • Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)



Veranderingen voor v5.5.4 - v5.5.5

  • All Platforms
  • Update Firefox to 38.8.0esr
  • Update Tor Launcher to 0.2.7.9
  • Bug 10534: Don't advertise the help desk directly anymore
  • Translation updates
  • Update HTTPS-Everywhere to 5.1.6
  • Update NoScript to 2.9.0.11
  • Bug 18726: Add new default obfs4 bridge (GreenBelt)



Veranderingen voor v5.5.2 - v5.5.3

  • All Platforms
  • Update Firefox to 38.7.0esr
  • Update OpenSSL to 1.0.1s
  • Update NoScript to 2.9.0.4
  • Update HTTPS Everywhere to 5.1.4
  • Update Torbutton to 1.9.4.4
  • Bug 16990: Don't mishandle multiline commands
  • Bug 18144: about:tor update arrow position is wrong
  • Bug 16725: Allow resizing with non-default homepage
  • Translation updates
  • Bug 18030: Isolate favicon requests on Page Info dialog
  • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
  • Bug 18170: Make sure the homepage is shown after an update as well
  • Windows
  • Bug 18292: Disable staged updates on Windows



Veranderingen voor v5.5.1 - v5.5.2

  • All Platforms
  • Update Firefox to 38.6.1esr
  • Update NoScript to 2.9.0.3



Veranderingen voor v5.5 - v5.5.1

  • All Platforms
  • Bug 18168: Don't clear an iframe's window.name (fix of #16620)
  • Bug 18137: Add two new obfs4 default bridges
  • Windows
  • Bug 18169: Whitelist zh-CN UI font
  • OS X
  • Bug 18172: Add Emoji support
  • Linux



Veranderingen voor v5.0.7 - v5.5

  • All Platforms
  • Update Firefox to 38.6.0esr
  • Update libevent to 2.0.22-stable
  • Update NoScript to 2.9.0.2
  • Update Torbutton to 1.9.4.3
  • Bug 16990: Show circuit display for connections using multi-party channels
  • Bug 18019: Avoid empty prompt shown after non-en-US update
  • Bug 18004: Remove Tor fundraising donation banner
  • Bug 16940: After update, load local change notes
  • Bug 17108: Polish about:tor appearance
  • Bug 17568: Clean up tor-control-port.js
  • Bug 16620: Move window.name handling into a Firefox patch
  • Bug 17351: Code cleanup
  • Translation updates
  • Update Tor Launcher to 0.2.7.8
  • Bug 18113: Randomly permutate available default bridges of chosen type
  • Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
  • Bug 10140: Add new Tor Browser locale (Japanese)
  • Bug 17428: Remove Flashproxy
  • Bug 13512: Load a static tab with change notes after an update
  • Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
  • Bug 15564: Isolate SharedWorkers by first-party domain
  • Bug 16940: After update, load local change notes
  • Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
  • Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
  • Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
  • Bug 17369: Disable RC4 fallback
  • Bug 17442: Remove custom updater certificate pinning
  • Bug 16620: Move window.name handling into a Firefox patch
  • Bug 17220: Support math symbols in font whitelist
  • Bug 10599+17305: Include updater and build patches needed for hardened builds
  • Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
  • Bug 18072: Change recommended pluggable transport type to obfs4
  • Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
  • Bug 16322: Use onion address for DuckDuckGo search engine
  • Bug 17917: Changelog after update is empty if JS is disabled
  • Windows
  • Bug 17250: Add localized font names to font whitelist
  • Bug 16707: Allow more system fonts to get used on Windows
  • Bug 13819: Ship expert bundles with console enabled
  • Bug 17250: Fix broken Japanese fonts
  • Bug 17870: Add intermediate certificate for authenticode signing
  • OS X
  • Bug 17122: Rename Japanese OS X bundle
  • Bug 16707: Allow more system fonts to get used on OS X
  • Bug 17661: Whitelist font .Helvetica Neue DeskInterface



Veranderingen voor v5.0.5 - v5.0.6

  • All Platforms
  • Bug 17877: Tor Browser 5.0.5 is using the wrong Mozilla build tag
  • The changes made in 5.0.5 are the following:
  • All Platforms
  • Update Firefox to 38.5.0esr
  • Update Tor to 0.2.7.6
  • Update OpenSSL to 1.0.1q
  • Update NoScript to 2.7
  • Update HTTPS Everywhere to 5.1.1
  • Update Torbutton to 1.9.3.7
  • Bug 16990: Avoid matching '250 ' to the end of node name
  • Bug 17565: Tor fundraising campaign donation banner
  • Bug 17770: Fix alignments on donation banner
  • Bug 17792: Include donation banner in some non en-US Tor Browsers
  • Translation updates
  • Bug 17207: Hide MIME types and plugins from websites
  • Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
  • Bug 16863: Avoid confusing error when loop.enabled is false
  • Bug 17502: Add a preference for hiding "Open with" on download dialog
  • Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
  • Bug 17747: Add ndnop3 as new default obfs4 bridge



Veranderingen voor v5.0.4 - v5.0.5

  • All Platforms
  • Update Firefox to 38.5.0esr
  • Update Tor to 0.2.7.6
  • Update OpenSSL to 1.0.1q
  • Update NoScript to 2.7
  • Update HTTPS Everywhere to 5.1.1
  • Update Torbutton to 1.9.3.7
  • Bug 16990: Avoid matching '250 ' to the end of node name
  • Bug 17565: Tor fundraising campaign donation banner
  • Bug 17770: Fix alignments on donation banner
  • Bug 17792: Include donation banner in some non en-US Tor Browsers
  • Translation updates
  • Bug 17207: Hide MIME types and plugins from websites
  • Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
  • Bug 16863: Avoid confusing error when loop.enabled is false
  • Bug 17502: Add a preference for hiding "Open with" on download dialog
  • Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
  • Bug 16441: Suppress "Reset Tor Browser" prompt
  • Bug 17747: Add ndnop3 as new default obfs4 bridge



Veranderingen voor v5.0.3 - v5.0.4

  • All Platforms
  • Update Firefox to 38.4.0esr
  • Update NoScript to 2.6.9.39
  • Update Torbutton to 1.9.3.5
  • Bug 9623: Spoof Referer when leaving a .onion domain
  • Bug 16735: about:tor should accommodate different fonts/font sizes
  • Bug 16937: Don't translate the homepage/spellchecker dictionary string
  • Bug 17164: Don't show text-select cursor on circuit display
  • Bug 17351: Remove unused code
  • Translation updates
  • Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
  • Bug 17318: Remove dead ScrambleSuit bridge
  • Bug 17473: Update meek-amazon fingerprint
  • Bug 16983: Isolate favicon requests caused by the tab list dropdown
  • Bug 17102: Don't crash while opening a second Tor Browser
  • Windows
  • Bug 16906: Don't depend on Windows crypto DLLs
  • Linux
  • Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)



Veranderingen voor v5.0.2 - v5.0.3

  • All Platforms
  • Update Firefox to 38.3.0esr
  • Update Torbutton to 1.9.3.4
  • Bug 16887: Update intl.accept_languages value
  • Bug 15493: Update circuit display on new circuit info
  • Bug 16797: brandShorterName is missing from brand.properties
  • Bug 14429: Make sure the automatic resizing is disabled
  • Translation updates
  • Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
  • Bug 16837: Disable Firefox Hotfix updates
  • Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
  • Bug 16781: Allow saving pdf files in built-in pdf viewer
  • Bug 16842: Restore Media tab on Page information dialog
  • Bug 16727: Disable about:healthreport page
  • Bug 16783: Normalize NoScript default whitelist
  • Bug 16775: Fix preferences dialog with security slider set to "High"
  • Bug 13579: Update download progress bar automatically
  • Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
  • Bug 17046: Event.timeStamp should not reveal startup time
  • Bug 16872: Fix warnings when opening about:downloads
  • Bug 17097: Fix intermittent crashes when using the print dialog
  • Windows
  • Bug 16906: Fix Mingw-w64 compilation breakage
  • OS X
  • Bug 16910: Update copyright year in OS X bundles



Veranderingen voor v5.0.1 - v5.0.2

  • All Platforms
  • Update Firefox to 38.2.1esr
  • Update NoScript to 2.6.9.36
  • Linux
  • Bug 16860: Avoid duplicate icons on Unity and Gnome



Veranderingen voor v5.0 - v5.0.1

  • This release fixes a crash bug that caused Tor Browser to crash on certain sites (in particular, Google Maps and Tumblr). The crash bug was a NULL pointer dereference while handling blob URIs. The crash was not exploitable.



Veranderingen voor v4.5.3 - v5.0

  • All Platforms
  • Update Firefox to 38.2.0esr
  • Update OpenSSL to 1.0.1p
  • Update HTTPS-Everywhere to 5.0.7
  • Update NoScript to 2.6.9.34
  • Update meek to 0.20
  • Update Tor to 0.2.6.10 with patches:
  • Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name checks.
  • Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
  • Bug 15482: Don't allow circuits to change while a site is in use
  • Update Torbutton to 1.9.3.2
  • Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
  • Bug 16730: Reset NoScript whitelist on upgrade
  • Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
  • Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
  • Bug 16268: Show Tor Browser logo on About page
  • Bug 16639: Check for Updates menu item can cause update download failure
  • Bug 15781: Remove the sessionstore filter
  • Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
  • Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
  • Bug 16200: Update Cache API usage and prefs for FF38
  • Bug 16357: Use Mozilla API to wipe permissions db
  • Bug 14429: Make sure the automatic resizing is disabled
  • Translation updates
  • Update Tor Launcher to 0.2.7.7
  • Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
  • Bug 15145: Visually distinguish "proxy" and "bridge" screens.
  • Translation updates
  • Bug 16730: Prevent NoScript from updating the default whitelist
  • Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
  • Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
  • Bug 16884: Prefer IPv6 when supported by the current Tor exit
  • Bug 16488: Remove "Sign in to Sync" from the browser menu
  • Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
  • Bug 15703: Isolate mediasource URIs and media streams to first party
  • Bug 16429+16416: Isolate blob URIs to first party
  • Bug 16632: Turn on the background updater and restart prompting
  • Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
  • Bug 16523: Fix in-browser JavaScript debugger
  • Bug 16236: Windows updater: avoid writing to the registry
  • Bug 16625: Fully disable network connection prediction
  • Bug 16495: Fix SVG crash when security level is set to "High"
  • Bug 13247: Fix meek profile error after bowser restarts
  • Bug 16005: Relax WebGL minimal mode
  • Bug 16300: Isolate Broadcast Channels to first party
  • Bug 16439: Remove Roku screencasting code
  • Bug 16285: Disabling EME bits
  • Bug 16206: Enforce certificate pinning
  • Bug 15910: Disable Gecko Media Plugins for now
  • Bug 13670: Isolate OCSP requests by first party domain
  • Bug 16448: Isolate favicon requests by first party
  • Bug 7561: Disable FTP request caching
  • Bug 6503: Fix single-word URL bar searching
  • Bug 15526: ES6 page crashes Tor Browser
  • Bug 16254: Disable GeoIP-based search results.
  • Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
  • Bug 13024: Disable DOM Resource Timing API
  • Bug 16340: Disable User Timing API
  • Bug 14952: Disable HTTP/2
  • Bug 1517: Reduce precision of time for Javascript
  • Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
  • Bug 16311: Fix navigation timing in ESR 38
  • Windows
  • Bug 16014: Staged update fails if meek is enabled
  • Bug 16269: repeated add-on compatibility check after update (meek enabled)
  • Mac OS
  • Use OSX 10.7 SDK
  • Bug 16253: Tor Browser menu on OS X is broken with ESR 38
  • Bug 15773: Enable ICU on OS X
  • Build System
  • Bug 16351: Upgrade our toolchain to use GCC 5.1
  • Bug 15772 and child tickets: Update build system for Firefox 38
  • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
  • Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt



Veranderingen voor v5.0a3 - v5.0a4

  • All Platforms
  • Update Tor to 0.2.7.2-alpha with patches
  • Bug 15482: Don't allow circuits to change while a site is in use
  • Update OpenSSL to 1.0.1p
  • Update HTTPS-Everywhere to 5.0.7
  • Update NoScript to 2.6.9.31
  • Update Torbutton to 1.9.3.1
  • Bug 16268: Show Tor Browser logo on About page
  • Bug 16639: Check for Updates menu item can cause update download failure
  • Bug 15781: Remove the sessionstore filter
  • Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
  • Translation updates
  • Bug 16884: Prefer IPv6 when supported by the current Tor exit
  • Bug 16488: Remove "Sign in to Sync" from the browser menu
  • Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
  • Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
  • Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
  • Bug 15703: Isolate mediasource URIs and media streams to first party
  • Bug 16429+16416: Isolate blob URIs to first party
  • Bug 16632: Turn on the background updater and restart prompting
  • Bug 16528: Prevent IndexedDB Modernizr site breakage on Twitter and elsewhere
  • Bug 16523: Fix in-browser JavaScript debugger
  • Bug 16236: Windows updater: avoid writing to the registry
  • Bug 16005: Restrict WebGL minimal mode a bit (fixup)
  • Bug 16625: Fully disable network connection prediction
  • Bug 16495: Fix SVG crash when security level is set to "High"
  • Build System
  • Bug 15864: Rename sha256sums.txt to sha256sums-unsigned-build.txt



Veranderingen voor v4.5.2 - v4.5.3

  • All Platforms
  • Update Firefox to 31.8.0esr
  • Update OpenSSL to 1.0.1o
  • Update NoScript to 2.6.9.27
  • Update Torbutton to 1.9.2.8
  • Bug 16403: Set search parameters for Disconnect
  • Bug 14429: Make sure the automatic resizing is disabled
  • Translation updates
  • Bug 16397: Fix crash related to disabling SVG
  • Bug 16403: Set search parameters for Disconnect
  • Bug 16446: Update FTE bridge #1 fingerprint
  • Bug 16430: Allow DNS names with _ characters in them (fixes
  • nytimes.com) (Tor patch backport)



Veranderingen voor v4.5.1 - v4.5.2



Veranderingen voor v4.5 - v4.5.1

  • All Platforms
  • Update Firefox to 31.7.0esr
  • Update meek to 0.18
  • Update Tor Launcher to 0.2.7.5
  • Translation updates only
  • Update Torbutton to 1.9.2.3
  • Bug 15837: Show descriptions if unchecking custom mode
  • Bug 15927: Force update of the NoScript UI when changing security level
  • Bug 15915: Hide circuit display if it is disabled.
  • Translation updates
  • Bug 15945: Disable NoScript's ClearClick protection for now
  • Bug 15933: Isolate by base (top-level) domain name instead of FQDN
  • Bug 15857: Fix file descriptor leak in updater that caused update failures
  • Bug 15899: Fix errors with downloading and displaying PDFs
  • Windows
  • Bug 15872: Fix meek pluggable transport startup issue with Windows 7
  • Build System
  • Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
  • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds



Veranderingen voor v4.0.8 - v4.5

  • All Platforms
  • Update Tor to 0.2.6.7 with additional patches:
  • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
  • Update NoScript to 2.6.9.22
  • Update HTTPS-Everywhere to 5.0.3
  • Bug 15689: Resume building HTTPS-Everywhere from git tags
  • Update meek to 0.17
  • Include obfs4proxy 0.0.5
  • Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
  • Pluggable Transport Dependency Updates:
  • Bug 15265: Switch go.net repo to golang.org/x/net
  • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
  • Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
  • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
  • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
  • Bug 13576: Don't strip "bridge" from the middle of bridge lines
  • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
  • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
  • Bug 14336: Fix navigation button display issues on some wizard panes
  • Bug 15657: Display the host:port of any connection faiures in bootstrap
  • Bug 15704: Do not enable network if wizard is opened
  • Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
  • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
  • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
  • Bug 7255: Warn users about maximizing windows
  • Bug 8400: Prompt for restart if disk records are enabled/disabled.
  • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
  • (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
  • Bug 9387: Security Slider 1.0
  • Include descriptions and tooltip hints for security levels
  • Notify users that the security slider exists
  • Make use of new SVG, jar, and MathML prefs
  • Bug 9442: Add New Circuit button to Torbutton menu
  • Bug 9906: Warn users before closing all windows and performing new identity.
  • Bug 10216: Add a pref to disable the local tor control port test
  • Bug 10280: Strings and pref for preventing plugin initialization.
  • Bug 11175: Remove "About Torbutton" from onion menu.
  • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
  • Bug 11449: Fix new identity error if NoScript is not enabled
  • Bug 13019: Change locale spoofing pref to boolean
  • Bug 13079: Option to skip control port verification
  • Bug 13406: Stop directing users to download-easy.html.en on update
  • Bug 13650: Clip initial window height to 1000px
  • Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
  • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
  • Bug 13835: Option to change default Tor Browser homepage
  • Bug 13998: Handle changes in NoScript 2.6.9.8+
  • Bug 14100: Option to hide NetworkSettings menuitem
  • Bug 14392: Don't steal input focus in about:tor search box
  • Bug 14429: Provide automatic window resizing, but disable for now
  • Bug 14448: Restore Torbutton menu operation on non-English localizations
  • Bug 14490: Use Disconnect search in about:tor search box
  • Bug 14630: Hide Torbutton's proxy settings tab.
  • Bug 14631: Improve profile access error msgs (strings for translation).
  • Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
  • Bug 15085: Fix about:tor RTL text alignment problems
  • Bug 15460: Ensure FTP urls use content-window circuit isolation
  • Bug 15502: Wipe blob: URIs on New Identity
  • Bug 15533: Restore default security level when restoring defaults
  • Bug 15562: Bind SharedWorkers to thirdparty pref
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 5698: Fix branding in "About Torbrowser" window
  • Bug 10280: Don't load any plugins into the address space by default
  • Bug 11236: Fix omnibox order for non-English builds
  • Also remove Amazon, eBay and bing; add Youtube and Twitter
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 12430: Provide a preference to disable remote jar: urls
  • Bugs 12827+15794: Create preference to disable SVG images (for security slider)
  • Bug 13019: Prevent Javascript from leaking system locale
  • Bug 13379: Sign our MAR update files
  • Bug 13439: No canvas prompt for content callers
  • Bug 13548: Create preference to disable MathML (for security slider)
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
  • Bug 14392: Make about:tor hide itself from the URL bar
  • Bug 14490: Make Disconnect the default omnibox search engine
  • Bug 14631: Improve startup error messages for filesystem permissions issues
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 14937: Hard-code meek and flashproxy node fingerprints
  • Bug 15029: Don't prompt to include missing plugins
  • Bug 15406: Only include addons in incremental updates if they actually update
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs
  • Linux
  • Bug 12468: Only print/write log messages if launched with --debug
  • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
  • Bug 13717: Make sure we use the bash shell on Linux
  • Bug 15672: Provide desktop app registration+unregistration for Linux
  • Bug 15747: Improve start-tor-browser argument handling
  • Windows
  • Bug 3861: Begin signing Tor Browser for Windows the Windows way
  • Bug 10761: Fix instances of shutdown crashes
  • Bug 13169: Don't use /dev/random on Windows for SSP
  • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
  • Bug 15201: Disable 'runas Administrator' codepaths in updater
  • Bug 15539: Make installer exe signatures reproducibly removable
  • Mac
  • Bug 10138: Switch to 64bit builds for MacOS
  • Here is the list of changes since the last 4.5 alpha (4.5a5):
  • All Platforms
  • Update Tor to 0.2.6.7 with additional patches:
  • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
  • Update NoScript to 2.6.9.22
  • Update HTTPS-Everywhere to 5.0.3
  • Bug 15689: Resume building HTTPS-Everywhere from git tags
  • Update meek to 0.17
  • Update obfs4proxy to 0.0.5
  • Update Tor Launcher to 0.2.7.4
  • Bug 15704: Do not enable network if wizard is opened
  • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
  • Bug 13576: Don't strip "bridge" from the middle of bridge lines
  • Bug 15657: Display the host:port of any connection faiures in bootstrap
  • Update Torbutton to 1.9.2.2
  • Bug 15562: Bind SharedWorkers to thirdparty pref
  • Bug 15533: Restore default security level when restoring defaults
  • Bug 15510: Close Tor Circuit UI control port connections on New Identity
  • Bug 15472: Make node text black in circuit status UI
  • Bug 15502: Wipe blob URIs on New Identity
  • Bug 15795: Some security slider prefs do not trigger custom checkbox
  • Bug 14429: Disable automatic window resizing for now
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
  • Bug 15794: Crash on some pages with SVG images if SVG is disabled
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs
  • Linux
  • Bug 15747: Improve start-tor-browser argument handling
  • Bug 15672: Provide desktop app registration+unregistration for Linux
  • Windows
  • Bug 15539: Make installer exe signatures reproducibly removable
  • Bug 10761: Fix instances of shutdown crashes



Veranderingen voor v4.5-alpha-2 - v4.5-alpha-3

  • All Platforms
  • Update Firefox to 31.4.0esr
  • Update Tor to 0.2.6.2-alpha
  • Update NoScript to 2.6.9.10
  • Update HTTPS Everywhere to 5.0developement.2
  • Update meek to 0.15
  • Update Torbutton to 1.8.1.3
  • Bug 13998: Handle changes in NoScript 2.6.9.8+
  • Bug 14100: Option to hide NetworkSettings menuitem
  • Bug 13079: Option to skip control port verification
  • Bug 13835: Option to change default Tor Browser homepage
  • Bug 11449: Fix new identity error if NoScript is not enabled
  • Bug 13881: Localize strings for tor circuit display
  • Bug 9387: Incorporate user feedback
  • Bug 13671: Fixup for circuit display if bridges are used
  • Translation updates
  • Update Tor Launcher 0.2.7.1
  • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
  • Translation updates
  • Bug 13379: Sign our MAR files
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13439: No canvas prompt for content callers



Veranderingen voor v4.5-alpha-1 - v4.5-alpha-2

  • All Platforms
  • Update Firefox to 31.3.0esr
  • Update NoScript to 2.6.9.5
  • Update HTTPS Everywhere to 5.0developement.1
  • Update Torbutton to 1.8.1.2
  • Bug 13672: Make circuit display optional
  • Bug 13671: Make bridges visible on circuit display
  • Bug 9387: Incorporate user feedback
  • Bug 13784: Remove third party authentication tokens
  • Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)



Veranderingen voor v4.0.1 - v4.5-alpha-1

  • All Platforms
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
  • Bug 13301: Prevent extensions incompatibility error after upgrades
  • Bug 13460: Fix MSVC compilation issue
  • Bug 13504: Remove stale bridges from default bridge set
  • Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode
  • Update Tor to 0.2.6.1-alpha
  • Update NoScript to 2.6.9.3
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 12903: Include obfs4proxy pluggable transport
  • Update Torbutton to 1.8.1.1
  • Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
  • Bug 13019: Synchronize locale spoofing pref with our Firefox patch
  • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
  • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
  • Bug 13651: Prevent circuit-status related UI hang.
  • Bug 13666: Various circuit status UI fixes
  • Bug 13742+13751: Remove cache isolation code in favor of direct C++ patch
  • Bug 13746: Properly update third party isolation pref if disabled from UI
  • Windows
  • Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
  • Bug 13558: Fix crash on Windows XP during download folder changing
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"
  • Bug 13594: Fix update failure for Windows XP users
  • Mac
  • Bug 10138: Switch to 64bit builds for MacOS



Veranderingen voor v2.3.25-13 - v2.3.25-14

  • Update Firefox to 17.0.10esr
  • https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
  • Update LibPNG to 1.6.6
  • Update NoScript to 2.6.8.4
  • Update HTTPS-Everywhere to 3.4.2
  • Firefox patch changes:
  • Hide infobar for missing plugins. (closes: #9012)
  • Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
  • Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
  • Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
  • Remove polipo and privoxy from the banned ports list. (closes: #3661)
  • misc: Fix a potential memory leak in the Image Cache isolation
  • misc: Fix a potential crash if OS theme information is ever absent



Veranderingen voor v2.3.25-12 - v2.3.25-13

  • Update Firefox to 17.0.9esr
  • https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
  • Update HTTPS Everywhere to 3.4.1
  • Update NoScript to 2.6.7.1
  • Remove extraneous libevent libraries (closes: #9727)
  • Enable GCC hardening for Tor
  • Firefox patch changes:
  • ◦- Disable filtered results in Startpage omnibox (closes: #8839)



Veranderingen voor v2.3.25-8 - v2.3.25-10

  • Update Firefox to 17.0.7esr
  • Update zlib to 1.2.8
  • Update HTTPS Everywhere to 3.2.2
  • Update NoScript to 2.6.6.6



Veranderingen voor v2.3.25-6 - v2.3.25-8

  • Update Firefox to 17.0.6esr
  • Update HTTPS Everywhere to 3.2
  • Update Torbutton to 1.5.2
  • Update libpng to 1.5.15
  • Update NoScript to 2.6.6.1
  • Firefox patch changes:
  • Apply font limits to @font-face local() fonts and disable fallback
  • rendering for @font-face. (closes: #8455)
  • Use Optimistic Data SOCKS handshake (improves page load performance).
  • (closes: #3875)
  • Honor the Windows theme for inverse text colors (without leaking those
  • colors to content). (closes: #7920)
  • Increase pipeline randomization and try harder to batch pipelined
  • requests together. (closes: #8470)
  • Fix an image cache isolation domain key misusage. May fix several image
  • cache related crash bugs with New Identity, exit, and certain websites.
  • (closes: #8628)
  • Torbutton changes:
  • Allow session restore if the user allows disk actvity (closes: #8457)
  • Remove the Display Settings panel and associated locales (closes: #8301)
  • Fix "Transparent Torification" option. (closes: #6566)
  • Fix a hang on New Identity. (closes: #8642)
  • Build changes:
  • Fetch our source deps from an https mirror (closes: #8286)
  • Create watch scripts for syncing mirror sources and monitoring mirror
  • integrity (closes: #8338)



Veranderingen voor v2.3.25-4 - v2.3.25-5

  • Update Firefox to 17.0.4esr
  • Update NoScript to 2.6.5.8
  • Update HTTPS Everywhere to 3.1.4
  • Fix non-English language bundles to have the correct branding
  • Firefox patch changes:
  • Remove "This plugin is disabled" barrier
  • This improves the user experience for HTML5 Youtube videos:
  • They "silently" attempt to load flash first, which was not so silent
  • with this barrier in place.
  • Disable NoScript's HTML5 media click-to-play barrier
  • Fix a New Identity hang and/or crash condition
  • Fix crash with Drag + Drop on Windows
  • Torbutton changes:
  • Fix Drag+Drop crash by using a new TBB drag observer
  • Fix XML/E4X errors with Cookie Protections
  • Don't clear cookies at shutdown if user wants disk history
  • Leave IndexedDB and Offline Storage disabled.
  • Clear DOM localStorage on New Identity.
  • Don't strip "third party" HTTP auth from favicons
  • Localize the "Spoof english" button strings
  • Ask user for confirmation before enabling plugins
  • Emit private browsing session clearing event on "New Identity"



Veranderingen voor v2.3.25-2 - v2.3.25-4

  • Update Firefox to 17.0.3esr
  • Downgrade OpenSSL to 1.0.0k
  • Update libpng to 1.5.14
  • Update NoScript to 2.6.5.7
  • Firefox patch changes:
  • Exempt remote @font-face fonts from font limits (and prefer them).
  • (closes: #8270)
  • Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
  • they should not count towards our CSS font count limits. Moreover,
  • if a CSS font-family rule lists any remote fonts, those fonts are
  • preferred over the local fonts, so we do not reduce the font count
  • for that rule.
  • This vastly improves rendering and typography for many websites.
  • Disable WebRTC in Firefox build options. (closes: #8178)
  • WebRTC isn't slated to be enabled until Firefox 18, but the code
  • was getting compiled in already and is capable of creating UDP Sockets
  • and bypassing Tor. We disable it from build as a safety measure.
  • Move prefs.js into omni.ja and extension-overrides. (closes: #3944)
  • This causes our browser pref changes to appear as defaults. It also
  • means that future updates of TBB should preserve user pref settings.
  • Fix a use-after-free that caused crashing on MacOS (closes: #8234)
  • Eliminate several redundant, useless, and deprecated Firefox pref settings
  • Report Firefox 17.0 as the Tor Browser user agent
  • Use Firefox's click-to-play barrier for plugins instead of NoScript
  • Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
  • This fixes a SOCKS race condition with our SOCKS autoport configuration
  • and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
  • settings per URL now, which resulted in a proxy error for
  • check.torproject.org if we lost the race.
  • Torbutton was updated to 1.5.0. The following issues were fixed:
  • Remove old toggle observers and related code (closes: #5279)
  • Simplify Security Preference UI and associated pref updates (closes: #3100)
  • Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
  • Leave most preferences under Tor Browser's control (closes: #3944)
  • Disable toggle-on-startup and crash detection logic (closes: #7974)
  • Disable/remove toggle-mode code and related observers (closes: #5379)
  • Add menu hint to Torbutton icon (closes: #6431)
  • Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
  • Perform version check every time there's a new tab. (closes: #6096)
  • Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
  • misc: Allow WebGL and DOM storage.
  • misc: Disable independent Torbutton updates
  • misc: Change the recommended SOCKSPort to 9150 (to match TBB)
  • The following Firefox patch changes are also included in this release:
  • Isolate image cache to url bar domain (closes: #5742 and #6539)
  • Enable DOM storage and isolate it to url bar domain (closes: #6564)
  • Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
  • Misc preference changes:
  • Disable DOM performance timers (dom.enable_performance) (closes: #6204)
  • Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
  • Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
  • Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)



Veranderingen voor v2.3.25-1 - v2.3.25-2

  • Update Firefox to 10.0.12esr
  • Update Libevent to 2.0.21-stable
  • Update HTTPS Everywhere to 3.1.2
  • Update NoScript to 2.6.4.2



Veranderingen voor v2.2.39-5 - v2.3.25-1

  • Update Tor to 0.2.3.25
  • Update Firefox 10.0.11esr
  • Update Vidalia to 0.2.21
  • Update NoScript to 2.6.2



Veranderingen voor v2.2.39-4 - v2.2.39-5

  • Update Firefox to 10.0.10esr
  • Update NoScript to 2.5.9



Veranderingen voor v2.2.39-3 - v2.2.39-4

  • Update Firefox patches to prevent crashing (closes: #7128)
  • Update HTTPS Everywhere to 3.0.2
  • Update NoScript to 2.5.8



Veranderingen voor v2.2.39-1 - v2.2.39-3

  • Update Firefox to 10.0.9esr
  • Update Torbutton to 1.4.6.3
  • Update NoScript to 2.5.7
  • Update HTTPS Everywhere to 2.2.2
  • Update libpng to 1.5.13



Veranderingen voor v2.2.38-2 - v2.2.39-1

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4



Veranderingen voor 2.2.38-1 - v2.2.38-2

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1



Veranderingen voor v2.2.37-2 - 2.2.38-1

  • Update Tor to 0.2.2.38
  • Update NoScript to 2.5
  • Update HTTPS Everywhere to 2.1



Veranderingen voor v2.2.35-11 - v2.2.35-12

  • Update OpenSSL to 1.0.1c
  • Update Libevent to 2.0.19-stable
  • Update zlib to 1.2.7
  • Update NoScript to 2.4.1



Veranderingen voor v2.2.35-10 - v2.2.35-11

  • Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
  • New Firefox patches:
  • Prevent WebSocket DNS leak (closes: #5741)
  • Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
  • Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
  • Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc



Veranderingen voor v2.3.25-2 - v2.3.25-3

  • Update OpenSSL to 1.0.1d
  • Update HTTPS Everywhere to 3.1.3
  • Update NoScript to 2.6.4.4



<<Terug naar software beschrijving