trashbin/tormodified/ChangeLog.txt
ink-repo 558db9f563 Transférer les fichiers vers 'tormodified'
Modified Tor Browser using Tails API for better security. (dumb?)

Signed-off-by: ink-repo <ink-repo@noreply>
2021-09-16 17:53:32 +00:00

6897 lines
321 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Tor Browser 10.5.6 -- September 7 2021
* Windows + OS X + Linux
* Update Openssl to 1.1.1l
* Update Firefox to 78.14.0esr
* Build System
* OS X
* Bug 40358: Make OpenSSL 1.1.1l buildable for macOS [tor-browser-build]
Tor Browser 10.5.5 -- August 18 2021
* All Platforms
* Update Tor to 0.4.5.10
* Linux
* Bug 40582: Tor Browser 10.5.2 tabs always crash on Fedora Xfce Rawhide [tor-browser]
* Android
* Update Fenix to 91.2.0
* Update NoScript to 11.2.11
* Bug 40063: Move custom search providers [android-components]
* Bug 40176: TBA: sometimes I only see the banner and can't tap on the address bar [fenix]
* Bug 40181: Remove V2 Deprecation banner on about:tor for Android [fenix]
* Bug 40184: Rebase fenix patches to fenix v91.0.0-beta.5 [fenix]
* Bug 40185: Use NimbusDisabled [fenix]
* Bug 40186: Hide Credit Cards in Settings [fenix]
* Build System
* Android
* Update Go to 1.15.15
* Bug 40331: Update components for mozilla91 [tor-browser-build]
Tor Browser 10.5.4 -- August 10 2021
* Windows + OS X + Linux
* Update Firefox to 78.13.0esr
* Update NoScript to 11.2.11
* Bug 40041: Remove V2 Deprecation banner on about:tor for desktop [torbutton]
* Bug 40506: Saved Logins not available in 10.5 [tor-browser]
* Bug 40524: Update DuckDuckGo onion site URL in search preferences and onboarding [tor-browser]
* Build System
* Windows + OS X + Linux
* Update Go to 1.15.14
Tor Browser 10.5.3 -- July 17 2021
* Android
* Update HTTPS Everywhere to 2021.7.13
* Update Fenix to 90.1.1
* Bug 40172: Find the Quit button [fenix]
* Bug 40173: Rebase fenix patches to fenix v90.0.0-beta.6 [fenix]
* Bug 40177: Hide Tor icons in settings [fenix]
* Bug 40179: Show Snowflake bridge option on Release [fenix]
* Bug 40180: Rebase fenix patches to fenix v90.1.1 [fenix]
* Build System
* Android
* Bug 40312: Update components for mozilla90 [tor-browser-build]
Tor Browser 10.5.2 -- July 13 2021
* Windows + OS X + Linux
* Update Firefox to 78.12.0esr
* Bug 40497: Cannot set multiple pages as home pages in 10.5a17 [tor-browser]
* Bug 40507: Full update is not downloaded after applying partial update fails [tor-browser]
* Bug 40510: open tabs get redirected to about:torconnect on restart [tor-browser]
Tor Browser 10.5.1 -- July 7 2021
* Android
* Bug 40324: Change Fenix variant to Release [fenix]
Tor Browser 10.5 -- July 6 2021
* All Platforms
* Update NoScript to 11.2.9
* Update Tor Launcher to 0.2.30
* Translations update
* Bug 25483: Provide Snowflake based on Pion for Windows, macOS, and Linux
* Bug 33761: Remove unnecessary snowflake dependencies
* Bug 40064: Bump libevent to 2.1.12 [tor-browser-build]
* Bug 40137: Migrate https-everywhere storage to idb [tor-browser]
* Bug 40261: Bump versions of snowflake and webrtc [tor-browser-build]
* Bug 40263: Update domain front for Snowflake [tor-browser-build]
* Bug 40302: Update version of snowflake [tor-browser-build]
* Bug 40030: DuckDuckGo redirect to html doesn't work [torbutton]
* Windows + OS X + Linux
* Bug 27476: Implement about:torconnect captive portal within Tor Browser [tor-browser]
* Bug 32228: Bookmark TPO support domains in Tor Browser
* Bug 33803: Add a secondary nightly MAR signing key [tor-browser]
* Bug 33954: Consider different approach for Bug 2176
* Bug 34345: "Don't Bootstrap" Startup Mode
* Bug 40011: Rename tor-browser-brand.ftl to brand.ftl [torbutton]
* Bug 40012: Fix about:tor not loading some images in 82 [torbutton]
* Bug 40138: Move our primary nightly MAR signing key to tor-browser [tor-browser-build]
* Bug 40209: Implement Basic Crypto Safety [tor-browser]
* Bug 40428: Correct minor Cryptocurrency warning string typo [tor-browser]
* Bug 40429: Update Onboarding for 10.5 [tor-browser]
* Bug 40455: Block or recover background requests after bootstrap [tor-browser]
* Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel [tor-browser]
* Bug 40475: Include clearing CORS preflight cache [tor-browser]
* Bug 40478: Onion alias url rewrite is broken [tor-browser]
* Bug 40484: Bootstrapping page show Quickstart text [tor-browser]
* Bug 40490: BridgeDB bridge captcha selection is broken in alpha [tor-browser]
* Bug 40495: Onion pattern is focusable by click on about:torconnect [tor-browser]
* Bug 40499: Onion Alias doesn't work with TOR_SKIP_LAUNCH [tor-browser]
* Android
* Bug 30318: Integrate snowflake into mobile Tor Browser
* Bug 40206: Disable the /etc/hosts parser [tor-browser]
* Linux
* Bug 40089: Remove CentOS 6 support for Tor Browser 10.5 [tor-browser]
* Build System
* All Platforms
* Update Go to 1.15.13
* Bug 23631: Use rootless containers [tor-browser-build]
* Bug 33693: Change snowflake and meek dummy address [tor-browser]
* Bug 40016: getfpaths is not setting origin_project [rbm]
* Bug 40169: Update apt package cache after calling pre_pkginst, too [tor-browser-build]
* Bug 40194: Remove osname part in cbindgen filename [tor-browser-build]
* Windows + OS X + Linux
* Bug 40081: Build Mozilla code with --enable-rust-simd [tor-browser-build]
* Bug 40104: Use our TMPDIR when creating our .mar files [tor-browser-build]
* Bug 40133: Bump Rust version for ESR 78 to 1.43.0 [tor-browser-build]
* Bug 40166: Update apt cache before calling pre_pkginst in container-image config [tor-browser-build]
* Android
* Bug 28672: Android reproducible build of Snowflake
* Bug 40313: Use apt-get to install openjdk-8 .deb files with their dependencies [tor-browser-build]
* Windows
* Bug 34360: Bump binutils to 2.35.1
* Bug 40131: Remove unused binutils patches [tor-browser-build]
* Linux
* Bug 26238: Move to Debian Jessie for our Linux builds
* Bug 31729: Support Wayland
* Bug 40041: Remove CentOS 6 support for 10.5 series [tor-browser-build]
* Bug 40103: Add i386 pkg-config path for linux-i686 [tor-browser-build]
* Bug 40112: Strip libstdc++ we ship [tor-browser-build]
* Bug 40118: Add missing libdrm dev package to firefox container [tor-browser-build]
* Bug 40235: Bump apt for Jessie containers [tor-browser-build]
Tor Browser 10.5a17 -- June 27 2021
* All Platforms
* Update NoScript to 11.2.9
* Update Tor to 0.4.6.5
* Update Tor Launcher to 0.2.29
* Windows + OS X + Linux
* Bug 34345: "Don't Bootstrap" Startup Mode
* Bug 40302: Update version of snowflake [tor-browser-build]
* Bug 40455: Block or recover background requests after bootstrap [tor-browser]
* Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel [tor-browser]
* Bug 40475: Include clearing CORS preflight cache [tor-browser]
* Bug 40478: Onion alias url rewrite is broken [tor-browser]
* Build System
* All Platforms
* Update Go to 1.15.13
* Android
* Bug 40313: Use apt-get to install openjdk-8 .deb files with their dependencies [tor-browser-build]
Tor Browser 10.0.18 -- June 16 2021
* All Platforms
* Update Tor to 0.4.5.9
* Android
* Update Fenix to 89.1.1
* Update NoScript to 11.2.8
* Bug 40055: Rebase android-componets patches on 75.0.22 for Fenix 89 [android-components]
* Bug 40165: Announce v2 onion service deprecation on about:tor [fenix]
* Bug 40166: Hide "Normal" tab (again) and Sync tab in TabTray [fenix]
* Bug 40167: Hide "Save to Collection" in menu [fenix]
* Bug 40169: Rebase fenix patches to fenix v89.1.1 [fenix]
* Bug 40170: Error building tor-browser-89.1.1-10.5-1 [fenix]
* Bug 40432: Prevent probing installed applications [tor-browser]
* Bug 40470: Rebase 10.0 patches onto 89.0 [tor-browser]
* Build System
* Android
* Bug 40290: Update components for mozilla89-based Fenix [tor-browser-build]
Tor Browser 10.5a16 -- June 5 2021
* All Platforms
* Update HTTPS Everywhere to 2021.4.15
* Update NoScript to 11.2.8
* Update Tor to 0.4.6.4-rc
* Bug 40432: Prevent probing installed applications [tor-browser]
* Windows + OS X + Linux
* Update Firefox to 78.11.0esr
* Bug 27476: Implement about:torconnect captive portal within Tor Browser [tor-browser]
* Bug 40037: Announce v2 onion service deprecation on about:tor [torbutton]
* Bug 40428: Correct minor Cryptocurrency warning string typo [tor-browser]
* Android
* Update Fenix to 89.1.1
* Bug 40055: Rebase android-componets patches on 75.0.22 for Fenix 89 [android-components]
* Bug 40165: Announce v2 onion service deprecation on about:tor [fenix]
* Bug 40169: Rebase fenix patches to fenix v89.1.1 [fenix]
* Bug 40170: Error building tor-browser-89.1.1-10.5-1 [fenix]
* Bug 40453: Rebase tor-browser patches to 89.0 [tor-browser]
* Build System
* All Platforms
* Update Go to 1.15.12
* Android
* Bug 40290: Update components for mozilla89-based Fenix [tor-browser-build]
Tor Browser 10.0.17 -- June 1 2021
* Windows + OS X + Linux
* Update Firefox to 78.11.0esr
* Update HTTPS Everywhere to 2021.4.15
* Update NoScript to 11.2.8
* Update Tor to 0.4.5.8
* Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages [tor-browser]
* Bug 40432: Prevent probing installed applications [tor-browser]
* Bug 40037: Announce v2 onion service deprecation on about:tor [torbutton]
Tor Browser 10.5a15 -- April 23 2021
* All Platforms
* Update Tor to 0.4.6.2-alpha
* Windows + OS X + Linux
* Update Firefox to 78.10.0esr
* Bug 40408: Disallow SVG Context Paint in all web content [tor-browser]
* Android
* Update Fenix to 88.1.1
* Bug 40051: Rebase android-components patches for Fenix 88 [android-components]
* Bug 40158: Rebase Fenix patches to Fenix 88.1.1 [fenix]
* Bug 40399: Rebase 10.5 patches on 88.0 [tor-browser]
* Build System
* All Platforms
* Update Go to 1.15.11
* Android
* Bug 40259: Update components for mozilla88-based Fenix [tor-browser-build]
Tor Browser 10.0.16 -- May 7 2021
* Android
* Update Fenix to 88.1.3
* Update HTTPS Everywhere to 2021.4.15
* Update NoScript to 11.2.6
* Translations update
* Bug 40052: Rebase android-components patches for Fenix 88 [android-components]
* Bug 40162: Disable Numbus experiments [fenix]
* Bug 40163: Rebase Fenix patches to Fenix 88.1.3 [fenix]
* Bug 40423: Disable http/3 [tor-browser]
* Bug 40425: Rebase 10.5 patches on 88.0.1 [tor-browser]
* Build System
* Android
* Bug 40259: Update components for mozilla88-based Fenix [tor-browser-build]
* Bug 40293: Patch app-services' vendored uniffi_bindgen [tor-browser-build]
Tor Browser 10.0.16 -- April 20 2021
* Windows + OS X + Linux
* Update Firefox to 78.10.0esr
* Update NoScript to 11.2.4
* Bug 40007: Update domain fronting config for Moat [tor-launcher]
* Bug 40390: Add Burmese as a new locale [tor-browser]
* Bug 40408: Disallow SVG Context Paint in all web content [tor-browser]
Tor Browser 10.5a14 -- April 11 2021
* All Platforms
* Update NoScript to 11.2.4
* Translations update
* Bug 40261: Bump versions of snowflake and webrtc [tor-browser-build]
* Bug 40263: Update domain front for Snowflake [tor-browser-build]
* Bug 40390: Add Burmese as a new locale [tor-browser]
* Windows + OS X + Linux
* Bug 40007: Update domain fronting config for Moat [tor-launcher]
Tor Browser 10.0.15 -- April 7 2021
* All Platforms
* Update Openssl to 1.1.1k
* Bug 40030: Add 'noscript' capability to NoScript [torbutton]
* Android
* Update Fenix to 87.0.0
* Update NoScript to 11.2.4
* Update Tor to 0.4.5.7
* Translations update
* Bug 40045: Add External App Prompt for Sharing Images [android-components]
* Bug 40047: Rebase android-components patches for Fenix 87.0.0 [android-components]
* Bug 40151: Remove survey banner on TBA-stable [fenix]
* Bug 40153: Rebase Fenix patches to Fenix 87.0.0 [fenix]
* Bug 40365: Rebase 10.5 patches on 87.0 [tor-browser]
* Bug 40383: Disable dom.enable_event_timing [tor-browser]
* Build System
* Android
* Bug 40162: Build Fenix instrumented tests apk [tor-browser-build]
* Bug 40172: Move Gradle compilers out of android-toolchain to own gradle project [tor-browser-build]
* Bug 40241: Update components for mozilla87-based Fenix [tor-browser-build]
Tor Browser 10.5a13 -- March 24 2021
* Windows + OS X + Linux
* Update Firefox to 78.9.0esr
* Update NoScript to 11.2.3
* Update Openssl to 1.1.1k
* Update Tor to 0.4.6.1-alpha
* Translations update
* Bug 40030: DuckDuckGo redirect to html doesn't work [torbutton]
* Bug 40032: Remove Snowflake survey banner from TB-alpha [torbutton]
* Android
* Update Fenix to 87.0.0
* Bug 40047: Rebase android-components patches for Fenix 87.0.0 [android-components]
* Bug 40153: Rebase Fenix patches to Fenix 87.0.0 [fenix]
* Bug 40365: Rebase 10.5 patches on 87.0 [tor-browser]
* Bug 40383: Disable dom.enable_event_timing [tor-browser]
* Build System
* Windows + OS X + Linux
* Update Go to 1.15.10
* Bug 23631: Use rootless containers [tor-browser-build]
* Bug 40016: getfpaths is not setting origin_project [rbm]
* Windows
* Bug 40252: Bump mingw-w64 and clang for Firefox 78.9 [tor-browser-build]
Tor Browser 10.0.14 -- March 23 2021
* Windows + OS X + Linux
* Update Firefox to 78.9.0esr
* Update NoScript to 11.2.3
* Update Tor to 0.4.5.7
* Bug 40031: Remove survey banner on TB-stable [torbutton]
* Build System
* Windows
* Bug 40249: Bump mingw-w64 and clang for Firefox 78.9 [tor-browser-build]
Tor Browser 10.5a12 -- March 20 2021
* Android
* Update Fenix to 87.0.0-beta.2
* Update NoScript to 11.2.3
* Update Tor to 0.4.6.1-alpha
* Translations update
* Bug 40030: DuckDuckGo redirect to html doesn't work [torbutton]
* Bug 40043: Rebase android-components patches for Fenix 87 beta 2 builds [android-components]
* Bug 40045: Add External App Prompt for Sharing Images [android-components]
* Bug 40150: Rebase Fenix patches to Fenix 87 beta 2 [fenix]
* Bug 40361: Rebase tor-browser patches to 87.0b4 [tor-browser]
* Build System
* Android
* Update Go to 1.15.10
* Bug 23631: Use rootless containers [tor-browser-build]
* Bug 40016: getfpaths is not setting origin_project [rbm]
* Bug 40172: Move Gradle compilers out of android-toolchain to own gradle project [tor-browser-build]
* Bug 40241: Update components for mozilla87-based Fenix [tor-browser-build]
Tor Browser 10.0.13 -- March 3 2021
* Linux
* Bug 40328: Fix instability after upgrading to glibc 2.33
Tor Browser 10.5a11 -- February 23 2021
* All Platforms
* Update NoScript to 11.2.2
* Update Openssl to 1.1.1j
* Update Tor to 0.4.5.6
* Windows + OS X + Linux
* Update Firefox to 78.8.0esr
* Bug 40029: Create survey banner on about:tor for snowflake [torbutton]
* Bug 40209: Implement Basic Crypto Safety [tor-browser]
* OS X + Linux
* Update HTTPS Everywhere to 2021.1.27
* Bug 40212: Bump version of snowflake and webrtc [tor-browser-build]
* Android
* Update Firefox to 86.1.0
* Bug 40144: Hide Download Manager [fenix]
* Bug 40148: Create survey banner on about:tor for Snowflake [fenix]
* Bug 40344: Set privacy.window.name.update.enabled=false [tor-browser]
* Build System
* Linux
* Bug 40235: Bump apt for Jessie containers [tor-browser-build]
Tor Browser 10.0.12 -- February 23 2021
* All Platforms
* Update NoScript to 11.2.2
* Update Openssl to 1.1.1j
* Update Tor to 0.4.5.6
* Windows + OS X + Linux
* Update Firefox to 78.8.0esr
* Bug 40026: Create survey banner on about:tor for desktop [torbutton]
* Bug 40287: Switch DDG search from POST to GET [tor-browser]
* Android
* Update Firefox to 86.1.0
* Bug 40138: Create survey banner on about:tor for Android [fenix]
* Bug 40144: Hide Download Manager [fenix]
* Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware [tor-browser]
* Bug 40188: Build and ship snowflake only if it is enabled [tor-browser-build]
* Bug 40309: Avoid using regional OS locales [tor-browser]
* Bug 40344: Set privacy.window.name.update.enabled=false [tor-browser]
* Build System
* Android
* Bug 40214: Update AMO Collection URL [tor-browser-build]
* Bug 40217: Update components for switch to mozilla86-based Fenix [tor-browser-build]
Tor Browser 10.5a10 -- February 7 2021
* Windows
* Update Firefox to 78.7.1esr
* Update HTTPS Everywhere to 2021.1.27
* Bug 40212: Bump version of snowflake and webrtc [tor-browser-build]
Tor Browser 10.0.11 -- February 6 2021
* Windows
* Update Firefox to 78.7.1esr
Tor Browser 10.5a9 -- February 5 2021
* Android
* Update Fenix to 86.0.0-beta.2
* Update HTTPS Everywhere to 2021.1.27
* Update NoScript to 11.2
* Bug 40041: Rebase android-components patches for Fenix 86 beta 2 builds [android-components]
* Bug 40109: Reduce requested permissions [fenix]
* Bug 40141: Hide EME site permission [fenix]
* Bug 40143: Use deterministic date in Test apk [fenix]
* Bug 40146: Rebase Fenix patches to Fenix 86 beta 2 [fenix]
* Bug 40188: Build and ship snowflake only if it is enabled [tor-browser-build}
* Bug 40212: Bump version of snowflake and webrtc [tor-browser-build]
* Bug 40308: Disable network partitioning until we evaluate dFPI [tor-browser]
* Bug 40309: Avoid using regional OS locales [tor-browser]
* Bug 40320: Rebase tor-browser patches to 86.0b5 [tor-browser]
* Build System
* Android
* Bug 40214: Update AMO Collection URL [tor-browser-build]
* Bug 40217: Update components for switch to mozilla86-based Fenix [tor-browser-build]
Tor Browser 10.0.10 -- February 3 2021
* All Platforms
* Update NoScript to 11.2
* Update HTTPS Everywhere to 2021.1.27
* Bug 40224: Backport Tor patch for v3 onion services [tor-browser-build]
* Android
* Pick up fix for Mozilla's bug 1688783
* Pick up fix for Mozilla's bug 1688017
Tor Browser 10.5a8 -- January 26 2021
* All Platforms
* Update NoScript to 11.1.9
* Update Tor to 0.4.5.4-rc
* Windows + OS X + Linux
* Update Firefox to 78.7.0esr
* Bug 40249: Remove EOY 2020 Campaign [tor-browser]
* Bug 40307: Rebase 10.5 patches onto 78.7.0esr [tor-browser]
* Android
* Update Fenix to 85.1.0
* Bug 40037: Rebase 10.5 patches onto 70.0.16 [android-components]
* Bug 40137: Remove EOY 2020 Campaign [fenix]
* Bug 40139: Rebase 10.5 patches onto 85.1.0 [fenix]
* Bug 40305: Rebase 10.5 patches onto 85.0 [tor-browser]
* Build System
* All Platforms
* Update Go to 1.15.7
* Bug 33693: Change snowflake and meek dummy address [tor-browser]
* Android
* Bug 40208: Mitigate uniffi non-deterministic code generation [tor-browser-build]
* Linux
* Bug 40112: Strip libstdc++ we ship [tor-browser-build]
Tor Browser 10.0.9 -- January 26 2021
* All Platforms
* Update NoScript to 11.1.9
* Windows + OS X + Linux
* Update Firefox to 78.7.0esr
* Bug 40249: Remove EOY 2020 Campaign [tor-browser]
* Android
* Update Fenix to 85.1.0
* Bug 40137: Remove EOY 2020 Campaign [fenix]
* Bug 40165: Update zstd to 1.4.8 [tor-browser-build]
* Bug 40308: Disable network state partitioning until audit [tor-browser]
* Build System
* All Platforms
* Update Go to 1.14.14
* Android
* Bug 40190: Update toolchain for Fenix 85 [tor-browser-build]
* Bug 40191: Update Fenix and dependencies to 85.0.0-beta1 [tor-browser-build]
* Bug 40193: Build all mobile Rust targets in a single step [tor-browser-build]
* Bug 40208: Mitigate uniffi non-deterministic code generation [tor-browser-build]
Tor Browser 10.5a7 -- January 19 2021
* All Platforms
* Update NoScript to 11.1.8
* Bug 40204: Update Tor to 0.4.5.3-rc
* Translations update
* Windows + OS X + Linux
* Update Firefox to 78.6.1esr
* Bug 40287: Switch DDG search from POST to GET [tor-browser]
* Bug 40297: Rebase 10.5 patches onto 78.6.1esr [tor-browser]
* Android
* Bug 40036: Rebase patches onto v70.0.11 [android-components]
* Bug 40134: Rebase patches onto v85.0.0-beta.7 [fenix]
* Bug 40293: Rebase patches onto 85.0b9-build1 [tor-browser]
* Bug 40165: Update zstd to 1.4.8 [tor-browser-build]
* OS X
* Bug 40262: Browser tabs crashing on the new Macbooks with the M1 chip [tor-browser]
* Build System
* All Platforms
* Bug 40194: Remove osname part in cbindgen filename [tor-browser-build]
* Android
* Bug 40162: Build Fenix instrumented tests apk [tor-browser-build]
* Bug 40190: Update toolchain for Fenix 85 [tor-browser-build]
* Bug 40191: Update Fenix and dependencies to 85.0.0-beta1 [tor-browser-build]
* Bug 40193: Build all mobile Rust targets in a single step [tor-browser-build]
* Bug 40195: repo.spring.io is not usable anymore [tor-browser-build]
Tor Browser 10.0.8 -- January 12 2021
* All Platforms
* Update NoScript to 11.1.7
* Windows + OS X + Linux
* Update Firefox to 78.6.1esr
* Android
* Update Fenix to 84.1.4
* OS X
* Bug 40262: Browser tabs crashing on the new Macbooks with the M1 chip [tor-browser]
* Build System
* Android
* Bug 40195: repo.spring.io is not usable anymore [tor-browser-build]
Tor Browser 10.5a6 -- December 15 2020
* All Platforms
* Update NoScript to 11.1.6
* Bug 40175: Update obfs4proxy's TLS certificate public key pinning [tor-browser-build]
* Bug 40176: Update openssl to 1.1.1i [tor-browser-build]
* Windows + OS X + Linux
* Update Firefox to 78.6.0esr
* Update HTTPS Everywhere to 2020.11.17
* Update Tor to 0.4.5.2-alpha
* Bug 33803: Add a secondary nightly MAR signing key [tor-browser]
* Bug 40138: Move our primary nightly MAR signing key to tor-browser [tor-browser-build]
* Bug 40159: Update snowflake to ece43cbf [tor-browser-build]
* Android
* Update Fenix to 84.1.0
* Linux
* Bug 40226: Crash on Fedora Workstation Rawhide GNOME [tor-browser]
* Build System
* All Platforms
* Bug 40169: Update apt package cache after calling pre_pkginst, too [tor-browser-build]
* Bug 40183: Pick up Go 1.15.6 [tor-browser-build]
* Windows + OS X + Linux
* Bug 40081: Build Mozilla code with --enable-rust-simd [tor-browser-build]
* Bug 40166: Update apt cache before calling pre_pkginst in container-image config [tor-browser-build]
* Android
* Bug 40184: Update Fenix and deps to 84.1.0 [tor-browser-build]
* OS X
* Bug 40147: Remove RANLIB workaround once we pick up 0.4.5.2-alpha [tor-browser-build]
Tor Browser 10.0.7 -- December 15 2020
* All Platforms
* Update HTTPS Everywhere to 2020.11.17
* Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
* Bug 40176: Update openssl to 1.1.1i [tor-browser-build]
* Windows + OS X + Linux
* Update Firefox to 78.6.0esr
* Android
* Update Fenix to 84.1.0
* Update NoScript to 11.1.6
* Linux
* Bug 40226: Crash on Fedora Workstation Rawhide GNOME [tor-browser]
* Build System
* All Platforms
* Bug 40139: Pick up rbm commit for bug 40008 [tor-browser-build]
* Bug 40161: Update Go compiler to 1.14.13 [tor-browser-build]
* Android
* Bug 40128: Allow updating Fenix allowed_addons.json [tor-browser-build]
* Bug 40140: Create own Gradle project [tor-browser-build]
* Bug 40155: Update toolchain for Fenix 84 [tor-browser-build]
* Bug 40156: Update Fenix and dependencies to 84.0.0-beta2 [tor-browser-build]
* Bug 40163: Avoid checking hash of .pom files [tor-browser-build]
* Bug 40171: Include all uniffi-rs artifacts into application-services [tor-browser-build]
* Bug 40184: Update Fenix and deps to 84.1.0 [tor-browser-build]
Tor Browser 10.0.6 -- December 8 2020
* All Platforms
* Bug 40175: Update obfs4proxy's TLS certificate public key pinning [tor-browser-build]
Tor Browser 10.5a5 -- December 7 2020
* Android
* Update Fenix to 84.0.0-beta.2
* Update HTTPS Everywhere to 2020.11.17
* Update Tor to 0.4.5.2-alpha
* Translations update
* Bug 40159: Update snowflake to ece43cbf [tor-browser-build]
* Bug 40236: Rebase tor-browser patches to 84.0b1 [tor-browser]
* Bug 40258: Rebase tor-browser patches to 84.0b7 [tor-browser]
* Bug 40119: Rebase Fenix patches to Fenix 84 beta 2 [fenix]
* Bug 40027: Rebase android-components patches for Fenix 84 beta 2 builds [android-components]
* Build System
* Android
* Bug 40081: Build Mozilla code with --enable-rust-simd [tor-browser-build]
* Bug 40128: Allow updating Fenix allowed_addons.json [tor-browser-build]
* Bug 40140: Create own Gradle project [tor-browser-build]
* Bug 40155: Update toolchain for Fenix 84 [tor-browser-build]
* Bug 40156: Update Fenix and dependencies to 84.0.0-beta2 [tor-browser-build]
* Bug 40161: Pick up Go 1.15.5 [tor-browser-build]
* Bug 40163: Bug 40163: Avoid checking hash of .pom files [tor-browser-build]
* Bug 40166: Update apt cache before calling pre_pkginst in container-image config [tor-browser-build]
* Bug 40171: Include all uniffi-rs artifacts into application-services [tor-browser-build]
Tor Browser 10.5a4 -- November 17 2020
* All Platforms
* Update Tor to 0.4.5.1-alpha
* Bug 40212: Add new default bridge "PraxedisGuerrero" [tor-browser]
* Windows + OS X + Linux
* Update Firefox to 78.5.0esr
* Android
* Update Fenix to 83.1.0
* Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
* Bug 40137: Built-in https-everywhere storage is not migrated to idb [tor-browser]
* Bug 40152: Top Crash: android.database.sqlite.SQLiteConstraintException [tor-browser-build]
* Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware [tor-browser]
* Bug 40205: Replace occurrence of EmptyCString with 0-length _ns literal [tor-browser]
* Bug 40206: Disable the /etc/hosts parser [tor-browser]
* Translations update
* Build System
* OS X
* Bug 40139: Set RANLIB in macOS tor build [tor-browser-build]
* Android
* Bug 40211: Lower required build-tools version to 29.0.2 [tor-browser]
* Bug 40126: Bump Node to 10.22.1 for mozilla83 [tor-browser-build]
* Bug 40127: Update components for switch to mozilla83-based Fenix [tor-browser-build]
Tor Browser 10.0.5 -- November 27 2020
* All Platforms
* Update Tor to 0.4.4.6
* Bug 40212: Add new default obfs4 bridge [tor-browser]
* Windows + OS X + Linux
* Update Firefox to 78.5.0esr
* Android
* Update Fenix to 83.1.0
* Translations update
* Bug 40152: Top Crash: android.database.sqlite.SQLiteConstraintException [tor-browser-build]
* Bug 40205: Replace occurrence of EmptyCString with 0-length _ns literal [tor-browser]
* Build System
* Android
* Bug 40126: Update toolchains for Fenix 83 [tor-browser-build]
* Bug 40126: Bump Node to 10.22.1 for mozilla83 [tor-browser-build]
* Bug 40127: Update GeckoView to 83, android-components to 63.0.1, and Fenix to 83.0.0b2 [tor-browser-build]
* Bug 40160: Update Fenix to 83.1.0, and android-components to 63.0.9 [tor-browser-build]
* Bug 40211: Lower required build-tools version to 29.0.2 [tor-browser]
Tor Browser 10.5a3 -- November 10 2020
* All Platforms
* Update NoScript to 11.1.5
* Bug 40022: EOY November Update - Matching [torbutton]
* Bug 40064: Bump libevent to 2.1.12 [tor-browser-build]
* Translations update
* Windows + OS X + Linux
* Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
* Bug 40021: Keep page shown after Tor Browser update purple [torbutton]
* Bug 40137: Migrate https-everywhere storage to idb [tor-browser]
* Bug 40219: Backport fix for Mozilla's bug 1675905 [tor-browser]
* Android
* Pick up fix for Mozilla's bug 1675905 (with GeckoView 82.0.3)
* Bug 40106: EOY November Update - Matching [fenix]
* Build System
* All Platforms
* Bug 40079: Bump Go to 1.15.4 [tor-browser-build]
* Windows + OS X + Linux
* Bug 40133: Bump Rust version for ESR 78 to 1.43.0 [tor-browser-build]
Tor Browser 10.0.4 -- November 9 2020
* All Platforms
* Update NoScript to 11.1.5
* Bug 40022: EOY November Update - Matching [torbutton]
* Bug 40219: Backport Mozilla Bug 1675905 [tor-browser]
* Translations update
* Windows + OS X + Linux
* Bug 40021: Keep page shown after Tor Browser update purple [torbutton]
* Android
* Bug 40106: EOY November Update - Matching [fenix]
* Translations update
* Build System
* All Platforms
* Update Go to 1.14.11
* Windows + OS X + Linux
* Bug 40141: Include "desktop" in signed tag [tor-browser-build]
* Android
* Bug 40141: Include "android" in signed tag [tor-browser-build]
Tor Browser 10.0.3 -- November 2 2020
* Android
* Update Fenix to 82.1.1
* Update NoScript to 11.1.4
* Update OpenSSL to 1.1.1h
* Update Tor to 0.4.4.5
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 11154: Disable TLS 1.0 (and 1.1) by default
* Bug 16931: Sanitize the add-on blocklist update URL
* Bug 17374: Disable 1024-DH Encryption by default
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 30682: Disable Intermediate CA Preloading
* Bug 30812: Exempt about: pages from Resist Fingerprinting
* Bug 32886: Separate treatment of @media interaction features for desktop and android
* Bug 33534: Review FF release notes from FF69 to latest (FF78)
* Bug 33594: Disable telemetry collection (Glean)
* Bug 33851: Patch out Parental Controls detection and logging
* Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
* Bug 33862: Fix usages of createTransport API
* Bug 33962: Uplift patch for bug 5741 (dns leak protection)
* Bug 34125: API change in protocolProxyService.registerChannelFilter
* Bug 34338: Disable the crash reporter
* Bug 34377: Port padlock states for .onion services
* Bug 34378: Port external helper app prompting
* Bug 34401: Re-design Connect screen on Android
* Bug 34402: Re-design Network Settings Screen on Android
* Bug 34403: UI changes for "Only Private Browsing Mode" on Android
* Bug 34405: Re-design about:tor on Android
* Bug 34406: Re-design onion indicators for Android
* Bug 34407: Review all Fenix menu items
* Bug 30605: Honor privacy.spoof_english
* Bug 40001: Start Tor as part of the Fenix initialization [fenix]
* Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
* Bug 40002: Ensure system download manager is not used [android-components]
* Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
* Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
* Bug 40003: Block starting Tor when setup is not complete [tor-android-service]
* Bug 40004: "Tor Browser" string is used instead of "Alpha"/"Nightly" for non en-US locales [tor-android-service]
* Bug 40004: Fix noscript message passing for Firefox 79 [torbutton]
* Bug 40005: Modify WebExtensions Menu [android-components]
* Bug 40006: "Only Private Browsing Mode" on Android [fenix]
* Bug 40006: Add Security Level plumbing [android-components]
* Bug 40007: Port external helper app prompting [android-components]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40009: Change the default search engines [android-components]
* Bug 40010: Verify Sentry is disabled [fenix]
* Bug 40011: Verify Leanplum is disabled [fenix]
* Bug 40011: Hide option for disallowing addons in private mode [android-components]
* Bug 40012: Verify Adjust is disabled [fenix]
* Bug 40013: Timestamp is embedded in extension manifest files [android-components]
* Bug 40013: Verify InstallReferrer is disabled [fenix]
* Bug 40014: Verify Google Ads ID is disabled [fenix]
* Bug 40014: Set correct default Security Level [android-components]
* Bug 40015: Modify Fenix Home Menu [fenix]
* Bug 40016: Modify Fenix Settings Menu [fenix]
* Bug 40016: Allow inheriting from AddonCollectionProvider [android-components]
* Bug 40017: Rebase android-components patches to 60 [android-components]
* Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
* Bug 40018: Disable Push functionality [fenix]
* Bug 40019: Ensure missing Adjust token does not throw an exception [fenix]
* Bug 40019: Expose spoofEnglish pref [android-components]
* Bug 40020: Disable third-party cookies [android-components]
* Bug 40021: Force telemetry=false in Fennec settings migration [android-components]
* Bug 40022: Migrate tor security settings [android-components]
* Bug 40023: Stop Private Notification Service [android-components]
* Bug 40023: Rebase Tor Browser esr78 patches onto 80 beta [tor-browser]
* Bug 40024: Disable tracking protection by default [android-components]
* Bug 40026: Implement Security Level settings [fenix]
* Bug 40028: Implement bootstrapping and about:tor [fenix]
* Bug 40029: Rebase Fenix patches to 81.1.0b1 [fenix]
* Bug 40030: Install https-everywhere and noscript addons [fenix]
* Bug 40031: Hide Mozilla-specific items on About page [fenix]
* Bug 40032: Disallow Cleartext Traffic [fenix]
* Bug 40034: Disable PWA [fenix]
* Bug 40035: Maybe hide Quick Start in release [fenix]
* Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
* Bug 40039: Implement Bridge configuration from Connect screen [fenix]
* Bug 40040: Investigate why bootstrapping fails [fenix]
* Bug 40041: Implement Network settings [fenix]
* Bug 40042: Timestamp is embedded in extension manifest files [fenix]
* Bug 40044: Fixup Connect, Onboarding, and Home screens [fenix]
* Bug 40048: Disable various ESR78 features via prefs [tor-browser]
* Bug 40050: Rebase Fenix patches to Fenix 82 [fenix]
* Bug 40053: Select your security settings panel on start page is confusing [fenix]
* Bug 40054: Search engines on mobile Tor Browser don't match the desktop ones [fenix]
* Bug 40058: Disabling/Enabling addon still shows option to disallow in private mode [fenix]
* Bug 40058: Hide option for disallowing addon in private mode [fenix]
* Bug 40061: Do not show "Send to device" in sharing menu [fenix]
* Bug 40062: HTTPS Everywhere is not shown as installed [fenix]
* Bug 40063: Do not sort search engines alphabetically [fenix]
* Bug 40064: Modify Nighty (and Debug) build variants [fenix]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40066: Update existing prefs for ESR 78 [tor-browser]
* Bug 40067: Make date on Fenix about page reproducible [fenix]
* Bug 40068: Tor Service closes when changing theme [fenix]
* Bug 40069: Add helpers for message passing with extensions [tor-browser]
* Bug 40071: Show only supported locales [fenix]
* Bug 40072: Bug 40072: Disable Tracking Protection [fenix]
* Bug 40073: Use correct branding on About page [fenix]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
* Bug 40076: "Explore privately" not visible [fenix]
* Bug 40078: Crash at Android startup from background service [fenix]
* Bug 40082: Security level is reset when the app is killed [fenix]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40083: Locale ordering in BuildConfig is non-deterministic [fenix]
* Bug 40087: Implement a switch for english locale spoofing [fenix]
* Bug 40088: Use Tor Browser logo in migration screen [fenix]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40093: Enable Quit menu button [fenix]
* Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment [fenix]
* Bug 40095: Hide "Sign in to sync" in bookmarks [fenix]
* Bug 40095: Review Mozilla developer notes for 79-81 (including) [tor-browser]
* Bug 40096: Review closed Mozilla bugs between 79-81 (inclusive) for GeckoView [tor-browser]
* Bug 40097: Rebase browser patches to 81.0b1 [tor-browser]
* Bug 40097: Bump allowed_addons.json [fenix]
* Bug 40098: Implement EOY home screen [fenix]
* Bug 40100: Resolve startup crashes in debug build [fenix]
* Bug 40112: Check that caching stylesheets per document group adheres to FPI [tor-browser]
* Bug 40119: Update Fenix dependencies for 81.1.2 [fenix]
* Bug 40125: Geckoview: Expose security level interface [tor-browser]
* Bug 40133: Rebase tor-browser patches to 82.0b1 [tor-browser]
* Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
* Bug 40172: Security UI not updated for non-https .onion pages in Fenix [tor-browser]
* Bug 40173: Initialize security_slider in GeckoView at 4 [tor-browser]
* Bug 40198: Expose privacy.spoof_english pref [tor-browser]
* Bug 40199: Avoid using system locale for intl.accept_languages [tor-browser]
* Translations update
* Build System
* Android
* Update Go to 1.14.10
* Bug 33556: Add TBB project for android-components
* Bug 33557: Update Android toolchain for Fenix
* Bug 33558: Update tor-onion-proxy-library to use toolchain for Fenix
* Bug 33559: Update tor-android-service to use toolchain for Fenix
* Bug 33561: Update OpenSSL to use Android NDK 20
* Bug 33563: Update Tor to use Android NDK 20
* Bug 33564: Update ZSTD to use Android NDK 20
* Bug 33626: Add project for GeckoView
* Bug 33670: Update rbm.conf to match NDK 20
* Bug 33801: Update Go project to use new Android toolchain
* Bug 33833: Update Rust project to use Android NDK 20
* Bug 33927: Add tor-browser-build project for fenix
* Bug 33935: Fenix's classes5.dex files are not reproducible
* Bug 33973: Create fat .aar for GeckoView
* Bug 34011: Bump clang to 9.0.1
* Bug 34012: Bump cbindgen to 0.14.3
* Bug 34013: Bump Node to 10.21.0
* Bug 34014: Enable sqlite3 support in Python
* Bug 34101: Add tor-browser-build project for application-services
* Bug 34163: testbuild target is broken for Tor Browser 64 bit
* Bug 34187: Update zlib to use Android NDK 20
* Bug 34360: Bump binutils version to 2.35.1
* Bug 40010: Add nss project for application-services [tor-browser-build]
* Bug 40011: Add sqlcipher for application-services [tor-browser-build]
* Bug 40029: Clean-up all projects to remove fennec bits we don't need for fenix [tor-browser-build]
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40039: Remove version_path in nss project [tor-browser-build]
* Bug 40040: Wire geckoview, application-services, android-components, and fenix together [tor-browser-build]
* Bug 40054: Adapt build.android script in tor-browser project for fenix [tor-browser-build]
* Bug 40055: Integrate building Glean in offline mode [tor-browser-build]
* Bug 40057: Include translations into build process in the fenix world [tor-browser-build]
* Bug 40058: Build Fenix with tor-android-service and tor-onion-proxy-library [tor-browser-build]
* Bug 40060: Set Fenix Version Name in build [tor-browser-build]
* Bug 40061: Remove Android SDK 28 [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40068: Bump versions for Fenix 81.1.0b1 dependencies [tor-browser-build]
* Bug 40072: Tor libraries are missing in final .apk after switch to 81.1.0b1 [tor-browser-build]
* Bug 40076: Use our android-components repo on GitLab [tor-browser-build]
* Bug 40078: Bump Gradle version for Fenix to 6.5.1 [tor-browser-build]
* Bug 40084: Generation of AndroidManifest.xml is not reproducible [tor-browser-build]
* Bug 40085+40086: classes.dex files are not reproducible in Fenix [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Bug 40088+40117: Use MOZ_BUILD_DATE for extension manifest timestamps [tor-browser-build]
* Bug 40093: Ensure application-services libs do not include libc networking symbols [tor-browser-build]
* Bug 40094: Aarch64 fenix rust cross-compilation fails [tor-browser-build]
* Bug 40095: The pattern for the apk variable in build.android is matching too much [tor-browser-build]
* Bug 40097: Update toolchain for Fenix 82 [tor-browser-build]
* Bug 40101: Pick up Fenix 81.1.1 [tor-browser-build]
* Bug 40105: Enhance Gradle dependency script (sort deterministically and exclude .module files) [tor-browser-build]
* Bug 40106: Support using geckoview as well [tor-browser-build]
* Bug 40108: android-components does not bundle tooling-glean-gradle archive, only .pom file [tor-browser-build]
* Bug 40113: Nightly Android should use Nightly branding [tor-browser-build]
* Bug 40115: Update components for switch to mozilla82-based Fenix [tor-browser-build]
* Bug 40121: Use updated glean_parser for application-services as well [tor-browser-build]
* Bug 40124: Remove unused torbrowser-android-all (and related) targets [tor-browser-build]
* Bug 40125: Remove fenix-* projects [tor-browser-build]
* Bug 40129: application-services is missing rustc in PATH [tor-browser-build]
* Bug 40130: More mobile clean-up [tor-browser-build]
Tor Browser 10.0a9 -- October 26 2020
* Android
* Update Fenix to 82.1.1
* Update NoScript to 11.1.3
* Update OpenSSL to 1.1.1h
* Bug 30605: Honor privacy.spoof_english
* Bug 40003: Block starting Tor when setup is not complete [tor-android-service]
* Bug 40004: "Tor Browser" string is used instead of "Alpha"/"Nightly" for non en-US locales [tor-android-service]
* Bug 40016: Allow inheriting from AddonCollectionProvider [android-components]
* Bug 40017: Rebase android-components patches to 60 [android-components]
* Bug 40019: Expose spoofEnglish pref [android-components]
* Bug 40020: Disable third-party cookies [android-components]
* Bug 40021: Force telemetry=false in Fennec settings migration [android-components]
* Bug 40022: Migrate tor security settings [android-components]
* Bug 40023: Stop Private Notification Service [android-components]
* Bug 40024: Disable tracking protection by default [android-components]
* Bug 40050: Rebase Fenix patches to Fenix 82 [fenix]
* Bug 40053: Select your security settings panel on start page is confusing [fenix]
* Bug 40058: Disabling/Enabling addon still shows option to disallow in private mode [fenix]
* Bug 40062: HTTPS Everywhere is not shown as installed [fenix]
* Bug 40068: Tor Service closes when changing theme [fenix]
* Bug 40071: Show only supported locales [fenix]
* Bug 40073: Use correct branding on About page [fenix]
* Bug 40076: "Explore privately" not visible [fenix]
* Bug 40078: Crash at Android startup from background service [fenix]
* Bug 40082: Security level is reset when the app is killed [fenix]
* Bug 40083: Locale ordering in BuildConfig is non-deterministic [fenix]
* Bug 40087: Implement a switch for english locale spoofing [fenix]
* Bug 40088: Use Tor Browser logo in migration screen [fenix]
* Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment [fenix]
* Bug 40095: Hide "Sign in to sync" in bookmarks [fenix]
* Bug 40097: Bump allowed_addons.json [fenix]
* Bug 40133: Rebase tor-browser patches to 82.0b1 [tor-browser]
* Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
* Bug 40198: Expose privacy.spoof_english pref [tor-browser]
* Bug 40199: Avoid using system locale for intl.accept_languages [tor-browser]
* Translations update
* Build System
* Android
* Update Go to 1.14.10
* Bug 34360: Bump binutils version to 2.35.1
* Bug 40097: Update toolchain for Fenix 82 [tor-browser-build]
* Bug 40108: Package tooling-glean-gradle archive, too [tor-browser-build]
* Bug 40115: Update components for switch to mozilla82-based Fenix [tor-browser-build]
* Bug 40121: Use updated glean_parser for application-services as well [tor-browser-build]
* Bug 40124: Remove unused torbrowser-android-all (and related) targets [tor-browser-build]
* Bug 40125: Remove fenix-* projects [tor-browser-build]
* Bug 40129: application-services is missing rustc in PATH [tor-browser-build]
* Bug 40130: More mobile clean-up [tor-browser-build]
Tor Browser 10.5a2 -- October 20 2020
* Windows + OS X + Linux
* Update Firefox to 78.4.0esr
* Update NoScript to 11.1.3
* Update OpenSSL to 1.1.1h
* Update Tor Launcher to 0.2.26
* Translations update
* Bug 31767: Avoid using intl.locale.requested preference directly
* Bug 33954: Consider different approach for Bug 2176
* Bug 40011: Rename tor-browser-brand.ftl to brand.ftl [torbutton]
* Bug 40012: Fix about:tor not loading some images in 82 [torbutton]
* Bug 40013: End of year 2020 Fundraising campaign [torbutton]
* Bug 40016: Fix onion pattern for LTR locales [torbutton]
* Bug 40139: Update Onboarding icon for 10.0 [tor-browser]
* Bug 40148: Disable Picture-in-Picture until we investigate and possibly fix it [tor-browser]
* Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
* Bug 40192: Backport Mozilla Bug 1658881 [tor-browser]
* Translations update
* Windows
* Bug 40140: Videos stop working with Tor Browser 10.0 on Windows [tor-browser]
* Build System
* Windows + OS X + Linux
* Update Go to 1.14.10
* Bug 40104: Use our TMPDIR when creating our .mar files [tor-browser-build]
* Linux
* Bug 40118: Add missing libdrm dev package to firefox container [tor-browser-build]
* Windows
* Bug 34360: Bump binutils to 2.35.1
* Bug 40051: Remove SOURCE_DATE_EPOCH patch [tor-browser-build]
* Bug 40131: Remove unused binutils patches [tor-browser-build]
Tor Browser 10.0.2 -- October 20 2020
* Windows + OS X + Linux
* Update Firefox to 78.4.0esr
* Update NoScript to 11.1.3
* Bug 40192: Backport Mozilla Bug 1658881 [tor-browser]
* Translations update
* Linux
* Bug 40193: Add `AT_EMPTY_PATH` definition [tor-browser]
Tor Browser 10.0.1 -- October 13 2020
* Windows + OS X + Linux
* Update NoScript to 11.1.1
* Bump OpenSSL to 1.1.1h
* Update Tor Launcher to 0.2.26
* Bug 31767: Avoid using intl.locale.requested preference directly
* Bug 40013: End of year 2020 Fundraising campaign [torbutton]
* Bug 40016: Fix onion pattern for LTR locales [torbutton]
* Bug 40139: Update Onboarding icon for 10.0 [tor-browser]
* Bug 40148: Disable Picture-in-Picture until we investigate and possibly fix it [tor-browser]
* Translations update
* Windows
* Bug 40140: Videos stop working with Tor Browser 10.0 on Windows [tor-browser]
* Build System
* Windows + OS X + Linux
* Bump Go to 1.14.9
* Windows
* Bug 40051: Remove SOURCE_DATE_EPOCH patch for OpenSSL [tor-browser-build]
Tor Browser 10.0a8 -- October 8 2020
* Android
* Update Fenix to 81.1.2
* Update Tor to 0.4.4.5
* Update NoScript to 11.0.46
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 11154: Disable TLS 1.0 (and 1.1) by default
* Bug 16931: Sanitize the add-on blocklist update URL
* Bug 17374: Disable 1024-DH Encryption by default
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 30682: Disable Intermediate CA Preloading
* Bug 30812: Exempt about: pages from Resist Fingerprinting
* Bug 32886: Separate treatment of @media interaction features for desktop and android
* Bug 33534: Review FF release notes from FF69 to latest (FF78)
* Bug 33594: Disable telemetry collection (Glean)
* Bug 33851: Patch out Parental Controls detection and logging
* Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
* Bug 33862: Fix usages of createTransport API
* Bug 33962: Uplift patch for bug 5741 (dns leak protection)
* Bug 34125: API change in protocolProxyService.registerChannelFilter
* Bug 34338: Disable the crash reporter
* Bug 34377: Port padlock states for .onion services
* Bug 34378: Port external helper app prompting
* Bug 34401: Re-design Connect screen on Android
* Bug 34402: Re-design Network Settings Screen on Android
* Bug 34403: UI changes for "Only Private Browsing Mode" on Android
* Bug 34405: Re-design about:tor on Android
* Bug 34406: Re-design onion indicators for Android
* Bug 34407: Review all Fenix menu items
* Bug 40001: Start Tor as part of the Fenix initialization [fenix]
* Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
* Bug 40002: Ensure system download manager is not used [android-components]
* Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
* Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
* Bug 40004: Fix noscript message passing for Firefox 79 [torbutton]
* Bug 40005: Modify WebExtensions Menu [android-components]
* Bug 40006: "Only Private Browsing Mode" on Android [fenix]
* Bug 40006: Add Security Level plumbing [android-components]
* Bug 40007: Port external helper app prompting [android-components]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40009: Change the default search engines [android-components]
* Bug 40010: Verify Sentry is disabled [fenix]
* Bug 40011: Verify Leanplum is disabled [fenix]
* Bug 40011: Hide option for disallowing addons in private mode [android-components]
* Bug 40012: Verify Adjust is disabled [fenix]
* Bug 40013: Timestamp is embedded in extension manifest files [android-components]
* Bug 40013: Verify InstallReferrer is disabled [fenix]
* Bug 40014: Verify Google Ads ID is disabled [fenix]
* Bug 40014: Set correct default Security Level [android-components]
* Bug 40015: Modify Fenix Home Menu [fenix]
* Bug 40016: Modify Fenix Settings Menu [fenix]
* Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
* Bug 40018: Disable Push functionality [fenix]
* Bug 40019: Ensure missing Adjust token does not throw an exception [fenix]
* Bug 40023: Rebase Tor Browser esr78 patches onto 80 beta [tor-browser]
* Bug 40026: Implement Security Level settings [fenix]
* Bug 40028: Implement bootstrapping and about:tor [fenix]
* Bug 40029: Rebase Fenix patches to 81.1.0b1 [fenix]
* Bug 40030: Install https-everywhere and noscript addons [fenix]
* Bug 40031: Hide Mozilla-specific items on About page [fenix]
* Bug 40032: Disallow Cleartext Traffic [fenix]
* Bug 40034: Disable PWA [fenix]
* Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
* Bug 40035: Maybe hide Quick Start in release [fenix]
* Bug 40039: Implement Bridge configuration from Connect screen [fenix]
* Bug 40040: Investigate why bootstrapping fails [fenix]
* Bug 40041: Implement Network settings [fenix]
* Bug 40042: Timestamp is embedded in extension manifest files [fenix]
* Bug 40044: Fixup Connect, Onboarding, and Home screens [fenix]
* Bug 40048: Disable various ESR78 features via prefs [tor-browser]
* Bug 40054: Search engines on mobile Tor Browser don't match the desktop ones [fenix]
* Bug 40058: Hide option for disallowing addon in private mode [fenix]
* Bug 40061: Do not show "Send to device" in sharing menu [fenix]
* Bug 40063: Do not sort search engines alphabetically [fenix]
* Bug 40064: Modify Nighty (and Debug) build variants [fenix]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40066: Enable Snowflake on Beta [fenix]
* Bug 40066: Update existing prefs for ESR 78 [tor-browser]
* Bug 40067: Make date on Fenix about page reproducible [fenix]
* Bug 40069: Add helpers for message passing with extensions [tor-browser]
* Bug 40072: Bug 40072: Disable Tracking Protection [fenix]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40095: Review Mozilla developer notes for 79-81 (including) [tor-browser]
* Bug 40096: Review closed Mozilla bugs between 79-81 (inclusive) for GeckoView [tor-browser]
* Bug 40097: Rebase browser patches to 81.0b1 [tor-browser]
* Bug 40098: Initialize torbutton for Geckoview and make sure its features work as expected in Fenix [tor-browser]
* Bug 40112: Check that caching stylesheets per document group adheres to FPI [tor-browser]
* Bug 40119: Update Fenix dependencies for 81.1.2 [fenix]
* Bug 40125: Geckoview: Expose security level interface [tor-browser]
* Bug 40172: Security UI not updated for non-https .onion pages in Fenix [tor-browser]
* Bug 40173: Initialize security_slider in GeckoView at 4 [tor-browser]
* Translations update
* Build System
* Android
* Bump Go to 1.14.7
* Bug 33556: Add TBB project for android-components
* Bug 33557: Update Android toolchain for Fenix
* Bug 33558: Update tor-onion-proxy-library to use toolchain for Fenix
* Bug 33559: Update tor-android-service to use toolchain for Fenix
* Bug 33561: Update OpenSSL to use Android NDK 20
* Bug 33563: Update Tor to use Android NDK 20
* Bug 33564: Update ZSTD to use Android NDK 20
* Bug 33626: Add project for GeckoView
* Bug 33670: Update rbm.conf to match NDK 20
* Bug 33801: Update Go project to use new Android toolchain
* Bug 33833: Update Rust project to use Android NDK 20
* Bug 33927: Add tor-browser-build project for fenix
* Bug 33935: Fenix's classes5.dex files are not reproducible
* Bug 33973: Create fat .aar for GeckoView
* Bug 34011: Bump clang to 9.0.1
* Bug 34012: Bump cbindgen to 0.14.3
* Bug 34013: Bump Node to 10.21.0
* Bug 34014: Enable sqlite3 support in Python
* Bug 34101: Add tor-browser-build project for application-services
* Bug 34163: testbuild target is broken for Tor Browser 64 bit
* Bug 34187: Update zlib to use Android NDK 20
* Bug 40010: Add nss project for application-services [tor-browser-build]
* Bug 40011: Add sqlcipher for application-services [tor-browser-build]
* Bug 40029: Clean-up all projects to remove fennec bits we don't need for fenix [tor-browser-build]
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40039: Remove version_path in nss project [tor-browser-build]
* Bug 40040: Wire geckoview, application-services, android-components, and fenix together [tor-browser-build]
* Bug 40054: Adapt build.android script in tor-browser project for fenix [tor-browser-build]
* Bug 40055: Integrate building Glean in offline mode [tor-browser-build]
* Bug 40057: Include translations into build process in the fenix world [tor-browser-build]
* Bug 40058: Build Fenix with tor-android-service and tor-onion-proxy-library [tor-browser-build]
* Bug 40060: Set Fenix Version Name in build [tor-browser-build]
* Bug 40061: Remove Android SDK 28 [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40068: Bump versions for Fenix 81.1.0b1 dependencies [tor-browser-build]
* Bug 40072: Tor libraries are missing in final .apk after switch to 81.1.0b1 [tor-browser-build]
* Bug 40076: Use our android-components repo on GitLab [tor-browser-build]
* Bug 40078: Bump Gradle version for Fenix to 6.5.1 [tor-browser-build]
* Bug 40084: Generation of AndroidManifest.xml is not reproducible [tor-browser-build]
* Bug 40085+40086: classes.dex files are not reproducible in Fenix [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Bug 40088+40117: Use MOZ_BUILD_DATE for extension manifest timestamps [tor-browser-build]
* Bug 40093: Ensure application-services libs do not include libc networking symbols [tor-browser-build]
* Bug 40094: Aarch64 fenix rust cross-compilation fails [tor-browser-build]
* Bug 40095: The pattern for the apk variable in build.android is matching too much [tor-browser-build]
* Bug 40101: Pick up Fenix 81.1.1 [tor-browser-build]
* Bug 40105: Enhance Gradle dependency script (sort deterministically and exclude .module files) [tor-browser-build]
* Bug 40106: Support using geckoview as well [tor-browser-build]
* Bug 40108: android-components does not bundle tooling-glean-gradle archive, only .pom file [tor-browser-build]
* Bug 40113: Nightly Android should use Nightly branding [tor-browser-build]
Tor Browser 10.5a1 -- September 22 2020
* Windows + OS X + Linux
* Update Firefox to 78.3.0esr
* Update Tor to 0.4.4.5
* Update Tor Launcher to 0.2.25
* Translations update
* Update NoScript to 11.0.44
* Bug 40093: Youtube videos on safer produce an error [tor-browser]
* Translations update
* Linux
* Bug 40089: Remove CentOS 6 support for Tor Browser 10.5 [tor-browser]
* Build System
* Linux
* Bug 26238: Move to Debian Jessie for our Linux builds
* Bug 31729: Support Wayland
* Bug 40041: Remove CentOS 6 support for 10.5 series [tor-browser-build]
* Bug 40103: Add i386 pkg-config path for linux-i686 [tor-browser-build]
Tor Browser 10.0 -- September 22 2020
* Windows + OS X + Linux
* Update Firefox to 78.3.0esr
* Update Tor to 0.4.4.5
* Update Tor Launcher to 0.2.25
* Bug 32174: Replace XUL <textbox> with <html:input>
* Bug 33890: Rename XUL files to XHTML
* Bug 33862: Fix usages of createTransport API
* Bug 33906: Fix Tor-Launcher issues for Firefox 75
* Bug 33998: Use CSS grid instead of XUL grid
* Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
* Bug 34206: Tor Launcher button labels are missing (Firefox 76)
* Bug 40002: After rebasing to 80.0b2 moat is broken [tor-launcher]
* Translations update
* Update NoScript to 11.0.44
* Bug 40093: Youtube videos on safer produce an error [tor-browser]
* Translations update
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 11154: Disable TLS 1.0 (and 1.1) by default
* Bug 16931: Sanitize the add-on blocklist update URL
* Bug 17374: Disable 1024-DH Encryption by default
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 30682: Disable Intermediate CA Preloading
* Bug 30812: Exempt about: pages from Resist Fingerprinting
* Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78 [tor-browser]
* Bug 32612: Update MAR_CHANNEL_ID for the alpha
* Bug 32886: Separate treatment of @media interaction features for desktop and android
* Bug 33534: Review FF release notes from FF69 to latest (FF78)
* Bug 33697: Use old search config based on list.json
* Bug 33721: PDF Viewer is not working in the safest security level
* Bug 33734: Set MOZ_NORMANDY to False
* Bug 33737: Fix aboutDialog.js error for Firefox nightlies
* Bug 33848: Disable Enhanced Tracking Protection
* Bug 33851: Patch out Parental Controls detection and logging
* Bug 33852: Clean up about:logins to not mention Sync
* Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
* Bug 33862: Fix usages of createTransport API
* Bug 33867: Disable password manager and password generation
* Bug 33890: Rename XUL files to XHTML
* Bug 33892: Add brandProductName to brand.dtd and brand.properties
* Bug 33962: Uplift patch for bug 5741 (dns leak protection)
* Bug 34125: API change in protocolProxyService.registerChannelFilter
* Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
* Bug 40002: Remove about:pioneer [tor-browser]
* Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
* Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
* Bug 40005: Initialize the identity UI before setting up the circuit display [torbutton]
* Bug 40006: Fix new identity for 81 [torbutton]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
* Bug 40022: Update new icons in Tor Browser branding [tor-browser]
* Bug 40025: Revert add-on permissions due to Mozilla's 1560059 [tor-browser]
* Bug 40036: Remove product version/update channel from #13379 patch [tor-browser]
* Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
* Bug 40048: Disable various ESR78 features via prefs [tor-browser]
* Bug 40059: Verify our external helper patch is still working [tor-browser]
* Bug 40066: Update existing prefs for ESR 78 [tor-browser]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40078: Backport patches for bug 1651680 for now [tor-browser]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40088: Moat "Submit" button does not work
* Bug 40090: Disable v3 add-on blocklist for now [tor-browser]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha [tor-browser]
* Bug 40106: Cannot install addons in full screen mode [tor-browser]
* Bug 40109: Playing video breaks after reloading pages [tor-browser]
* Bug 40119: Enable v3 extension blocklisting again [tor-browser]
* Windows
* Bug 33855: Don't use site's icon as window icon in Windows in private mode
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* OS X
* Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
* Build System
* Windows + OS X + Linux
* Bump Go to 1.14.7
* Bug 31845: Bump GCC version to 9.3.0
* Bug 34011: Bump clang to 9.0.1
* Bug 34014: Enable sqlite3 support in Python
* Bug 34390: Don't copy DBM libraries anymore
* Bug 34391: Remove unused --enable-signmar option
* Bug 40004: Adapt Rust project for Firefox 78 ESR [tor-browser-build]
* Bug 40005: Adapt Node project for Firefox 78 ESR [tor-browser-build]
* Bug 40006: Adapt cbindgen for Firefox 78 ESR [tor-browser-build]
* Bug 40037: Move projects over to clang-source [tor-browser-build]
* Bug 40026: Fix full .mar creation for esr78 [tor-browser-build]
* Bug 40027: Fix incremental .mar creation for esr78 [tor-browser-build]
* Bug 40028: Do not reference unset env variables [tor-browser-build]
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40045: Fix complete .mar file creation for dmg2mar [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Windows
* Bug 34230: Update Windows toolchain for Firefox 78 ESR
* Bug 40015: Use only 64bit fxc2 [tor-browser-build]
* Bug 40017: Enable stripping again on Windows [tor-browser-build]
* Bug 40052: Bump NSIS to 3.06.1 [tor-browser-build]
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems [tor-browser-build]
* Bug 40077: Don't pass --no-insert-timestamp when building Firefox [tor-browser-build]
* Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore [tor-browser-build]
* OS X
* Bug 34229: Update macOS toolchain for Firefox 78 ESR
* Bug 40003: Update cctools version for Firefox 78 ESR [tor-browser-build]
* Bug 40018: Add libtapi project for cctools [tor-browser-build]
* Bug 40019: Ship our own runtime library for macOS [tor-browser-build]
* Linux
* Bug 34359: Adapt abicheck.cc to deal with newer GCC version
* Bug 34386: Fix up clang compilation on Linux
* Bug 40053: Also create the langpacks tarball for non-release builds [tor-browser-build]
Tor Browser 10.0a7 -- September 14 2020
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.24
* Update NoScript to 11.0.43
* Translations update
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 32017: Use ExtensionStorageIDB again
* Bug 40006: Fix new identity for 81 [torbutton]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha [tor-browser]
* Bug 40109: Playing video breaks after reloading pages [tor-browser]
* Big 40119: Enable v3 extension blocklisting again [tor-browser]
* Build System
* Windows + OS X + Linux
* Bump Go to 1.14.7
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40045: Fix complete .mar file creation for dmg2mar [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Windows
* Bug 40052: Bump NSIS to 3.06.1 [tor-browser-build]
* Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems [tor-browser-build]
* Bug 40077: Don't pass --no-insert-timestamp when building Firefox [tor-browser-build]
* Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore [tor-browser-build]
Tor Browser 10.0a6 -- August 26 2020
* All Platforms
* Update HTTPS Everywhere to 2020.08.13
* Windows + OS X + Linux
* Update Firefox to 78.2.0esr
* Update Tor Launcher to 0.2.23
* Bug 40002: After rebasing to 80.0b2 moat is broken [tor-launcher]
* Translations update
* Update NoScript to 11.0.39
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 40002: Remove about:pioneer [tor-browser]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40088: Moat "Submit" button does not work
* Bug 40090: Disable v3 add-on blocklist for now [tor-browser]
* OS X
* Bug 40015: Tor Browser broken on MacOS 11 Big Sur
* Android
* Update Firefox to 68.12.0esr
* Update NoScript to 11.0.38
* Update Tor to 0.4.4.4-rc
* Build System
* Windows + OS X + Linux
* Bump Go to 1.13.15
* Linux
* Bug 40053: Also create the langpacks tarball for non-release builds [tor-browser-build]
Tor Browser 9.5.4 -- August 25 2020
* All Platforms
* Update Firefox to 68.12.0esr
* Update HTTPS Everywhere to 2020.08.13
* Update NoScript to 11.0.38
* Windows + OS X + Linux
* Bug 40019: Onion-Location should not be processed on .onion webpages [tor-browser]
* OS X
* Bug 40015: Tor Browser is broken on MacOS 11 Big Sur [tor-browser]
Tor Browser 10.0a5 -- August 18 2020
* Windows + OS X + Linux
* Update Firefox to 78.1.0esr
* Update Tor to 0.4.4.4-rc
* Update Tor Launcher to 0.2.22
* Bug 32174: Replace XUL <textbox> with <html:input>
* Bug 33890: Rename XUL files to XHTML
* Bug 33862: Fix usages of createTransport API
* Bug 33906: Fix Tor-Launcher issues for Firefox 75
* Bug 33998: Use CSS grid instead of XUL grid
* Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
* Bug 34206: Tor Launcher button labels are missing (Firefox 76)
* Translations update
* Update NoScript to 11.0.37
* Bug 11154: Disable TLS 1.0 (and 1.1) by default
* Bug 16931: Sanitize the add-on blocklist update URL
* Bug 17374: Disable 1024-DH Encryption by default
* Bug 30682: Disable Intermediate CA Preloading
* Bug 30812: Exempt about: pages from Resist Fingerprinting
* Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78 [tor-browser]
* Bug 32612: Update MAR_CHANNEL_ID for the alpha
* Bug 32886: Separate treatment of @media interaction features for desktop and android
* Bug 33534: Review FF release notes from FF69 to latest (FF78)
* Bug 33697: Use old search config based on list.json
* Bug 33721: PDF Viewer is not working in the safest security level
* Bug 33734: Set MOZ_NORMANDY to False
* Bug 33737: Fix aboutDialog.js error for Firefox nightlies
* Bug 33848: Disable Enhanced Tracking Protection
* Bug 33851: Patch out Parental Controls detection and logging
* Bug 33852: Clean up about:logins to not mention Sync
* Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
* Bug 33862: Fix usages of createTransport API
* Bug 33867: Disable password manager and password generation
* Bug 33890: Rename XUL files to XHTML
* Bug 33892: Add brandProductName to brand.dtd and brand.properties
* Bug 33962: Uplift patch for bug 5741 (dns leak protection)
* Bug 34125: API change in protocolProxyService.registerChannelFilter
* Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
* Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
* Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
* Bug 40005: Initialize the identity UI before setting up the circuit display [torbutton]
* Bug 40016: Update Snowflake to discover NAT type [tor-browser-build]
* Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
* Bug 40022: Update new icons in Tor Browser branding [tor-browser]
* Bug 40025: Revert add-on permissions due to Mozilla's 1560059 [tor-browser]
* Bug 40036: Remove product version/update channel from #13379 patch [tor-browser]
* Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
* Bug 40048: Disable various ESR78 features via prefs [tor-browser]
* Bug 40059: Verify our external helper patch is still working [tor-browser]
* Bug 40066: Update existing prefs for ESR 78 [tor-browser]
* Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
* Bug 40078: Backport patches for bug 1651680 for now [tor-browser]
* Bug 40106: Cannot install addons in full screen mode [tor-browser]
* Translations update
* Windows
* Bug 33855: Don't use site's icon as window icon in Windows in private mode
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* OS X
* Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
* Build System
* Windows + OS X + Linux
* Bug 31845: Bump GCC version to 9.3.0
* Bug 34011: Bump clang to 9.0.1
* Bug 34014: Enable sqlite3 support in Python
* Bug 34390: Don't copy DBM libraries anymore
* Bug 34391: Remove unused --enable-signmar option
* Bug 40004: Adapt Rust project for Firefox 78 ESR [tor-browser-build]
* Bug 40005: Adapt Node project for Firefox 78 ESR [tor-browser-build]
* Bug 40006: Adapt cbindgen for Firefox 78 ESR [tor-browser-build]
* Bug 40037: Move projects over to clang-source [tor-browser-build]
* Bug 40026: Fix full .mar creation for esr78 [tor-browser-build]
* Bug 40027: Fix incremental .mar creation for esr78 [tor-browser-build]
* Bug 40028: Do not reference unset env variables [tor-browser-build]
* Windows
* Bug 34230: Update Windows toolchain for Firefox 78 ESR
* Bug 40015: Use only 64bit fxc2 [tor-browser-build]
* Bug 40017: Enable stripping again on Windows [tor-browser-build]
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* OS X
* Bug 34229: Update macOS toolchain for Firefox 78 ESR
* Bug 40003: Update cctools version for Firefox 78 ESR [tor-browser-build]
* Bug 40018: Add libtapi project for cctools [tor-browser-build]
* Bug 40019: Ship our own runtime library for macOS [tor-browser-build]
* Linux
* Bug 34359: Adapt abicheck.cc to deal with newer GCC version
* Bug 34386: Fix up clang compilation on Linux
Tor Browser 10.0a4 -- July 28 2020
* All Platforms
* Update Firefox to 68.11.0esr
* Update NoScript to 11.0.34
* Update Tor to 0.4.4.2-alpha
* Windows + OS X + Linux
* Bug 40019: Onion-Location should not be processed on .onion webpages [tor-browser]
Tor Browser 9.5.3 -- July 28 2020
* All Platforms
* Update Firefox to 68.11.0esr
* Update NoScript to 11.0.34
* Update Tor to 0.4.3.6
Tor Browser 10.0a3 -- July 7 2020
* Android
* Update Firefox to 68.10.1esr
Tor Browser 9.5.2 -- July 7 2020
* Android
* Update Firefox to 68.10.1esr
Tor Browser 10.0a2 -- June 30 2020
* All Platforms
* Update Firefox to 68.10.0esr
* Update NoScript to 11.0.32
* Update Tor to 0.4.4.1-alpha
* Translations update
* Bug 34209: about:tor and about:tbupdate fail to load in debug build
* Bug 34250: Only listen to 'started' in noscript-control.js
* Bug 34383: Accept request if GetHost() in mixed content blocking check fails
* Windows + OS X + Linux
* Bug 34361: "Prioritize .onion sites when known" appears under General
* Bug 34362: Improve Onion Service Authentication prompt
* Bug 34369: Fix learn more link in Onion Auth prompt
* Bug 34379: Fix learn more for Onion-Location
* Android
* Bug 34372: Disable GeckoNetworkManager
Tor Browser 9.5.1 -- June 30 2020
* All Platforms
* Update Firefox to 68.10.0esr
* Update NoScript to 11.0.32
* Translations update
* Bug 40009: Improve tor's client auth stability
* Windows + OS X + Linux
* Bug 34361: "Prioritize .onion sites when known" appears under General
* Bug 34362: Improve Onion Service Authentication prompt
* Bug 34369: Fix learn more link in Onion Auth prompt
* Bug 34379: Fix learn more for Onion-Location
* Bug 34347: The Tor Network part on the onboarding is not new anymore
Tor Browser 10.0a1 -- June 2 2020
* All Platforms
* Update Firefox to 68.9.0esr
* Update HTTPS-Everywhere to 2020.5.20
* Translations update
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.8
* Translations update
* Bug 34321: Add Learn More onboarding item
* Bug 34347: The Tor Network part on the onboarding is not new anymore
* Linux
* Bug 34315: Avoid reading policies from /etc/firefox on Linux
* Android
* Bug 30318: Integrate snowflake into mobile Tor Browser
* Bug 34219: Enable ZSTD support properly for Android
* Build System
* Windows
* Bug 31128: Move Windows containers to Debian 10
* Mac OS X
* Bug 31129: Move macOS containers to Debian 10
* Android
* Bug 28672: Android reproducible build of Snowflake
Tor Browser 9.5 -- June 2 2020
* All Platforms
* Update Firefox to 68.9.0esr
* Update HTTPS-Everywhere to 2020.5.20
* Update NoScript to 11.0.26
* Update Tor to 0.4.3.5
* Translations update
* Bug 21549: Disable wasm for now until it is properly audited
* Bug 27268: Preferences clean-up in Torbutton code
* Bug 28745: Remove torbutton.js unused code
* Bug 28746: Remove torbutton isolation and fp prefs sync
* Bug 30237: Control port module improvements for v3 client authentication
* Bug 30786: Add th locale
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 30851: Move default preferences to 000-tor-browser.js
* Bug 30888: Move torbutton_util.js to modules/utils.js
* Bug 31134: Govern graphite again by security settings
* Bug 31395: Remove inline script in aboutTor.xhtml
* Bug 31499: Update libevent to 2.1.11-stable
* Bug 33877: Disable Samples and Regression tests For Libevent Build
* Bug 31573: Catch SessionStore.jsm exception
* Bug 32318: Backport Mozilla's fix for bug 1534339
* Bug 32414: Make Services.search.addEngine obey FPI
* Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
* Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
* Bug 33342: Avoid disconnect search addon error after removal
* Bug 33726: Fix patch for #23247: Communicating security expectations for .onion
* Bug 34157: Backport fix for Mozilla Bug 1511941
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.8
* Translations update
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 30237: Add v3 onion services client authentication prompt
* Bug 30786: Add th locale
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
* Bug 19251: Show improved error pages for onion service errors
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 21952: Implement Onion-Location
* Bug 27604: Fix broken Tor Browser after moving it to a different directory
* Bug 28005: Implement .onion alias urlbar rewrites
* Bug 30237: Improve TBB UI of hidden service client authorization
* Bug 32076: Upgrade to goptlib v1.1.0
* Bug 32220: Improve the letterboxing experience
* Bug 32418: Allow updates to be disabled via an enterprise policy.
* Bug 32470: Backport fix for bug 1590538
* Bug 32645: Update URL bar onion indicators
* Bug 32658: Create a new MAR signing key
* Bug 32674: Point the about:tor "Get involved" link to the community portal
* Bug 32767: Remove Disconnect search
* Bug 33698: Update "About Tor Browser" links in Tor Browser
* Bug 33707: Swap out onion icon in circuit display with new one
* Bug 34032: Use Securedrop's Official https-everywhere ruleset
* Bug 34196: Update site info URL with the onion name
* Bug 34321: Add Learn More onboarding item
* Windows
* Bug 22919: Improve the random number generator for the boundaries in multipart/form-data
* Bug 29614: Use SHA-256 algorithm for Windows timestamping
* Bug 33113: Bump NSIS version to 3.05
* OS X
* Bug 32505: Tighten our rules in our entitlements file for macOS
* Linux
* Bug 27903: Tor Browser 8 does not respect gtk3 settings
* Bug 34315: Avoid reading policies from /etc/firefox on Linux
* Android
* Bug 26529: Notify user about possible proxy-bypass before opening external app
* Bug 30767: Custom obfs4 bridge does not work on Tor Browser for Android
* Bug 32303: Obfs4 is broken on Android Q
* Bug 33359: Use latest Version of TOPL and Remove Patches
* Bug 33931: obfs4 bridges are used instead of meek if meek is selected in Tor Browser for Android alpha
* Build System
* All Platforms
* Bump Go to 1.13.11
* Bug 33380: Add *.json to sha256sums-unsigned-build.txt
* Windows
* Bug 33802: --enable-secure-api is not supported anymore in mingw-w64
* Linux
* Bug 32976: Build and bundle geckodriver
* Bug 34242: Fix creation of Linux containers
* Android
* Bug 28765: LibEvent Build for Android
* Bug 28766: Tor Build for Android
* Bug 28803: Integrate building Pluggable Transports for Android
* Bug 30461: Clean up tor-android-service project
* Bug 32993: Package Tor With Tor Android Service Project
* Bug 33685: Add Support for Building zlib for Android
Tor Browser 9.5a13 -- May 20 2020
* All Platforms
* Bump NoScript to 11.0.26
* Bump Tor to 0.4.3.5
* Translations update
* Bug 34157: Backport fix for Mozilla Bug 1511941
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.7
* Translations update
* Bug 34196: Update site info URL with the onion name
* Bug 34043: Update snowflake to persist sessions across proxies
* Windows
* Bug 33113: Bump NSIS version to 3.05
* Build System
* All Platforms
* Bump Go to 1.13.11
* Linux
* Bug 34242: Fix creation of Linux containers
Tor Browser 9.5a12 -- May 7 2020
* All Platforms
* Update Firefox to 68.8.0esr
* Bump NoScript to 11.0.25
* Bump Tor to 0.4.3.4-rc
* Translations update
* Bug 31499: Update libevent to 2.1.11-stable
* Bug 33877: Disable Samples and Regression tests For Libevent Build
* Bug 33630: Remove noisebridge01 default bridge
* Bug 33726: Fix patch for #23247: Communicating security expectations for .onion
* Bug 34017: Bump openssl version to 1.1.1g
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.6
* Translations update
* Bug 33576: Update pion-webrtc version to 2.2.3
* Bug 32418: Allow updates to be disabled via an enterprise policy.
* Bug 34032: Use Securedrop's Official https-everywhere ruleset
* Bug 33698: Update "About Tor Browser" links in Tor Browser
* Windows
* Bug 29614: Use SHA-256 algorithm for Windows timestamping
* Android
* Bug 33359: Use latest Version of TOPL and Remove Patches
* Bug 33931: obfs4 bridges are used instead of meek if meek is selected in Tor Browser for Android alpha
* Build System
* All Platforms
* Bug 32027: Bump Go to 1.13.10
* Android
* Bug 28765: LibEvent Build for Android
* Bug 28766: Tor Build for Android
* Bug 32993: Package Tor With Tor Android Service Project
* Bug 33685: Add Support for Building zlib for Android
* Windows
* Bug 33802: --enable-secure-api is not supported anymore in mingw-w64
Tor Browser 9.0.10 -- May 5 2020
* All Platforms
* Update Firefox to 68.8.0esr
* Bump NoScript to 11.0.25
* Windows + OS X + Linux
* Bug 34017: Bump openssl version to 1.1.1g
Tor Browser 9.5a11 -- April 8 2020
* All Platforms
* Update Firefox to 68.7.0esr
* Bump Https-Everywhere to 2020.3.16
* Bump NoScript to 11.0.23
* Translations update
* Bug 33342: Avoid disconnect search addon error after removal
* Bug 33482: Update about:tor donate string
* Windows + OS X + Linux
* Bug 19251: Show improved error pages for onion service errors
* Bug 21952: Implement Onion-Location
* Bug 28005: Implement .onion alias urlbar rewrites
* Bug 33693: Bump Snowflake to ea01bf41c3
* Bug 33707: Swap out onion icon in circuit display with new one
* Bug 33723: Bump openssl version to 1.1.1f
* Bug 33761: Remove unnecessary snowflake dependencies
* Bug 33771: Update some existing licenses and add Libevent license
* Android
* Translations update
* Build System
* Windows
* Bug 33805: Remove escape-openssldir.patch
Tor Browser 9.0.9 -- April 7 2020
* All Platforms
* Update Firefox to 68.7.0esr
* Bump NoScript to 11.0.23
* Bug 33630: Remove noisebridge01 default bridge
* Windows + OS X + Linux
* Bug 33771: Update some existing licenses and add Libevent license
* Bug 33723: Bump openssl version to 1.1.1f
* Windows
* Bug 33805: Remove escape-openssldir.patch
Tor Browser 9.5a10 -- April 5 2020
* All Platforms
* Mozilla Bug 1620818 - Release nsDocShell::mContentViewer properly
* Mozilla Bug 1626728 - Normalize shutdown
Tor Browser 9.0.8 -- April 5 2020
* All Platforms
* Mozilla Bug 1620818 - Release nsDocShell::mContentViewer properly
* Mozilla Bug 1626728 - Normalize shutdown
Tor Browser 9.5a9 -- March 25 2020
* All Platforms
* Translations update
* Bump NoScript to 11.0.21
* Bug 33613: Disable Javascript on Safest security level
* Bug 33342: Avoid disconnect search addon error after removal
* Windows + OS X + Linux
* Bump Tor to 0.4.3.3-alpha
* Update Tor Launcher to 0.2.21.5
* Translations update
Tor Browser 9.0.7 -- March 20 2020
* All Platforms
* Bump NoScript to 11.0.19
* Bump Https-Everywhere to 2020.3.16
* Bug 33613: Disable Javascript on Safest security level
* Windows + OS X + Linux
* Bump Tor to 0.4.2.7
Tor Browser 9.5a8 -- March 13 2020
* All Platforms
* Update Firefox to 68.6.0esr
* Bump NoScript to 11.0.15
* Bug 33430: Disable downloadable fonts on Safest security level
* Translations update
* Build System
* Windows
* Bug 33535: Patch openssl to use SOURCE_DATE_EPOCH for copyright year
Tor Browser 9.0.6 -- March 11 2020
* All Platforms
* Update Firefox to 68.6.0esr
* Bump NoScript to 11.0.15
* Bug 33430: Disable downloadable fonts on Safest security level
* Build System
* Windows
* Bug 33535: Patch openssl to use SOURCE_DATE_EPOCH for copyright year
Tor Browser 9.5a7 -- March 6 2020
* All Platforms
* Translations update
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.3
* Translations update
* Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
* Bug 32645: Update URL bar onion indicators
Tor Browser 9.5a6 -- February 27 2020
* All Platforms
* Translations update
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.2
* Translations update
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
* Bug 32658: Create a new MAR signing key
* Build System
* All Platforms
* Bug 33380: Add *.json to sha256sums-unsigned-build.txt
Tor Browser 9.5a5 -- February 12 2020
* All Platforms
* Update Firefox to 68.5.0esr
* Bump NoScript to 11.0.13
* Translations update
* Bug 30237: Control port module improvements for v3 client authentication
* Bug 32891: Add new default bridges
* Bug 31395: Remove inline script in aboutTor.xhtml
* Bug 27268: Preferences clean-up in Torbutton code
* Bug 32470: Backport fix for bug 1590538
* Bug 32414: Make Services.search.addEngine obey FPI
* Bug 32948: Make referer behavior consistent regardless of private browing mode status
* Bug 22919: Improve the random number generator for the boundaries in multipart/form-data
* Windows + OS X + Linux
* Update Tor to 0.4.3.2-alpha
* Update Tor Launcher to 0.2.21.1
* Translations update
* Bug 30237: Add v3 onion services client authentication prompt
* Bug 32870: Update version of pion-webrtc
* Bug 32767: Remove Disconnect search
* Bug 30237: Add v3 onion services client authentication prompt
* Linux
* Bug 27903: Tor Browser 8 does not respect gtk3 settings
* Android
* Bug 30767: Custom obfs4 bridge does not work on Tor Browser for Android
* Build System
* Linux
* Bug 32976: Build and bundle geckodriver
* OS X
* Bug 33200: Fix permissions on bookmarks.html
Tor Browser 9.0.5 -- February 11 2020
* All Platforms
* Update Firefox to 68.5.0esr
* Bump NoScript to 11.0.13
* Bug 32053: Fix LLVM reproducibility issues
* Bug 32255: Missing ORIGIN header breaks CORS
* Bug 32891: Add new default bridges
* Windows + OS X + Linux
* Bump Tor to 0.4.2.6
* Windows
* Bug 32132: Re-enable jemalloc for Windows users
* Build System
* All Platforms
* Bug 32739: Bump clang to 8.0.1
* OS X
* Bug 33200: Fix permissions on bookmarks.html
Tor Browser 9.5a4 -- January 10 2020
* All Platforms
* Update Firefox to 68.4.1esr
* Bump NoScript to 11.0.11
* Translations update
* Bug 31134: Govern graphite again by security settings
* Bug 31855: Remove End of Year Fundraising Campaign from about:tor
* Bug 32053: Fix LLVM reproducibility issues
* Bug 32547: Add new default bridge at UMN
* Bug 32659: Remove IPv6 address of default bridge
* Windows + OS X + Linux
* Update Tor to 0.4.2.5
* Update Tor Launcher to 0.2.21
* Bug 32636: Clean up locales shipped with Tor Launcher
* Translations update
* Bug 32674: Point the about:tor "Get involved" link to the community portal
* Build System
* All Platforms
* Update OpenPGP keyring
* Bug 32739: Bump clang to 8.0.1
* Linux
* Bug 32676: Create a tarball with all Linux x86_64 language packs
Tor Browser 9.0.4 -- January 9 2020
* All Platforms
* Update Firefox to 68.4.1esr
Tor Browser 9.0.3 -- January 7 2020
* All Platforms
* Update Firefox to 68.4.0esr
* Bump NoScript to 11.0.11
* Translations update
* Bug 32606: Set up default bridge at Georgetown University
* Bug 32659: Remove IPv6 address of default bridge
* Bug 32547: Add new default bridge at UMN
* Bug 31855: Remove End of Year Fundraising Campaign from about:tor
* Windows + OS X + Linux
* Bump Tor to 0.4.2.5
* Update Tor Launcher to 0.2.20.5
* Bug 32636: Clean up locales shipped with Tor Launcher
* Revert bug 30786, 30787, and 30788
* Android
* Bug 32405: Crash immediately after bootstrap on Android
* Build System
* All Platforms
* Update OpenPGP keyring
* Linux
* Bug 32676: Create a tarball with all Linux x86_64 language packs
Tor Browser 9.0.2 -- December 3 2019
* All Platforms
* Update Firefox to 68.3.0esr
* Bump NoScript to 11.0.9
* Bug 32362: NoScript TRUSTED setting doesn't work
* Bug 32429: Issues with about:blank and NoScript on .onion sites
* Bump HTTPS Everywhere to 2019.11.7
* Bug 27268: Preferences clean-up in Torbutton code
* Translations update
* Windows + OS X + Linux
* Bug 32125: Fix circuit display for bridge without a fingerprint
* Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
* Windows
* Bug 31989: Backport backout of old mingw-gcc patch
* Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
* Android
* Bug 32365: Localization is broken in Tor Browser 9 on Android
* Build System
* All Platforms
* Bug 32413: Bump Go version to 1.12.13
Tor Browser 9.5a3 -- December 3 2019
* All Platforms
* Update Firefox to 68.3.0esr
* Bump NoScript to 11.0.9
* Bug 32362: NoScript TRUSTED setting doesn't work
* Bug 32429: Issues with about:blank and NoScript on .onion sites
* Bug 32549: NoScript makes requests to sync-messages.invalid
* Update HTTPS Everywhere to 2019.11.7
* Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
* Bug 32606: Set up default bridge at Georgetown University
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 30786: Add th locale
* Translations update
* Bug 28746: Remove torbutton isolation and fp prefs sync
* Bug 28745: Assume always running in Tor Browser
* Bug 30888: move torbutton_util.js to modules/utils.js
* Bug 30851: Move default preferences to 000-tor-browser.js
* Bug 28745: Remove torbutton.js unused code
* Bug 32255: Missing ORIGIN header breaks CORS
* Windows + OS X + Linux
* Update Tor to 0.4.2.4-rc
* Update Tor Launcher to 0.2.20.3
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 30786: Add th locale
* Bug 30237: Improve TBB UI of hidden service client authorization
* Android
* Bug 32365: Localization is broken in Tor Browser 9 on Android
* Bug 32405: Crash immediately after bootstrap on Android
* OS X
* Bug 32505: Tighten our rules in our entitlements file for macOS
* Windows
* Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
Tor Browser 9.0.2 -- December 3 2019
* All Platforms
* Update Firefox to 68.3.0esr
* Bump NoScript to 11.0.9
* Bug 32362: NoScript TRUSTED setting doesn't work
* Bug 32429: Issues with about:blank and NoScript on .onion sites
* Bug 32549: NoScript makes requests to sync-messages.invalid
* Bump HTTPS Everywhere to 2019.11.7
* Bug 27268: Preferences clean-up in Torbutton code
* Translations update
* Windows + OS X + Linux
* Bug 32125: Fix circuit display for bridge without a fingerprint
* Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
* Windows
* Bug 31989: Backport backout of old mingw-gcc patch
* Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
* Android
* Bug 32365: Localization is broken in Tor Browser 9 on Android
* Build System
* All Platforms
* Bug 32413: Bump Go version to 1.12.13
Tor Browser 9.5a2 -- November 11 2019
* All Platforms
* Update NoScript to 11.0.7
* Bug 21004: Don't block JavaScript on onion services on medium security
* Bug 27307: NoScript marks HTTP onions as not secure
* Bug 30783: Fundraising banner for EOY 2019 campain
* Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
* Bug 32318: Backport Mozilla's fix for bug 1534339
* Bug 31573: Catch SessionStore.jsm exception
* Bug 27268: Preferences clean-up
* Windows + OS X + Linux
* Update Tor to 0.4.2.3-alpha
* Update Tor Launcher to 0.2.20.2
* Bug 32164: Trim each received log line from tor
* Translations update
* Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
* Bug 31803: Replaced about:debugging logo with flat version
* Bug 31764: Fix for error when navigating via 'Paste and go'
* Bug 32169: Fix TB9 Wikipedia address bar search
* Bug 32210: Hide the tor pane when using a system tor
* Bug 31658: Use builtin --panel-disabled-color for security level text
* Bug 32188: Fix localization on about:preferences#tor
* Bug 32184: Red dot is shown while downloading an update
* Bug 27604: Fix broken Tor Browser after moving it to a different directory
* Bug 32220: Improve the letterboxing experience
* Bug 30683: Backport upstreamed fix from Mozilla (bug 1581537)
* Android
* Bug 32342: Crash when changing the browser locale
* Bug 32303: Obfs4 is broken on Android Q
* Build System
* All Platforms
* Bug 32413: Bump Go version to 1.12.13
* Android
* Bug 28803: Integrate building Pluggable Transports for Android
Tor Browser 9.0.1 -- November 4 2019
* All Platforms
* Update NoScript to 11.0.4
* Bug 21004: Don't block JavaScript on onion services on medium security
* Bug 27307: NoScript marks HTTP onions as not secure
* Bug 30783: Fundraising banner for EOY 2019 campain
* Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
* Bug 27268: Preferences clean-up
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.20.2
* Bug 32164: Trim each received log line from tor
* Translations update
* Bug 31803: Replaced about:debugging logo with flat version
* Bug 31764: Fix for error when navigating via 'Paste and go'
* Bug 32169: Fix TB9 Wikipedia address bar search
* Bug 32210: Hide the tor pane when using a system tor
* Bug 31658: Use builtin --panel-disabled-color for security level text
* Bug 32188: Fix localization on about:preferences#tor
* Bug 32184: Red dot is shown while downloading an update
* Android
* Bug 32342: Crash when changing the browser locale
Tor Browser 9.5a1 -- October 23 2019
* All Platforms
* Update Firefox to 68.2.0esr
* Bug 31740: Remove some unnecessary RemoteSettings instances
* Bug 30681: Set security.enterprise_roots.enabled to false
* Bug 31144: Review network code changes for Firefox 68 ESR
* Bug 21549: Enable WASM on standard security level
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.20.1
* Bug 32154: Custom bridge field only allows one line of input
* Bug 32112: Fix bad & escaping in translations
* Bug 31286: Update to tor settings related strings
* Translations update
* Bug 32125: Fix circuit display for bridge without a fingerprint
* Bug 32076: Upgrade to goptlib v1.1.0
* Bug 32061: Bump snowflake version to b4f4b29a03
* Bug 32092: Fix Tor Browser Support link in preferences
* Bug 32111: Fixed issue parsing user-provided bridge strings
* Bug 31749: Fix security level panel spawning events
* Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
* Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
* Translations update
* Windows
* Bug 32132: Re-enable jemalloc for Windows users
* Bug 31989: Backport backout of old mingw-gcc patch
* Android
* Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
* Bug 26529: Notify user about possible proxy-bypass before opening external app
* Build System
* Android
* Bug 30461: Clean up tor-android-service project
Tor Browser 9.0 -- October 22 2019
* All Platforms
* Update Firefox to 68.2.0esr
* Bug 31740: Remove some unnecessary RemoteSettings instances
* Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
* Bug 28196: about:preferences is not properly translated anymore
* Bug 19417: Disable asmjs on safer and safest security levels
* Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
* Bug 31935: Disable profile downgrade protection
* Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
* Bug 31602: Remove Pocket indicators in UI and disable it
* Bug 31914: Fix eslint linter error
* Bug 30429: Rebase patches for Firefox 68 ESR
* Bug 31144: Review network code changes for Firefox 68 ESR
* Bug 10760: Integrate Torbutton into Tor Browser directly
* Bug 25856: Remove XUL overlays from Torbutton
* Bug 31322: Fix about:tor assertion failure debug builds
* Bug 29430: Add support for meek_lite bridges to bridgeParser
* Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
* Bug 30683: Prevent detection of locale via some *.properties
* Bug 31298: Backport patch for #24056
* Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
* Bug 27601: Browser notifications are not working anymore
* Bug 30845: Make sure internal extensions are enabled
* Bug 28896: Enable extensions in private browsing by default
* Bug 31563: Reload search extensions if extensions.enabledScopes has changed
* Bug 31396: Fix communication with NoScript for security settings
* Bug 31142: Fix crash of tab and messing with about:newtab
* Bug 29049: Backport JS Poison Patch
* Bug 25214: Canvas data extraction on local pdf file should be allowed
* Bug 30657: Locale is leaked via title of link tag on non-html page
* Bug 31015: Disabling SVG hides UI icons in extensions
* Bug 30681: Set security.enterprise_roots.enabled to false
* Bug 30538: Unable to comment on The Independent Newspaper
* Bug 31209: View PDF in Tor Browser is fuzzy
* Translations update
* Windows + OS X + Linux
* Update Tor to 0.4.1.6
* Update OpenSSL to 1.1.1d
* Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
* Update Tor Launcher to 0.2.20.1
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 32154: Custom bridge field only allows one line of input
* Bug 31286: New strings for about:preferences#tor
* Bug 31303: Do not launch tor in browser toolbox
* Bug 32112: Fix bad & escaping in translations
* Bug 31491: Clean up the old meek http helper browser profiles
* Bug 29197: Remove use of overlays
* Bug 31300: Modify Tor Launcher so it is compatible with ESR68
* Bug 31487: Modify moat client code so it is compatible with ESR68
* Bug 31488: Moat: support a comma-separated list of transports
* Bug 30468: Add mk locale
* Bug 30469: Add ro locale
* Bug 30319: Remove FTE bits
* Translations update
* Bug 32092: Fix Tor Browser Support link in preferences
* Bug 32111: Fixed issue parsing user-provided bridge strings
* Bug 31749: Fix security level panel spawning events
* Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
* Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 31059: Enable Letterboxing
* Bug 30468: Add mk locale
* Bug 30469: Add ro locale
* Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
* Bug 31251: Security Level button UI polish
* Bug 31344: Register SecurityLevelPreference's 'unload' callback
* Bug 31286: Provide network settings on about:preferences#tor
* Bug 31886: Fix ko bundle bustage
* Bug 31768: Update onboarding for Tor Browser 9
* Bug 27511: Add new identity button to toolbar
* Bug 31778: Support dark-theme for the Circuit Display UI
* Bug 31910: Replace meek_lite with meek in circuit display
* Bug 30504: Deal with New Identity related browser console errors
* Bug 31929: Don't escape DTD entity in ar
* Bug 31747: Some onboarding UI is always shown in English
* Bug 32041: Replace = with real hamburguer icon ≡
* Bug 30304: Browser locale can be obtained via DTD strings
* Bug 31065: Set network.proxy.allow_hijacking_localhost to true
* Bug 24653: Merge securityLevel.properties into torbutton.dtd
* Bug 31164: Set up default bridge at Karlstad University
* Bug 15563: Disable ServiceWorkers on all platforms
* Bug 31598: Disable warning on window resize if letterboxing is enabled
* Bug 31562: Fix circuit display for error pages
* Bug 31575: Firefox is phoning home during start-up
* Bug 31491: Clean up the old meek http helper browser profiles
* Bug 26345: Hide tracking protection UI
* Bug 31601: Disable recommended extensions again
* Bug 30662: Don't show Firefox Home when opening new tabs
* Bug 31457: Disable per-installation profiles
* Bug 28822: Re-implement desktop onboarding for ESR 68
* Windows
* Bug 31942: Re-enable signature check for language packs
* Bug 29013: Enable stack protection for Firefox on Windows
* Bug 30800: ftp:// on Windows can be used to leak the system time zone
* Bug 31547: Back out patch for Mozilla's bug 1574980
* Bug 31141: Fix typo in font.system.whitelist
* Bug 30319: Remove FTE bits
* OS X
* Bug 30126: Make Tor Browser compatible with macOS 10.15
* Bug 31607: App menu items stop working on macOS
* Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
* Bug 29818: Adapt #13379 patch for 68esr
* Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
* Linux
* Bug 31942: Re-enable signature check for language packs
* Bug 31646: Update abicheck to require newer libstdc++.so.6
* Bug 31968: Don't fail if /proc/cpuinfo is not readable
* Bug 24755: Stop using a heredoc in start-tor-browser
* Bug 31550: Put curly quotes inside single quotes
* Bug 31394: Replace "-1" with "1" in start-tor-browser.desktop
* Bug 30319: Remove FTE bits
* Android
* Update Tor to 0.4.1.5
* Bug 31010: Rebase mobile patches for Fennec 68
* Bug 31010: Don't use addTrustedTab() on mobile
* Bug 30607: Support Tor Browser running on Android Q
* Bug 31192: Support x86_64 target on Android
* Bug 30380: Cancel dormant by startup
* Bug 30943: Show version number on mobile
* Bug 31720: Enable website suggestions in address bar
* Bug 31822: Security slider is not really visible on Android anymore
* Bug 24920: Only create Private tabs in permanent Private Browsing Mode
* Bug 31730: Revert aarch64-workaround against JIT-related crashes
* Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
* Build System
* All Platforms
* Bug 30585: Provide standalone clang 8 project across all platforms
* Bug 30376: Use Rust 1.34 for Tor Browser 9
* Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
* Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
* Bug 31621: Fix node bug that makes large writes to stdout fail
* Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
* Bug 31293: Make sure the lo interface inside the containers is up
* Bug 27493: Clean up mozconfig options
* Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
* Windows
* Bug 29307: Use Stretch for cross-compiling for Windows
* Bug 29731: Remove faketime for Windows builds
* Bug 30322: Windows toolchain update for Firefox 68 ESR
* Bug 28716: Create mingw-w64-clang toolchain
* Bug 28238: Adapt firefox and fxc2 projects for Windows builds
* Bug 28716: Optionally omit timestamp in PE header
* Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
* Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
* Bug 9898: Provide clean fix for strcmpi issue in NSPR
* Bug 29013: Enable stack protection support for Firefox on Windows
* Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
* Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
* Bug 31584: Clean up mingw-w64 project
* Bug 31596: Bump mingw-w64 version to pick up fix for #31567
* Bug 29187: Bump NSIS version to 3.04
* Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
* Bug 29319: Remove FTE support for Windows
* OS X
* Bug 30323: MacOS toolchain update for Firefox 68 ESR
* Bug 31467: Switch to clang for cctools project
* Bug 31465: Adapt tor-browser-build projects for macOS notarization
* Linux
* Bug 31448: gold and lld break linking 32bit Linux bundles
* Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
* Bug 31450: Still use GCC for our ASan builds
* Bug 30321: Linux toolchain update for Firefox ESR 68
* Bug 30736: Install yasm from wheezy-backports
* Bug 31447: Don't install Python just for Mach
* Bug 30448: Strip Browser/gtk2/libmozgtk.so
* Android
* Bug 30324: Android toolchain update for Fennec 68
* Bug 31173: Update android-toolchain project to match Firefox
* Bug 31389: Update Android Firefox to build with Clang
* Bug 31388: Update Rust project for Android
* Bug 30665: Get Firefox 68 ESR working with latest android toolchain
* Bug 30460: Update TOPL project to use Firefox 68 toolchain
* Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
* Bug 28753: Use Gradle with --offline when building the browser part
* Bug 31564: Make Android bundles based on ESR 68 reproducible
* Bug 31981: Remove require-api.patch
* Bug 31979: TOPL: Sort dependency list
* Bug 30665: Remove unnecessary build patches for Firefox
Tor Browser 9.0a8 -- October 14 2019
* All Platforms
* Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
* Bug 28196: about:preferences is not properly translated anymore
* Bug 19417: Disable asmjs on safer and safest security levels
* Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
* Bug 31935: Disable profile downgrade protection
* Bug 31811: Backport fix for bug 1554805
* Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
* Bug 31602: Remove Pocket indicators in UI and disable it
* Bug 31914: Fix eslint linter error
* Translations update
* Windows + OS X + Linux
* Update Tor to 0.4.2.2-alpha
* Update Tor Launcher to 0.2.19.5
* Bug 31286: New strings for about:preferences#tor
* Translations update
* Bug 31286: Provide network settings on about:preferences#tor
* Bug 31886: Fix ko bundle bustage
* Bug 31768: Update onboarding for Tor Browser 9
* Bug 27511: Add new identity button to toolbar
* Bug 31778: Support dark-theme for the Circuit Display UI
* Bug 31910: Replace meek_lite with meek in circuit display
* Bug 30504: Deal with New Identity related browser console errors
* Bug 31929: Don't escape DTD entity in ar
* Bug 31747: Some onboarding UI is always shown in English
* Bug 32041: Replace = with real hamburguer icon ≡
* Windows
* Bug 31942: Re-enable signature check for language packs
* Bug 29013: Enable stack protection for Firefox on Windows
* OS X
* Bug 31607: App menu items stop working on macOS
* Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
* Linux
* Bug 31942: Re-enable signature check for language packs
* Bug 31968: Don't fail if /proc/cpuinfo is not readable
* Bug 24755: Stop using a heredoc in start-tor-browser
* Bug 31550: Put curly quotes inside single quotes
* Android
* Bug 31822: Security slider is not really visible on Android anymore
* Build System
* All Platforms
* Bug 31293: Make sure the lo interface inside the containers is up
* Windows
* Bug 29013: Enable stack protection support for Firefox on Windows
* Android
* Bug 31564: Make Android bundles based on ESR 68 reproducible
* Bug 31981: Remove require-api.patch
* Bug 31979: TOPL: Sort dependency list
* Bug 30665: Remove unnecessary build patches for Firefox
Tor Browser 9.0a7 -- October 1 2019
* All platforms
* Bug 30304: Browser locale can be obtained via DTD strings
* Bug 31065: Set network.proxy.allow_hijacking_localhost to true
* Bug 24653: Merge securityLevel.properties into torbutton.dtd
* Bug 31725: Pick up mk in Torbutton properly
* Bug 31164: Set up default bridge at Karlstad University
* Bug 15563: Disable ServiceWorkers on all platforms
* Translations update
* Windows + OS X + Linux
* Update Tor to 0.4.2.1-alpha
* Update OpenSSL to 1.1.1d
* Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
* Update Tor Launcher to 0.2.19.4
* Bug 31303: Do not launch tor in browser toolbox
* Bug 31491: Clean up the old meek http helper browser profiles
* Translations update
* Bug 31598: Disable warning on window resize if letterboxing is enabled
* Bug 31562: Fix circuit display for error pages
* Bug 31575: Firefox is phoning home during start-up
* Bug 31491: Clean up the old meek http helper browser profiles
* Bug 26345: Hide tracking protection UI
* Bug 31601: Disable recommended extensions again
* Bug 30662: Don't show Firefox Home when opening new tabs
* Bug 31457: disable per-installation profiles
* Bug 28822: Re-implement desktop onboarding for ESR 68
* Bug 25483: Provide Snowflake based on Pion for Windows, macOS, and Linux
* Windows
* Bug 30800: ftp:// on Windows can be used to leak the system time zone
* OS X
* Bug 30126: Make Tor Browser on macOS compatible with Apple's notarization
* Bug 31702: Backport Mozilla's bug 1578075
* Linux
* Bug 31646: Update abicheck to require newer libstdc++.so.6
* Bug 31380: Snowflake does not start on older Linux systems
* Android
* Update Tor to 0.4.1.5
* Bug 31192: Support x86_64 target on Android
* Bug 30380: Cancel dormant by startup
* Bug 30943: Show version number on mobile
* Bug 31720: Enable website suggestions in address bar
* Build System
* All platforms
* Bug 31621: Fix node bug that makes large writes to stdout fail
* Bug 27493: Clean up mozconfig options
* Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
* Windows
* Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
* Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
* Bug 31584: Clean up mingw-w64 project
* Bug 31596: Bump mingw-w64 version to pick up fix for #31567
* Bug 29187: Bump NSIS version to 3.04
* Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
* Linux
* Bug 31448: gold and lld break linking 32bit Linux bundles
* Bug 31618: linux32 builds of Tor Browser 9.0a6 are not matching
* Bug 31450: Still use GCC for our ASan builds
Tor Browser 8.5.6 -- September 9 2019
* Android
* Update Torbutton to 2.1.14
* Bug 31616: Fix JIT related crashes on aarch64
Tor Browser 9.0a6 -- September 4 2019
* All platforms
* Update Firefox to 68.1.0esr
* Update NoScript to 11.0.3
* Bug 26847: NoScript pops up a full-site window for XSS warning
* Bug 31287: NoScript leaks browser locale
* Bug 30429: Rebase patches for Firefox 68 ESR
* Bug 10760: Integrate Torbutton into Tor Browser directly
* Bug 25856: Remove XUL overlays from Torbutton
* Bug 31322: Fix about:tor assertion failure debug builds
* Bug 31520: Remove monthly giving banner from Tor Browser
* Bug 29430: Add support for meek_lite bridges to bridgeParser
* Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
* Bug 30683: Prevent detection of locale via some *.properties
* Bug 31298: Backport patch for #24056
* Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
* Bug 27601: Browser notifications are not working anymore
* Bug 30845: Make sure internal extensions are enabled
* Bug 28896: Enable extensions in private browsing by default
* Bug 31563: Reload search extensions if extensions.enabledScopes has changed
* Bug 31396: Fix communication with NoScript for security settings
* Bug 31142: Fix crash of tab and messing with about:newtab
* Bug 29049: Backport JS Poison Patch
* Bug 25214: Canvas data extraction on local pdf file should be allowed
* Bug 30657: Locale is leaked via title of link tag on non-html page
* Bug 31015: Disabling SVG hides UI icons in extensions
* Bug 30538: Unable to comment on The Independent Newspaper
* Bug 31357: Retire Tom's default obfs4 bridge
* Windows + OS X + Linux
* Update Tor to 0.4.1.5
* Update Tor Launcher to 0.2.19.3
* Bug 29197: Remove use of overlays
* Bug 31300: Modify Tor Launcher so it is compatible with ESR68
* Bug 31487: Modify moat client code so it is compatible with ESR68
* Bug 31488: Moat: support a comma-separated list of transports
* Translations update
* Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
* Bug 31251: Security Level button UI polish
* Bug 31344: Register SecurityLevelPreference's 'unload' callback
* Bug 12774: Selecting meek in the browser UI is broken
* Build System:
* Bug 31465: Bump Go to 1.12.9
* Windows
* Bug 31547: Back out patch for Mozilla's bug 1574980
* Bug 31141: Fix typo in font.system.whitelist
* Backport fix for bug 1572844 to fix broken build
* OS X
* Bug 29818: Adapt #13379 patch for 68esr
* Bug 31464: meek and moat are broken on macOS 10.9 with Go 1.12
* Bug 31403: Bump snowflake commit to cd650fa009
* Linux
* Bug 31403: Bump snowflake commit to cd650fa009
* Android
* Bug 31010: Rebase mobile patches for Fennec 68
* Bug 31010: Don't use addTrustedTab() on mobile
* Bug 30607: Support Tor Browser running on Android Q
* Build System:
* All Platforms:
* Bug 30585: Provide standalone clang 8 project across all platforms
* Bug 30376: Use Rust 1.34 for Tor Browser 9
* Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
* Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
* Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
* Windows
* Bug 30322: Windows toolchain update for Firefox 68 ESR
* Bug 28716: Create mingw-w64-clang toolchain
* Bug 28238: Adapt firefox and fxc2 projects for Windows builds
* Bug 28716: Optionally omit timestamp in PE header
* Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
* Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
* Bug 9898: Provide clean fix for strcmpi issue in NSPR
* OS X
* Bug 30323: MacOS toolchain update for Firefox 68 ESR
* Bug 31467: Switch to clang for cctools project
* Bug 31465: Adapt tor-browser-build projects for macOS notarization
* Linux
* Bug 30321: Linux toolchain update for Firefox ESR 68
* Bug 30736: Install yasm from wheezy-backports
* Bug 31447: Don't install Python just for Mach
* Bug 31394: Replace "-1" with "1" in start-tor-browser.desktop.
* Android
* Bug 30324: Android toolchain update for Fennec 68
* Bug 31173: Update android-toolchain project to match Firefox
* Bug 31389: Update Android Firefox to build with Clang
* Bug 31388: Update Rust project for Android
* Bug 30665: Get Firefox 68 ESR working with latest android toolchain
* Bug 30460: Update TOPL project to use Firefox 68 toolchain
* Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
* Bug 28753: Use Gradle with --offline when building the browser part
Tor Browser 8.5.5 -- September 3 2019
* All platforms
* Update Firefox to 60.9.0esr
* Update Torbutton to 2.1.13
* Bug 31520: Remove monthly giving banner from Tor Browser
* Bug 31140: Do not enable IonMonkey on AARCH64
* Translations update
* Update NoScript to 11.0.3
* Bug 26847: NoScript pops up a full-site window for XSS warning
* Bug 31287: NoScript leaks browser locale
* Bug 31357: Retire Tom's default obfs4 bridge
* Windows + OS X + Linux
* Update Tor to 0.4.1.5
* Windows
* Bug 31547: Back out patch for Mozilla's bug 1574980
* Bug 27503: Provide full support for accessibility tools
* Bug 30575: Don't allow enterprise policies in Tor Browser
* Bug 31141: Fix typo in font.system.whitelist
* Android
* Bug 28119: Tor Browser for aarch64
* Build System
* All platforms
* Bug 31465: Bump Go to 1.12.9
Tor Browser 9.0a5 -- July 31 2019
* Android
* Bug 31260: Backport bug 1477259 for aarch64 support on Google Play
Tor Browser 9.0a4 -- July 9 2019
* All platforms
* Update Firefox to 60.8.0esr
* Update Torbutton to 2.2.1
* Bug 30577: Add Fundraising Banner
* Bug 31041: Stop syncing network.cookie.lifetimePolicy
* Bug 30468: Add mk locale
* Translations update
* Update Tor Launcher to 0.2.19.2
* Bug 30468: Add mk locale
* Translations update
* Update HTTPS Everywhere to 2019.6.27
* Bug 31055+31058: Remove four default bridges
* Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
* Windows + OS X + Linux
* Update Tor to 0.4.1.3-alpha
* Bug 30468: Add mk locale
* Bug 31059: Enable Letterboxing
* Windows
* Bug 27503: Provide full support for accessibility tools
* Bug 30575: Don't allow enterprise policies in Tor Browser
* OS X
* Bug 30631: Blurry Tor Browser icon on macOS app switcher
* Android
* Bug 28119: Tor Browser for aarch64
Tor Browser 8.5.4 -- July 9 2019
* All platforms
* Update Firefox to 60.8.0esr
* Update Torbutton to 2.1.12
* Bug 30577: Add Fundraising Banner
* Bug 31041: Stop syncing network.cookie.lifetimePolicy
* Translations update
* Update HTTPS Everywhere to 2019.6.27
* Bug 31055+31058: Remove four default bridges
* Bug 30712: Backport fix for Mozilla's bug 1552993
* Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
* Windows + OS X + Linux
* Update Tor to 0.4.0.5
* Update OpenSSL to 1.0.2s
* Bug 29045: Ensure that tor does not start up in dormant mode
* OS X
* Bug 30631: Blurry Tor Browser icon on macOS app switcher
Tor Browser 9.0a3 -- June 24 2019
* All platforms
* Pick up fixes for Mozilla's bug 1544386 and 1560192
* Update NoScript to 10.6.3
* Bug 29904: NoScript blocks MP4 on higher security levels
* Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
Tor Browser 8.5.3 -- June 21 2019
* All platforms
* Pick up fix for Mozilla's bug 1560192
Tor Browser 8.5.2 -- June 19 2019
* All platforms
* Pick up fix for Mozilla's bug 1544386
* Update NoScript to 10.6.3
* Bug 29904: NoScript blocks MP4 on higher security levels
* Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
Tor Browser 9.0a2 -- June 11 2019
* All platforms
* Update Torbutton to 2.2
* Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
* Bug 30469: Add ro translation
* Translations update
* Update NoScript to 10.6.2
* Bug 29969: Remove workaround for Mozilla's bug 1532530
* Update HTTPS Everywhere to 2019.5.13
* Bug 30541: Disable WebGL readPixel() for web content
* Bug 30712: Backport fix for Mozilla's bug 1552993
* Bug 30469: Add locale ro
* Windows + OS X + Linux
* Update Tor to 0.4.1.2-alpha
* Update OpenSSL to 1.1.1c
* Update Tor Launcher to 0.2.19.1
* Bug 30469: Add locale ro
* Translations update
* Bug 30639: Revert IPv6 support test
* Bug 30560: Better match actual toolbar in onboarding toolbar graphic
* Bug 30571: Correct more information URL for security settings
* Linux
* Bug 30451: Compile go-webrtc with a non executable stack
* Android
* Bug 24920: Only create Private tabs in permanent Private Browsing Mode
* Bug 30635: Sync mobile default bridges list with desktop one
* Build System
* All platforms
* Bug 30480: Check that signed tag contains expected tag name
* Bug 30536: Update Go to 1.12.5
* OS X
* Bug 30491: Move our macOS builds to Debian Stretch
* Linux
* Bug 25930: Update GCC to 8.3.0 for our Linux builds
Tor Browser 8.5.1 -- June 4 2019
* All platforms
* Update Torbutton to 2.1.10
* Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update NoScript to 10.6.2
* Bug 29969: Remove workaround for Mozilla's bug 1532530
* Update HTTPS Everywhere to 2019.5.13
* Bug 30541: Disable WebGL readPixel() for web content
* Windows + OS X + Linux
* Bug 30560: Better match actual toolbar in onboarding toolbar graphic
* Bug 30571: Correct more information URL for security settings
* Android
* Bug 30635: Sync mobile default bridges list with desktop one
* Build System
* All platforms
* Bug 30480: Check that signed tag contains expected tag name
Tor Browser 9.0a1 -- May 21 2019
* All platforms
* Update Firefox to 60.7.0esr
* Update Torbutton to 2.1.9
* Bug 30069: Use slider and about:tor localizations
* Bug 30115+27449+25145: Map browser + domain -> credentials to fix UI issues
* Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
* Bug 30425: Revert armagadd-on-2.0 changes
* Bug 30497: Add Donate link to about:tor
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update HTTPS Everywhere to 2019.5.6.1
* Bug 24622: Proper first-party isolation of s3.amazonaws.com
* Bug 30425: Revert armagadd-on-2.0 changes
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.19
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 29627: Moat: add support for obfsproxy's meek_lite
* Bug 30319: Remove FTE bits
* Translations update
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 30372: Backport letterboxing (bug 1538130)
* Bug 28369: Stop shipping pingsender executable
* Bug 30457: Remove defunct default bridges
* Bug 29045: Ensure that tor does not start up in dormant mode
* Bug 29641: Try to connect over IPv6 if needed
* Windows
* Bug 30319: Drop FTE releated bits
* Bug 29319: Remove FTE support for Windows
* OS X
* Bug 30241: Bump snowflake version to d11e55aabe
* Linux
* Bug 30319: Drop FTE releated bits
* Bug 30241: Bump snowflake version to d11e55aabe
* Android
* Bug 29982: Force single-pane UI on Tor Preferences
* Bug 30086: Prevent Sync-related crashes on Android
* Bug 30214: Kill background thread when Activity is null
* Bug 30239: Render Fragments after crash
* Bug 30136: Use 'Tor Browser' as brand name on mobile, too
* Bug 30069: Use slider and about:tor localizations
* Bug 30371: Stop hard-coding the content provider name in tor-android-service
* Bug 30162: Tor Browser bootstrap process got stuck after interrupting it
* Bug 30166: If specified, only use custom bridges for connecting
* Bug 30518: Add SocksPort flags for consistency across platforms
* Bug 30284: Fix broken start-up on KitKat devices
* Bug 30489: Remove Unused Resources from tor-android-service
* Build System
* Windows
* Bug 29307: Use Stretch for cross-compiling for Windows
* Bug 29731: Remove faketime for Windows builds
* Linux
* Bug 30377: Remove selfrando from our build system
* Bug 30448: Strip Browser/gtk2/libmozgtk.so
* Android
* Bug 29981: Add option to build without using containers
* Bug 30169: Switch to our tor-android-service repo
* Bug 30404: Remove Orbot Project
* Bug 30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Tor Browser 8.5 -- May 21 2019
* All platforms
* Update Firefox to 60.7.0esr
* Update Torbutton to 2.1.8
* Bug 25013: Integrate Torbutton into tor-browser for Android
* Bug 27111: Update about:tor desktop version to work on mobile
* Bug 22538+22513: Fix new circuit button for error pages
* Bug 25145: Update circuit display when back button is pressed
* Bug 27749: Opening about:config shows circuit from previous website
* Bug 30115+27449+25145: Map browser+domain to credentials to fix circuit display
* Bug 25702: Update Tor Browser icon to follow design guidelines
* Bug 21805: Add click-to-play button for WebGL
* Bug 28836: Links on about:tor are not clickable
* Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
* Bug 29825: Intelligently add new Security Level button to taskbar
* Bug 29903: No WebGL click-to-play on the standard security level
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 25658: Replace security slider with security level UI
* Bug 28628: Change onboarding Security panel to open new Security Level panel
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 27478: Improved Torbutton icons for dark theme
* Bug 29239: Don't ship the Torbutton .xpi on mobile
* Bug 27484: Improve navigation within onboarding (strings)
* Bug 29768: Introduce new features to users (strings)
* Bug 28093: Update donation banner style to make it fit in small screens
* Bug 28543: about:tor has scroll bar between widths 900px and 1000px
* Bug 28039: Enable dump() if log method is 0
* Bug 27701: Don't show App Blocker dialog on Android
* Bug 28187: Change tor circuit icon to torbutton.svg
* Bug 29943: Use locales in AB-CD scheme to match Mozilla
* Bug 26498: Add locale: es-AR
* Bug 28082: Add locales cs, el, hu, ka
* Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
* Bug 28075: Tone down missing SOCKS credential warning
* Bug 30425: Revert armagadd-on-2.0 changes
* Bug 30497: Add Donate link to about:tor
* Bug 30069: Use slider and about:tor localizations on mobile
* Bug 21263: Remove outdated information from the README
* Bug 28747: Remove NoScript (XPCOM) related unused code
* Translations update
* Code clean-up
* Update HTTPS Everywhere to 2019.5.6.1
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 29120: Enable media cache in memory
* Bug 24622: Proper first-party isolation of s3.amazonaws.com
* Bug 29082: Backport patches for bug 1469916
* Bug 28711: Backport patches for bug 1474659
* Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
* Bug 29028: Auto-decline most canvas warning prompts again
* Bug 27919: Backport SSL status API
* Bug 27597: Fix our debug builds
* Bug 28082: Add locales cs, el, hu, ka
* Bug 26498: Add locale: es-AR
* Bug 29916: Make sure enterprise policies are disabled
* Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
* Bug 29327: TypeError: hostName is null on about:tor page
* Bug 30425: Revert armagadd-on-2.0 changes
* Windows + OS X + Linux
* Update OpenSSL to 1.0.2r
* Update Tor Launcher to 0.2.18.3
* Bug 27994+25151: Use the new Tor Browser logo
* Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
* Bug 22402: Improve "For assistance" link
* Bug 27994: Use the new Tor Browser logo
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 27392: Update Moat URLs
* Bug 28082: Add locales cs, el, hu, ka
* Bug 26498: Add locale es-AR
* Bug 28039: Enable dump() if log method is 0
* Translations update
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 22343: Make 'Save Page As' obey first-party isolation
* Bug 29768: Introduce new features to users
* Bug 27484: Improve navigation within onboarding
* Bug 25658+29554: Replace security slider with security level UI
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 28885: Notify users that update is downloading
* Bug 29180: MAR download stalls when about dialog is opened
* Bug 27485: Users are not taught how to open security-slider dialog
* Bug 27486: Avoid about:blank tabs when opening onboarding pages
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 23359: WebExtensions icons are not shown on first start
* Bug 28628: Change onboarding Security panel to open new Security Level panel
* Bug 27905: Fix many occurrences of "Firefox" in about:preferences
* Bug 28369: Stop shipping pingsender executable
* Bug 30457: Remove defunct default bridges
* Windows
* Bug 27503: Improve screen reader accessibility
* Bug 27865: Tor Browser 8.5a2 is crashing on Windows
* Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
* Bug 28874: Bump mingw-w64 commit to fix WebGL crash
* Bug 12885: Windows Jump Lists fail for Tor Browser
* Bug 28618: Set MOZILLA_OFFICIAL for Windows build
* Bug 21704: Abort install if CPU is missing SSE2 support
* OS X
* Bug 27623: Use MOZILLA_OFFICIAL for our builds
* Linux
* Bug 28022: Use `/usr/bin/env bash` for bash invocation
* Bug 27623: Use MOZILLA_OFFICIAL for our builds
* Android
* Bug 5709: Ship Tor Browser for Android
* Build System
* All platforms
* Bug 25623: Disable network during build
* Bug 25876: Generate source tarballs during build
* Bug 28685: Set Build ID based on Tor Browser version
* Bug 29194: Set DEBIAN_FRONTEND=noninteractive
* Bug 29167: Upgrade go to 1.11.5
* Bug 29158: Install updated apt packages (CVE-2019-3462)
* Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
* Bug 27061: Enable verification of langpacks checksums
* Windows
* Bug 26148: Update binutils to 2.31.1
* Bug 27320: Build certutil for Windows
* OS X
* Bug 27320: Build certutil for macOS
* Linux
* Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
* Bug 26148: Update binutils to 2.31.1
* Bug 29758: Build firefox debug symbols for linux-i686
* Bug 29966: Use archive.debian.org for Wheezy images
* Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
* Android
* Bug 29981: Add option to build without using containers
Tor Browser 8.5a12 -- May 7 2019
* All platforms
* Update Torbutton to 2.1.7
* Bug 30388: Make sure the updated intermediate certificate keeps working
* Backport fixes for bug 1549010 and bug 1549061
* Bug 30388: Make sure the updated intermediate certificate keeps working
Tor Browser 8.0.9 -- May 7 2019
* All platforms
* Update Torbutton to 2.0.13
* Bug 30388: Make sure the updated intermediate certificate keeps working
* Backport fixes for bug 1549010 and bug 1549061
* Bug 30388: Make sure the updated intermediate certificate keeps working
* Update NoScript to 10.6.1
* Bug 29872: XSS popup with DuckDuckGo search on about:tor
Tor Browser 8.5a11 -- April 16 2019
* All platforms
* Update Torbutton to 2.1.6
* Bug 22538+22513: Fix new circuit button for error pages
* Bug 29825: Intelligently add new Security Level button to taskbar
* Bug 29903: No WebGL click-to-play on the standard security level
* Bug 27484: Improve navigation within onboarding (strings)
* Bug 29768: Introduce new features to users (strings)
* Bug 29943: Use locales in AB-CD scheme to match Mozilla
* Bug 26498: Add locale: es-AR
* Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
* Translations update
* Update NoScript to 10.6.1
* Bug 29872: XSS popup with DuckDuckGo search on about:tor
* Bug 29916: Make sure enterprise policies are disabled
* Bug 26498: Add locale: es-AR
* Windows + OS X + Linux
* Update Tor to 0.4.0.4-rc
* Update Tor Launcher to 0.2.18.2
* Bug 26498: Add locale es-AR
* Translations update
* Bug 29768: Introduce new features to users
* Bug 27484: Improve navigation within onboarding
* Bug 25658: Improve toolbar layout for new security settings
* Windows
* Bug 27503: Improve screen reader accessibility
* Android
* Bug 27609 (and child bugs): Use Tor Onion Proxy Library
* Bug 29312: Bump Tor to 0.3.5.8
* Bug 29859: Disable HLS support for now
* Bug 28622: Update Tor Browser icon for mobile
* Bug 29238: Prevent crash on Android after update
* Bug 29982: Add additional safe guards against crashes during bootstrap
* Bug 29906: Fix crash on older devices due to missing API
* Bug 29858: Load onboarding panels after bootstrapping is done
* Bug 28329: Improve bootstrapping experience
* Bug 30016: Localize bootstrap-/bridge-related strings for mobile
* Build System
* All platforms
* Bug 29868: Fix installation of python-future package
* Bug 25623: Disable network during build
* Linux
* Bug 29966: Use archive.debian.org for Wheezy images
* Android
* Bug 30089: Use apksigner instead of jarsigner
Tor Browser 8.5a10 -- March 24 2019
* All platforms
* Update Firefox to 60.6.1esr
* Update NoScript to 10.2.4
* Bug 29733: Work around Mozilla's bug 1532530
Tor Browser 8.0.8 -- March 22 2019
* All platforms
* Update Firefox to 60.6.1esr
* Update NoScript to 10.2.4
* Bug 29733: Work around Mozilla's bug 1532530
Tor Browser 8.5a9 -- March 20 2019
* All platforms
* Update Firefox to 60.6.0esr
* Update Torbutton to 2.1.5
* Bug 25658: Replace security slider with security level UI
* Bug 28628: Change onboarding Security panel to open new Security Level panel
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 27478: Improved Torbutton icons for dark theme
* Bug 29021: Tell NoScript it is running within Tor Browser
* Bug 29239: Don't ship the Torbutton .xpi on mobile
* Translations update
* Bug 29120: Enable media cache in memory
* Bug 29445: Enable support for enterprise policies
* Windows + OS X + Linux
* Update Tor to 0.4.0.2-alpha
* Bug 29660: XMPP can not connect to SOCKS5 anymore
* Update OpenSSL to 1.0.2r
* Update Tor Launcher to 0.2.18.1
* Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
* Bug 22402: Improve "For assistance" link
* Translations update
* Bug 25658+29554: Replace security slider with security level UI
* Bug 28885: notify users that update is downloading
* Bug 29180: MAR download stalls when about dialog is opened
* Bug 27485: Users are not taught how to open security-slider dialog
* Bug 27486: Avoid about:blank tabs when opening onboarding pages
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 23359: WebExtensions icons are not shown on first start
* Bug 28628: Change onboarding Security panel to open new Security Level panel
* Android
* Bug 28329: Design Tor Browser for Android configuration UI
* Bug 28802: Support PTs in Tor Browser for Android
* Bug 29794: Update TBA built-in bridges
* Bug 27210: Add support for x86 on Android
* Bug 29809: Only ship tor binary for .apk architecture
* Bug 29633: Don't ship pdnsd anymore
* Bug 28708: about:tor is not the default homepage after upgrade
* Bug 29626: Application name is now "Always-On Notifications"
* Bug 29467: Backport fix for arc4random_buf bustage
* Build System
* All platforms
* Bug 25876: Generate source tarballs during build
* Bug 28685: Set Build ID based on Tor Browser version
* Bug 29194: Set DEBIAN_FRONTEND=noninteractive
* Linux
* Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
* Bug 29758: Build firefox debug symbols for linux-i686
* Android
* Bug 29632: Use HTTPS for downloading Gradle
Tor Browser 8.0.7 -- March 19 2019
* All platforms
* Update Firefox to 60.6.0esr
* Update Tor to 0.3.5.8
* Bug 29660: XMPP can not connect to SOCKS5 anymore
* Update Torbutton to 2.0.11
* Bug 29021: Tell NoScript it is running within Tor Browser
* Windows
* Bug 29081: Harden libwinpthread
* Linux
* Bug 27531: Add separate LD_LIBRARY_PATH for fteproxy
Tor Browser 8.5a8 -- February 13 2019
* All platforms
* Update Firefox to 60.5.1esr
* Update HTTPS Everywhere to 2019.1.31
* Bug 29378: Remove 83.212.101.3 from default bridges
* Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
* Bug 29327: TypeError: hostName is null on about:tor page
* Build System
* All Platforms
* Bug 29235: Build our own version of python3.6 for HTTPS Everywhere
* Bug 29167: Upgrade go to 1.11.5
* Linux
* Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
Tor Browser 8.0.6 -- February 12 2019
* All platforms
* Update Firefox to 60.5.1esr
* Update HTTPS Everywhere to 2019.1.31
* Bug 29378: Remove 83.212.101.3 from default bridges
* Build System
* All Platforms
* Bug 29235: Build our own version of python3.6 for HTTPS Everywhere
Tor Browser 8.5a7 -- January 29 2019
* All Platforms
* Update Firefox to 60.5.0esr
* Update Torbutton to 2.1.4
* Bug 25702: Update Tor Browser icon to follow design guidelines
* Bug 21805: Add click-to-play button for WebGL
* Bug 28836: Links on about:tor are not clickable
* Bug 29035: Clean up our donation campaign and add newsletter sign-up link
* Translations update
* Code clean-up
* Update HTTPS Everywhere to 2019.1.7
* Update NoScript to 10.2.1
* Bug 28873: Cascading of permissions is broken
* Bug 28720: Some videos are blocked outright on higher security levels
* Bug 29082: Backport patches for bug 1469916
* Bug 28711: Backport patches for bug 1474659
* Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
* Bug 29028: Auto-decline most canvas warning prompts again
* Bug 27597: Fix our debug builds
* Windows
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
* Bug 27503: Compile with accessibility support
* Bug 28874: Bump mingw-w64 commit to fix WebGL crash
* Bug 12885: Windows Jump Lists fail for Tor Browser
* Bug 28618: Set MOZILLA_OFFICIAL for Windows build
* OS X
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Linux
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 27531: Fix crashing print dialog
* Android
* Bug 28705: Fix download crash on newer Android devices
* Bug 28814: Backport 1480079 to allow installing downloaded apps
* Build System
* All Platforms
* Bug 29158: Install updated apt packages (CVE-2019-3462)
* Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
* Windows
* Bug 26148: Update binutils to 2.31.1
* Bug 29081: Harden libwinpthread
* Linux
* Bug 26148: Update binutils to 2.31.1
* Android
* Bug 28752: Don't download tor-android-binary resources during build
Tor Browser 8.0.5 -- January 29 2019
* All platforms
* Update Firefox to 60.5.0esr
* Update Tor to 0.3.5.7
* Update Torbutton to 2.0.10
* Bug 29035: Clean up our donation campaign and add newsletter sign-up link
* Bug 27175: Add pref to allow users to persist custom noscript settings
* Update HTTPS Everywhere to 2019.1.7
* Update NoScript to 10.2.1
* Bug 28873: Cascading of permissions is broken
* Bug 28720: Some videos are blocked outright on higher security levels
* Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
* Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
* Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
Tor Browser 8.5a6 -- December 11 2018
* All Platforms
* Update Firefox to 60.4.0esr
* Update Torbutton to 2.1.3
* Bug 28540: Use new text for 2018 donation banner
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 28075: Tone down missing SOCKS credential warning
* Bug 28747: Remove NoScript (XPCOM) related unused code
* Translations update
* Bug 28608: Disable background HTTP response throttling
* Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 27919: Backport SSL status API
* Bug 25794: Disable pointer events
* Windows
* Update OpenSSL to 1.0.2q
* Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
* OS X
* Update OpenSSL to 1.0.2q
* Linux
* Update OpenSSL to 1.0.2q
* Android
* Bug 26843: Multi-locale support for Tor Browser on Android
* Build System
* Android
* Bug 25164: Add .apk to our sha256sums unsigned build file
* Bug 28696: Make path to Gradle dependencies reproducible
* Bug 28697: Use pregenerated keystore and fix timestamp issues
Tor Browser 8.0.4 -- December 11 2018
* All platforms
* Update Firefox to 60.4.0esr
* Update Tor to 0.3.4.9
* Update OpenSSL to 1.0.2q
* Update Torbutton to 2.0.9
* Bug 28540: Use new text for 2018 donation banner
* Bug 28515: Use en-US for english Torbutton strings
* Translations update
* Update HTTPS Everywhere to 2018.10.31
* Update NoScript to 10.2.0
* Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
* Bug 25794: Disable pointer events
* Bug 28608: Disable background HTTP response throttling
* Bug 28185: Add smallerRichard to Tor Browser
* Windows
* Bug 26381: about:tor page does not load on first start on Windows
* Bug 28657: Remove broken FTE bridge from Tor Browser
* OS X
* Bug 26263: App icon positioned incorrectly in macOS DMG installer window
* Bug 26475: Fix Stylo related reproducibility issue
* Linux
* Bug 26475: Fix Stylo related reproducibility issue
* Bug 28657: Remove broken FTE bridge from Tor Browser
* Build System
* All Platforms
* Bug 27218: Generate multiple Tor Browser bundles in parallel
Tor Browser 8.5a5 -- December 3 2018
* All Platforms
* Update Torbutton to 2.1.2
* Bug 25013: Integrate Torbutton into tor-browser for Android
* Bug 27111: Update about:tor desktop version to work on mobile
* Bug 28093: Update donation banner style to make it fit in small screens
* Bug 28543: about:tor has scroll bar between widths 900px and 1000px
* Bug 28039: Enable dump() if log method is 0
* Bug 27701: Don't show App Blocker dialog on Android
* Bug 28187: Change tor circuit icon to torbutton.svg
* Bug 28515: Use en-US for english Torbutton strings
* Translations update
* Update Tor Launcher to 0.2.18
* Bug 28039: Enable dump() if log method is 0
* Translations update
* Update HTTPS Everywhere to 2018.10.31
* Update NoScript to 10.2.0
* Bug 22343: Make 'Save Page As' obey first-party isolation
* Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
* Windows
* Update Tor to 0.3.5.5-alpha
* Bug 28310: Don't build obfs4 with module versioning support
* Bug 27827: Update Go to 1.11.1
* Bug 28185: Add smallerRichard to Tor Browser
* Bug 28657: Remove broken FTE bridge from Tor Browser
* OS X
* Update Tor to 0.3.5.5-alpha
* Bug 28310: Don't build obfs4 with module versioning support
* Bug 27827: Update Go to 1.11.1
* Bug 27827: Build snowflake reproducibly
* Bug 28258: Don't look for webrtc headers under talk/
* Bug 28185: Add smallerRichard to Tor Browser
* Linux
* Update Tor to 0.3.5.5-alpha
* Bug 28310: Don't build obfs4 with module versioning support
* Bug 27827: Update Go to 1.11.1
* Bug 27827: Build snowflake reproducibly
* Bug 28258: Don't look for webrtc headers under talk/
* Bug 28185: Add smallerRichard to Tor Browser
* Bug 28657: Remove broken FTE bridge from Tor Browser
* Android
* Bug 28051: Fix up Orbot for inclusion into Tor Browser
* Bug 26690+25765: Port padlock states for .onion services to mobile
* Bug 28507: Delete private data in the browser startup
* Bug 27111+25013: Configure Tor Browser for mobile to load about:tor
* Bug 27256: Enable TouchEvents on Android
* Bug 28640: Use system add-on and distributed preferences
* Build System
* Bug 27977: Build Orbot inside tor-browser-build
* Bug 27443: Update Firefox RBM config and build for Android
* Bug 27439: Add android target for rust compiler
* Bug 28469: Fix unsupported libbacktrace in Rust 1.26
* Bug 28468: Modify Android toolchain to support Orbot
* Bug 28483: Modify Android Toolchain API Version
* Bug 28472: Add Android Makefile Rules
* Bug 28470: Add fetch gradle dependency script to common project
* Bug 28144: Update projects/tor-browser for Android
Tor Browser 8.5a4 -- October 23 2018
* All Platforms
* Update Firefox to 60.3.0esr
* Update Tor to 0.3.5.3-alpha
* Update Torbutton to 2.1.1
* Bug 23925+27959: Donation banner for year end 2018 campaign
* Bug 24172: Donation banner clobbers Tor Browser version string
* Bug 28082: Add locales cs, el, hu, ka
* Translations update
* Update Tor Launcher to 0.2.17
* Bug 27994+25151: Use the new Tor Browser logo
* Bug 28082: Add locales cs, el, hu, ka
* Translations update
* Update HTTPS Everywhere to 2018.9.19
* Update NoScript to 10.1.9.9
* Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
* Bug 27905: Fix many occurrences of "Firefox" in about:preferences
* Bug 28082: Add locales cs, el, hu, ka
* Windows
* Bug 21704: Abort install if CPU is missing SSE2 support
* Bug 28002: Fix the precomplete file in the en-US installer
* OS X
* Bug 26263: App icon positioned incorrectly in macOS DMG installer window
* Bug 26475: Fix Stylo related reproducibility issue
* Linux
* Bug 26475: Fix Stylo related reproducibility issue
* Bug 28022: Use `/usr/bin/env bash` for bash invocation
* Android
* Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305
* Build System
* All Platforms
* Bug 27218: Generate multiple Tor Browser bundles in parallel
* Windows
* Bug 27320: Build certutil for Windows
* OS X
* Bug 27320: Build certutil for macOS
Tor Browser 8.0.3 -- October 23 2018
* All platforms
* Update Firefox to 60.3.0esr
* Update Torbutton to 2.0.8
* Bug 23925+27959: Donation banner for year end 2018 campaign
* Bug 24172: Donation banner clobbers Tor Browser version string
* Bug 27760: Use new NoScript API for IPC and fix about:blank issue
* Translations update
* Update HTTPS Everywhere to 2018.9.19
* Update NoScript to 10.1.9.9
* Linux
* Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3
* Bug 27552: Use bundled dir on CentOS/RHEL 6
Tor Browser 8.5a3 -- October 4 2018
* All platforms
* Update Firefox to 60.2.1esr
* Backport fix for Mozilla bug 1493900 and 1493903
* Windows
* Bug 27865: Tor Browser 8.5a2 is crashing on Windows
* OS X
* Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility
Tor Browser 8.0.2 -- October 2 2018
* All platforms
* Update Firefox to 60.2.1esr
* Backport fix for Mozilla bug 1493900 and 1493903
* OS X
* Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility
Tor Browser 8.5a2 -- September 24 2018
* All platforms
* Update Tor to 0.3.5.2-alpha
* Update Torbutton to 2.1
* Bug 27097: Tor News signup banner
* Bug 27663: Add New Identity menuitem again
* Bug 27175: Add pref to allow users to persist custom noscript settings
* Bug 27760: Use new NoScript API for IPC and fix about:blank issue
* Bug 26624: Only block OBJECT on highest slider level
* Bug 26555: Don't show IP address for meek or snowflake
* Bug 27478: Torbutton icons for dark theme
* Bug 27506+14520: Move status version to upper left corner for RTL locales
* Bug 27558: Update the link to "Your Guard note may not change" text
* Bug 21263: Remove outdated information from the README
* Translations update
* Update Tor Launcher to 0.2.16.5
* Bug 27469: Adapt Moat URLs
* Translations update
* Clean-up
* Update NoScript to 10.1.9.6
* Bug 27763: Restrict Torbutton signing exemption to mobile
* Bug 26146: Spoof HTTP User-Agent header for desktop platforms
* Bug 27543: QR code is broken on web.whatsapp.com
* Bug 27264: Bookmark items are not visible on the boomark toolbar
* Bug 27535: Enable TLS 1.3 draft version
* Bug 27623: Use MOZILLA_OFFICIAL for our builds
* Backport of Mozilla bug 1490585, 1475775, and 1489744
* Windows:
* Bug 26381: about:tor page does not load on first start on Windows
* Linux:
* Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3
* Bug 27552: Use bundled dir on CentOS/RHEL 6
* Bug 26556: Fix broken Tor Browser icon path on Linux
Tor Browser 8.0.1 -- September 24 2018
* All platforms
* Update Tor to 0.3.4.8
* Update Torbutton to 2.0.7
* Bug 27097: Tor News signup banner
* Bug 27663: Add New Identity menuitem again
* Bug 26624: Only block OBJECT on highest slider level
* Bug 26555: Don't show IP address for meek or snowflake
* Bug 27478: Torbutton icons for dark theme
* Bug 27506+14520: Move status version to upper left corner for RTL locales
* Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
* Bug 27558: Update the link to "Your Guard note may not change" text
* Translations update
* Update Tor Launcher to 0.2.16.6
* Bug 27469: Adapt Moat URLs
* Translations update
* Clean-up
* Update NoScript to 10.1.9.6
* Bug 27763: Restrict Torbutton signing exemption to mobile
* Bug 26146: Spoof HTTP User-Agent header for desktop platforms
* Bug 27543: QR code is broken on web.whatsapp.com
* Bug 27264: Bookmark items are not visible on the boomark toolbar
* Bug 27535: Enable TLS 1.3 draft version
* Backport of Mozilla bug 1490585, 1475775, and 1489744
* OS X
* Bug 27482: Fix crash during start-up on macOS 10.9.x systems
* Linux
* Bug 26556: Fix broken Tor Browser icon path on Linux
Tor Browser 8.5a1 -- September 5 2018
* All platforms
* Update Firefox to 60.2.0esr
* Update Tor to 0.3.4.7-rc
* Update OpenSSL to 1.0.2p
* Update Torbutton to 2.0.6
* Bug 27401: Start listening for NoScript before it loads
* Bug 27276: Adapt to new NoScript messaging protocol
* Bug 26884: Use Torbutton to provide security slider on mobile
* Bug 26962: Circuit display onboarding
* Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
* Bug 26490: Remove the security slider notification
* Bug 27301: Improve about:tor behavior and appearance
* Bug 27097: Add text for Tor News signup widget
* Bug 27214: Improve the onboarding text
* Translations update
* Update Tor Launcher to 0.2.16.4
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 27392: Update Moat URLs
* Translations update
* Update HTTPS Everywhere to 2018.8.22
* Update NoScript to 10.1.9.1
* Bug 26962: New feature onboarding
* Bug 27403: The onboarding bubble is not always displayed
* Bug 27283: Fix first-party isolation for UI tour
* Bug 27213: Update about:tbupdate to new (about:tor) layout
* Bug 26670: Make canvas permission prompt respect first-party isolation
* Bug 26561: .onion images are not displayed
* Bug 21787: Spoof en-US for date picker
* Bug 21607: Disable WebVR for now until it is properly audited
* Bug 21549: Disable wasm for now until it is properly audited
* Bug 26614: Disable Web Authentication API until it is properly audited
* Bug 27281: Enable Reader View mode again
* Bug 26114: Don't expose navigator.mozAddonManager to websites
* Bug 26048: Fix potentially confusing "restart to update" message
* Bug 27221: Purge startup cache if Tor Browser version changed
* Bug 26049: Reduce delay for showing update prompt to 1 hour
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 27268+27257+27262+26603: Preferences clean-up
* Windows
* Bug 26381: Work around endless loop during page load and about:tor not loading
* Bug 27411: Fix broken security slider and NoScript interaction on Windows
* Build System
* All Platforms
* Bug 27061: Enable verification of langpacks checksums
* Bug 27178+27179: Add support for xz compression in mar files
Tor Browser 8.0 -- September 5 2018
* All platforms
* Update Firefox to 60.2.0esr
* Update Tor to 0.3.3.9
* Update OpenSSL to 1.0.2p
* Update Libevent to 2.1.8
* Update Torbutton to 2.0.6
* Bug 26960: Implement new about:tor start page
* Bug 26961: Implement new user onboarding
* Bug 26962: Circuit display onboarding
* Bug 27301: Improve about:tor behavior and appearance
* Bug 27214: Improve the onboarding text
* Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
* Bug 26100: Adapt Torbutton to Firefox 60 ESR
* Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
* Bug 27401: Start listening for NoScript before it loads
* Bug 26430: New Torbutton icon
* Bug 24309: Move circuit display to the identity popup
* Bug 26884: Use Torbutton to provide security slider on mobile
* Bug 26128: Adapt security slider to the WebExtensions version of NoScript
* Bug 27276: Adapt to new NoScript messaging protocol
* Bug 23247: Show security state of .onions
* Bug 26129: Show our about:tor page on startup
* Bug 26235: Hide new unusable items from help menu
* Bug 26058: Remove workaround for hiding 'sign in to sync' button
* Bug 26590: Use new svg.disabled pref in security slider
* Bug 26655: Adjust color and size of onion button
* Bug 26500: Reposition circuit display relay icon for RTL locales
* Bug 26409: Remove spoofed locale implementation
* Bug 26189: Remove content-policy.js
* Bug 26544: Images are not centered anymore
* Bug 26490: Remove the security slider notification
* Bug 25126: Make about:tor layout responsive
* Bug 27097: Add text for Tor News signup widget
* Bug 21245: Add da translation to Torbutton and keep track of it
* Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
* Translations update
* Update Tor Launcher to 0.2.16.3
* Bug 23136: Moat integration (fetch bridges for the user)
* Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
* Bug 26985: Help button icons missing
* Bug 25509: Improve the proxy help text
* Bug 26466: Remove sv-SE from tracking for releases
* Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
* Translations update
* Update HTTPS Everywhere to 2018.8.22
* Update NoScript to 10.1.9.1
* Update meek to 0.31
* Bug 26477: Make meek extension compatible with ESR 60
* Update obfs4proxy to v0.0.7 (bug 25356)
* Bug 27082: Enable a limited UITour for user onboarding
* Bug 26961: New user onboarding
* Bug 26962: New feature onboarding
* Bug 27403: The onboarding bubble is not always displayed
* Bug 27283: Fix first-party isolation for UI tour
* Bug 27213: Update about:tbupdate to new (about:tor) layout
* Bug 14952+24553: Enable HTTP2 and AltSvc
* Bug 25735: Tor Browser stalls while loading Facebook login page
* Bug 17252: Enable TLS session identifiers with first-party isolation
* Bug 26353: Prevent speculative connects that violate first-party isolation
* Bug 26670: Make canvas permission prompt respect first-party isolation
* Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
* Bug 26456: HTTP .onion sites inherit previous page's certificate information
* Bug 26561: .onion images are not displayed
* Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
* Bug 26833: Backport Mozilla's bug 1473247
* Bug 26628: Backport Mozilla's bug 1470156
* Bug 26237: Clean up toolbar for ESR60-based Tor Browser
* Bug 26519: Avoid Firefox icons in ESR60
* Bug 26039: Load our preferences that modify extensions (fixup)
* Bug 26515: Update Tor Browser blog post URLs
* Bug 26216: Fix broken MAR file generation
* Bug 26409: Remove spoofed locale implementation
* Bug 25543: Rebase Tor Browser patches for ESR60
* Bug 23247: Show security state of .onions
* Bug 26039: Load our preferences that modify extensions
* Bug 17965: Isolate HPKP and HSTS to URL bar domain
* Bug 21787: Spoof en-US for date picker
* Bug 21607: Disable WebVR for now until it is properly audited
* Bug 21549: Disable wasm for now until it is properly audited
* Bug 26614: Disable Web Authentication API until it is properly audited
* Bug 18598: Disable WebSpeech API
* Bug 27281: Enable Reader View mode again
* Bug 26114: Don't expose navigator.mozAddonManager to websites
* Bug 21850: Update about:tbupdate handling for e10s
* Bug 26048: Fix potentially confusing "restart to update" message
* Bug 27221: Purge startup cache if Tor Browser version changed
* Bug 26049: Reduce delay for showing update prompt to 1 hour
* Bug 26365: Add potential AltSvc support
* Bug 9145: Fix broken hardware acceleration on Windows and enable it
* Bug 22756: Show Canvas prompt only after user interaction
* Bug 26045: Add new MAR signing keys
* Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
* Bug 19910: Rip out optimistic data socks handshake variant (#3875)
* Bug 22564: Hide Firefox Sync
* Bug 21484: Hide "What's New" link from About dialog
* Bug 25090: Disable updater telemetry
* Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
* Bug 13575: Disable randomised Firefox HTTP cache decay user tests
* Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
* Bug 24995: Include git hash in tor --version
* Bug 27268+27257+27262+26603 : Preferences clean-up
* Bug 26073: Migrate general.useragent.locale to intl.locale.requested
* Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
* Bug 12927: Include Hebrew translation into Tor Browser
* Bug 21245: Add danish (da) translation
* Windows
* Bug 20636+10026: Create 64bit Tor Browser for Windows
* Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
* Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
* Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
* Bug 12968: Enable HEASLR in Windows x86_64 builds
* Bug 26381: Work around endless loop during page load and about:tor not loading
* Bug 27411: Fix broken security slider and NoScript interaction on Windows
* Bug 22581: Fix shutdown crash
* Bug 25266: PT config should include full names of executable files
* Bug 26304: Update zlib to version 1.2.11
* Update tbb-windows-installer to 0.4
* Bug 26355: Update tbb-windows-installer to check for Windows7+
* Bug 26355: Require Windows7+ for updates to Tor Browser 8
* OS X
* Bug 24136: After loading file:// URLs clicking on links is broken on OS X
* Bug 24243: Tor Browser only renders HTML for local pages via file://
* Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
* Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
* Linux
* Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
* Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
* Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
* Bug 26951+18022: Fix execdesktop argument passing
* Bug 24136: After loading file:// URLs clicking on links is broken on Linux
* Bug 24243: Tor Browser only renders HTML for local pages via file://
* Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
* Bug 20283: Tor Browser should run without a `/proc` filesystem.
* Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
* Build System
* All Platforms
* Bug 26362+26410: Use old MAR format for first ESR60-based stable
* Bug 27020: RBM build fails with runc version 1.0.1
* Bug 26949: Use GitHub repository for STIX
* Bug 26773: Add --verbose to the ./mach build flag for firefox
* Bug 26319: Don't package up Tor Browser in the `mach package` step
* Bug 27178: Add support for xz compression in mar files
* Clean up
* Windows
* Bug 26203: Adapt tor-browser-build/tor-browser for Windows
* Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
* Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
* Bug 26206: Ship pthread related dll where needed
* Bug 26396: Build libwinpthread reproducible
* Bug 25837: Integrate fxc2 into our build setup for Windows builds
* Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
* Bug 25894: Get a rust cross-compiler for Windows
* Bug 25554: Bump mingw-w64 version for ESR 60
* Bug 23561: Fix nsis builds for Windows 64
* Bug 13469: Windows installer is missing many languages from NSIS file
* Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
* Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
* Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
* Bug 18287: Use SHA-2 signature for Tor Browser setup executables
* Bug 25420: Update GCC to 6.4.0
* Bug 16472: Update Binutils to 2.26.1
* Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
* Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
* Bug 18691: Switch Windows builds from precise to jessie
* OS X
* Bug 24632: Update macOS toolchain for ESR 60
* Bug 9711: Build our own cctools for macOS cross-compilation
* Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
* Bug 26003: Clean up our mozconfig-osx-x86_64 file
* Bug 26195: Use new cctools in our macosx-toolchain project
* Bug 25975: Get a rust cross-compiler for macOS
* Bug 26475: Disable Stylo to make macOS build reproducible
* Bug 26489: Fix .app directory name in tools/dmg2mar
* Linux
* Bug 26073: Patch tor-browser-build for transition to ESR 60
* Bug 25481: Rust support for tor-browser and tor
* Bug 25304: Update GCC to 6.4.0
* Bug 16472: Update Binutils to 2.26.1
Tor Browser 8.0a10 -- August 20 2018
* All platforms
* Update Tor to 0.3.4.6-rc
* Update Torbutton to 2.0.2
* Bug 26960: Implement new about:tor start page
* Bug 26961: Implement new user onboarding
* Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
* Bug 26590: Use new svg.disabled pref in security slider
* Bug 26655: Adjust color and size of onion button
* Bug 26500: Reposition circuit display relay icon for RTL locales
* Bug 26409: Remove spoofed locale implementation
* Bug 26189: Remove content-policy.js
* Bug 26544: Images are not centered anymore
* Bug 27129: Add locales ca, ga, id, is, nb
* Translations update
* Update Tor Launcher to 0.2.16.2
* Bug 26985: Help button icons missing
* Bug 25509: Improve the proxy help text
* Bug 27129: Add locales ca, ga, id, is, nb
* Translations update
* Update NoScript to 10.1.8.16
* Update meek to 0.31
* Bug 26477: Make meek extension compatible with ESR 60
* Bug 27082: Enable a limited UITour for user onboarding
* Bug 26961: New user onboarding
* Bug 14952+24553: Enable HTTP2 and AltSvc
* Bug 25735: Tor Browser stalls while loading Facebook login page
* Bug 17252: Enable TLS session identifiers with first-party isolation
* Bug 26353: Prevent speculative connects that violate first-party isolation
* Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
* Bug 26456: HTTP .onion sites inherit previous page's certificate information
* Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
* Bug 26833: Backport Mozilla's bug 1473247
* Bug 26628: Backport Mozilla's bug 1470156
* Bug 26237: Clean up toolbar for ESR60-based Tor Browser
* Bug 26519: Avoid Firefox icons in ESR60
* Bug 26039: Load our preferences that modify extensions (fixup)
* Bug 26515: Update Tor Browser blog post URLs
* Bug 27129: Add locales ca, ga, id, is, nb
* Bug 26216: Fix broken MAR file generation
* Bug 26409: Remove spoofed locale implementation
* Bug 26603: Remove obsolete HTTP pipelining preferences
* Windows
* Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
* Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
* Bug 12968: Enable HEASLR in Windows x86_64 builds
* Update tbb-windows-installer to 0.4
* Bug 26355: Update tbb-windows-installer to check for Windows7+
* Bug 26355: Require Windows7+ for updates to Tor Browser 8
* OS X
* Bug 26795: Bump snowflake to 6077141f4a for bug 25600
* Linux
* Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
* Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
* Bug 26951+18022: Fix execdesktop argument passing
* Bug 26795: Bump snowflake to 6077141f4a for bug 25600
* Build System
* All Platforms
* Bug 26410: Stop using old MAR format in the alpha series
* Bug 27020: RBM build fails with runc version 1.0.1
* Bug 26949: Use GitHub repository for STIX
* Bug 26773: Add --verbose to the ./mach build flag for firefox
* Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
* Bug 26319: Don't package up Tor Browser in the `mach package` step
* OS X
* Bug 26489: Fix .app directory name in tools/dmg2mar
* Windows
* Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
Tor Browser 8.0a9 -- June 27 2018
* All platforms
* Update Firefox to 60.1.0esr
* Update Tor to 0.3.4.2-alpha
* Update Libevent to 2.1.8
* Update Torbutton to 2.0.1
* Bug 26100: Adapt Torbutton to Firefox 60 ESR
* Bug 26430: New Torbutton icon
* Bug 24309: Move circuit display to the identity popup
* Bug 26128: Adapt security slider to the WebExtensions version of NoScript
* Bug 23247: Show security state of .onions
* Bug 26129: Show our about:tor page on startup
* Bug 26235: Hide new unusable items from help menu
* Bug 26058: Remove workaround for hiding 'sign in to sync' button
* Bug 20628: Add locales da, he, sv, and zh-TW
* Translations update
* Update Tor Launcher to 0.2.16.1
* Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
* Bug 20890: Increase control port connection timeout
* Bug 26466: Remove sv-SE from tracking for releases
* Bug 20628: Add more locales to Tor Browser
* Translations update
* Update HTTPS Everywhere to 2018.6.21
* Update NoScript to 10.1.8.2
* Bug 25543: Rebase Tor Browser patches for ESR60
* Bug 23247: Show security state of .onions
* Bug 26039: Load our preferences that modify extensions
* Bug 17965: Isolate HPKP and HSTS to URL bar domain
* Bug 26365: Add potential AltSvc support
* Bug 9145: Fix broken hardware acceleration on Windows and enable it
* Bug 22756: Show Canvas prompt only after user interaction
* Bug 26045: Add new MAR signing keys
* Bug 22564: Hide Firefox Sync
* Bug 21484: Hide "What's New" link from About dialog
* Bug 25090: Disable updater telemetry
* Bug 18598: Disable WebSpeech API
* Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
* Bug 26073: Migrate general.useragent.locale to intl.locale.requested
* Bug 20628: Make Tor Browser available in da, he, sv-SE, and zh-TW
* Bug 12927: Include Hebrew translation into Tor Browser
* Bug 21245: Add danish (da) translation
* Windows
* Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
* Bug 22581: Fix shutdown crash
* Bug 26424: Disable UNC paths to prevent possible proxy bypasses
* Bug 26304: Update zlib to version 1.2.11
* OS X
* Bug 24052: Backport fix for bug 1412081 for better file:// handling
* Bug 24136: After loading file:// URLs clicking on links is broken on OS X
* Bug 24243: Tor Browser only renders HTML for local pages via file://
* Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
* Bug 24632: Disable snowflake for now until its build is fixed
* Bug 26438: Remove broken seatbelt profiles
* Linux
* Bug 24052: Backport fix for bug 1412081 for better file:// handling
* Bug 24136: After loading file:// URLs clicking on links is broken on Linux
* Bug 24243: Tor Browser only renders HTML for local pages via file://
* Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
* Bug 26153: Update selfrando to be compatible with Firefox 60 ESR
* Bug 22242: Remove RUNPATH in Linux binaries embedded by selfrando
* Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
* Build System
* All Platforms
* Bug 26362: Use old MAR format for first ESR60-based alpha
* Clean up
* Windows
* Bug 26203: Adapt tor-browser-build/tor-browser for Windows
* Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
* Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
* Bug 26206: Ship pthread related dll where needed
* Bug 26396: Build libwinpthread reproducible
* Bug 25837: Integrate fxc2 into our build setup for Windows builds
* Bug 25894: Get a rust cross-compiler for Windows
* Bug 25554: Bump mingw-w64 version for ESR 60
* Bug 23561: Fix nsis builds for Windows 64
* Bug 13469: Windows installer is missing many languages from NSIS file
* Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
* Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
* Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
* Bug 18287: Use SHA-2 signature for Tor Browser setup executables
* Bug 16472: Update Binutils to 2.26.1
* OS X
* Bug 24632: Update macOS toolchain for ESR 60
* Bug 9711: Build our own cctools for macOS cross-compilation
* Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
* Bug 26003: Clean up our mozconfig-osx-x86_64 file
* Bug 26195: Use new cctools in our macosx-toolchain project
* Bug 25975: Get a rust cross-compiler for macOS
* Bug 26475: Disable Stylo to make macOS build reproducible
* Linux
* Bug 26073: Patch tor-browser-build for transition to ESR 60
* Bug 25540: Stop building and distributing sandboxed tor browser
* Bug 25481: Rust support for tor-browser and tor
* Bug 16472: Update Binutils to 2.26.1
Tor Browser 7.5.6 -- June 26 2018
* All platforms
* Update Firefox to 52.9.0esr
* Update Tor to 0.3.3.7
* Update Tor Launcher to 0.2.14.5
* Bug 20890: Increase control port connection timeout
* Update HTTPS Everywhere to 2018.6.21
* Bug 26451: Prevent HTTPS Everywhere from freezing the browser
* Update NoScript to 5.1.8.6
* Bug 21537: Mark .onion cookies as secure
* Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
* Bug 25721: Backport patches from Mozilla's bug 1448771
* Bug 25147+25458: Sanitize HTML fragments for chrome documents
* Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
* Windows
* Bug 26424: Disable UNC paths to prevent possible proxy bypasses
Tor Browser 8.0a8 -- June 10 2018
* All platforms
* Update Firefox to 52.8.1esr
* Bug 26098: Remove amazon-meek
Tor Browser 7.5.5 -- June 10 2018
* All platforms
* Update Firefox to 52.8.1esr
* Bug 26098: Remove amazon-meek
Tor Browser 8.0a7 -- May 9 2018
* All platforms
* Update Firefox to 52.8.0esr
* Update Tor Launcher to 0.2.15.2
* Bug 25807: Change front domain to unbreak Moat
* Translations update
* Bug 25973: Backport off-by-one fix (bug 1352073)
* Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
* Bug 25458: Fix broken UI customization
* Bug 25898: Make Youtube videos play automatically again
* Bug 25980: Improve backport of bug 1448771 (fixes broken Orfox build)
* OS X
* Bug 26010: Change Snowflake rendezvous to use the Azure domain front
* Linux
* Bug 26010: Change Snowflake rendezvous to use the Azure domain front
Tor Browser 7.5.4 -- May 9 2018
* All platforms
* Update Firefox to 52.8.0esr
* Update HTTPS Everywhere to 2018.4.11
* Update NoScript to 5.1.8.5
* Bug 23439: Exempt .onion domains from mixed content warnings
* Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
* Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
* Bug 25973: Backport off-by-one fix (bug 1352073)
* Bug 25020: Add a tbb_version.json file
Tor Browser 8.0a6 -- April 19 2018
* All platforms
* Update Tor to 0.3.3.5-rc
* Update OpenSSL to 1.0.2o
* Update Torbutton to 1.9.9.1
* Bug 25126: Make about:tor layout responsive
* Translations update
* Update HTTPS Everywhere to 2018.4.11
* Update NoScript to 5.1.8.5
* Bug 21537: Mark .onion cookies as secure
* Bug 21850: Update about:tbupdate handling for e10s
* Bug 25721: Backport patches from Mozilla's bug 1448771
* Linux
* Bug 20283: Tor Browser should run without a `/proc` filesystem.
* Windows
* Bug 13893: Make EMET compatible with Tor Browser
* Build System
* Windows
* Bug 25420: Update GCC to 6.4.0
* Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
* Linux
* Bug 25304: Update GCC to 6.4.0
Tor Browser 8.0a5 -- March 27 2018
* All platforms
* Update Firefox to 52.7.3esr
* Update HTTPS Everywhere to 2018.3.13
* Bug 23439: Exempt .onion domains from mixed content warnings
* OS X
* Update Snowflake
* Bug 21312+25579+25449: Fix crashes and memory/file descriptor leaks in go-webrtc
* Linux
* Update Snowflake
* Bug 21312+25579+25449: Fix crashes and memory/file descriptor leaks in go-webrtc
Tor Browser 7.5.3 -- March 26 2018
* All platforms
* Update Firefox to 52.7.3esr
* Update HTTPS Everywhere to 2018.3.13
* Bug 25339: Adapt build system for Python 3.6 based build procedure
Tor Browser 8.0a4 -- March 17 2018
* All platforms
* Update Firefox to 52.7.2esr
Tor Browser 7.5.2 -- March 17 2018
* All platforms
* Update Firefox to 52.7.2esr
Tor Browser 8.0a3 -- March 13 2018
* All platforms
* Update Firefox to 52.7.0esr
* Update Tor to 0.3.3.3-alpha
* Update Tor Launcher to 0.2.15.1
* Bug 23136: Moat integration (fetch bridges for the user)
* Translations update
* Update HTTPS Everywhere to 2018.2.26
* Bug 25339: Adapt build system for Python 3.6 based build procedure
* Bug 25356: Update obfs4proxy to v0.0.7
* Bug 25147: Sanitize HTML fragments created for chrome-privileged documents
* Windows
* Bug 25112: No sandboxing on 64-bit Windows <= Vista
Tor Browser 7.5.1 -- March 13 2018
* All platforms
* Update Firefox to 52.7.0esr
* Update Tor to 0.3.2.10
* Update Torbutton to 1.9.8.6
* Bug 24159: Version check does not deal with platform specific checks
* Bug 25016: Remove 2017 donation banner
* Translations update
* Update Tor Launcher to 0.2.14.4
* Bug 25089: Special characters are not escaped in proxy password
* Translations update
* Update NoScript to 5.1.8.4
* Bug 25356: Update obfs4proxy to v0.0.7
* Bug 25000: Add [System+Principal] to the NoScript whitelist
* Windows
* Bug 25112: Disable sandboxing on 64-bit Windows <= Vista
Tor Browser 8.0a2 -- February 23 2018
* All Platforms
* Update Tor to 0.3.3.2-alpha
* Update Torbutton to 1.9.9
* Bug 24159: Version check does not deal with platform specific checks
* Bug 25016: Remove 2017 donation banner
* Translations update
* Update Tor Launcher to 0.2.15
* Bug 25089: Special characters are not escaped in proxy password
* Translations update
* Update HTTPS Everywhere to 2018.1.29
* Update NoScript to 5.1.8.4
* Update meek to 0.29
* Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
* Bug 19910: Rip out optimistic data socks handshake variant (#3875)
* Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
* Bug 25000: Add [System+Principal] to the NoScript whitelist
* Bug 15599: Disable Range requests used by pdfjs as they are not isolated
* Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
* Bug 13575: Disable randomised Firefox HTTP cache decay user tests
* Bug 25020: Add a tbb_version.json file
* Bug 24995: Include git hash in tor --version
* OS X
* Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
* Linux
* Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
* Windows:
* Bug 25266: PT config should include full names of executable files
* Build System
* Windows
* Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
Tor Browser 8.0a1 -- January 23 2018
* All Platforms
* Update Firefox to 52.6.0esr
* Update Tor to 0.3.2.9
* Update Torbutton to 1.9.8.5
* Bug 21245: Add da translation to Torbutton and keep track of it
* Bug 24702: Remove Mozilla text from banner
* Translations update
* Update Tor Launcher to 0.2.14.3
* Translations update
* Update HTTPS Everywhere to 2018.1.11
* Bug 24756: Add noisebridge01 obfs4 bridge configuration
* Bug 23916: Add new MAR signing key
* Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
* Windows
* Bug 24197: Fix win64 sandbox compile issues
* Build System
* Windows
* Bug 18691: switch Windows builds from precise to jessie
* Linux
* Bug 23892: Include Firefox and Tor debug files in final build directory
* Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
Tor Browser 7.5 -- January 23 2018
* All Platforms
* Update Firefox to 52.6.0esr
* Update Tor to 0.3.2.9
* Update OpenSSL to 1.0.2n
* Update Torbutton to 1.9.8.5
* Bug 21847: Update copy for security slider
* Bug 21245: Add da translation to Torbutton and keep track of it
* Bug 24702: Remove Mozilla text from banner
* Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
* Translations update
* Update Tor Launcher to 0.2.14.3
* Bug 23262: Implement integrated progress bar
* Bug 23261: implement configuration portion of new Tor Launcher UI
* Bug 24623: Revise "country that censors Tor" text
* Bug 24624: tbb-logo.svg may cause network access
* Bug 23240: Retrieve current bootstrap progress before showing progress bar
* Bug 24428: Bootstrap error message sometimes lost
* Bug 22232: Add README on use of bootstrap status messages
* Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
* Translations update
* Update HTTPS Everywhere to 2018.1.11
* Update NoScript to 5.1.8.3
* Bug 23104: CSS line-height reveals the platform Tor Browser is running on
* Bug 24398: Plugin-container process exhausts memory
* Bug 22501: Requests via javascript: violate FPI
* Bug 24756: Add noisebridge01 obfs4 bridge configuration
* Windows
* Bug 16010: Enable content sandboxing on Windows
* Bug 23230: Fix build error on Windows 64
* OS X
* Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
* Bug 23025: Add some hardening flags to macOS build
* Linux
* Bug 23970: Make "Print to File" work with sandboxing enabled
* Bug 23016: "Print to File" is broken on some non-english Linux systems
* Bug 10089: Set middlemouse.contentLoadURL to false by default
* Bug 18101: Suppress upload file dialog proxy bypass (linux part)
* Android
* Bug 22084: Spoof network information API
* Build System
* All Platforms
* Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
* Windows
* Bug 22563: Update mingw-w64 to fix W^X violations
* Bug 20929: Bump GCC version to 5.4.0
* Linux
* Bug 20929: Bump GCC version to 5.4.0
* Bug 23892: Include Firefox and Tor debug files in final build directory
* Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
Tor Browser 7.5a10 -- December 19 2017
* All Platforms
* Update Tor to 0.3.2.7-rc
* Update OpenSSL to 1.0.2n
* Update Torbutton to 1.9.8.4
* Bug 21847: Update copy for security slider
* Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
* Translations update
* Update Tor Launcher to 0.2.14.2
* Bug 24623: Revise "country that censors Tor" text
* Bug 24428: Bootstrap error message sometimes lost
* Bug 24624: tbb-logo.svg may cause network access
* Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
* Translations update
* Update NoScript to 5.1.8.3
* Bug 23104: CSS line-height reveals the platform Tor Browser is running on
* Bug 24398: Plugin-container process exhausts memory
* OS X
* Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
* Linux
* Bug 23970: Make "Print to File" work with sandboxing enabled
* Bug 23016: "Print to File" is broken on some non-english Linux systems
* Android
* Bug 22084: Spoof network information API
Tor Browser 7.5a9 -- December 09 2017
* All Platforms
* Update Firefox to 52.5.2esr
* Update Tor to 0.3.2.6-alpha
* Update HTTPS-Everywhere to 2017.12.6
* Update NoScript to 5.1.8.1
* Update sandboxed-tor-browser to 0.0.16
Tor Browser 7.0.11 -- December 09 2017
* All Platforms
* Update Firefox to 52.5.2esr
* Update Tor to 0.3.1.9
* Update HTTPS-Everywhere to 2017.12.6
* Update NoScript to 5.1.8.1
Tor Browser 7.5a8 -- November 15 2017
* All Platforms
* Update Firefox to 52.5.0esr
* Update Tor to 0.3.2.4-alpha
* Update Torbutton to 1.9.8.3
* Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
* Bug 23949: Fix donation banner display
* Update locales with translated banner
* Translations update
* Update Tor Launcher to 0.2.14.1
* Bug 23262: Implement integrated progress bar
* Bug 23261: implement configuration portion of new Tor Launcher UI
* Translations update
* Update HTTPS-Everywhere to 2017.10.30
* Update NoScript to 5.1.5
* Bug 23968: NoScript icon jumps to the right after update
* Update sandboxed-tor-browser to 0.0.15
* Windows
* Bug 20636+10026: Create 64bit Tor Browser for Windows
* Bug 24052: Block file:// redirects early
Tor Browser 7.0.10 -- November 14 2017
* All Platforms
* Update Firefox to 52.5.0esr
* Update Tor to 0.3.1.8
* Update Torbutton to 1.9.7.10
* Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
* Translations update
* Update HTTPS-Everywhere to 2017.10.30
* Bug 24178: Use make.sh for building HTTPS-Everywhere
* Update NoScript to 5.1.5
* Bug 23968: NoScript icon jumps to the right after update
* Windows
* Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
* Bug 23396: Update the msvcr100.dll we ship
* Bug 24052: Block file:// redirects early
Tor Browser 7.5a7 -- November 4 2017
* OS X
* Bug 24052: Streamline handling of file:// resources
* Linux
* Bug 24052: Streamline handling of file:// resources
Tor Browser 7.0.9 -- November 3 2017
* OS X
* Bug 24052: Streamline handling of file:// resources
* Linux
* Bug 24052: Streamline handling of file:// resources
Tor Browser 7.0.8 -- October 25 2017
* All Platforms
* Update Torbutton to 1.9.7.9
* Bug 23949: Fix donation banner display
* Update locales with translated banner
* Translations update
Tor Browser 7.5a6 -- October 19 2017
* All Platforms
* Update Firefox to 52.4.1esr
* Update Tor to 0.3.2.2-alpha
* Update Torbutton to 1.9.8.2
* Bug 23887: Update banner locales and Mozilla text
* Translations update
* Update HTTPS-Everywhere to 2017.10.4
* Update NoScript to 5.1.2
* Bug 23723: Loading entities from NoScript .dtd files is blocked
* Bug 23724: NoScript update breaks Security Slider and its icon disappears
* Update sandboxed-tor-browser to 0.0.14
* Bug 23745: Tab crashes when using Tor Browser to access Google Drive
* Bug 23694: Update the detailsURL in update responses
* Bug 22501: Requests via javascript: violate FPI
* OS X
* Bug 23807: Tab crashes when playing video on High Sierra
* Bug 23025: Add some hardening flags to macOS build
Tor Browser 7.0.7 -- October 19 2017
* All Platforms
* Update Firefox to 52.4.1esr
* Update Torbutton to 1.9.7.8
* Bug 23887: Update banner locales and Mozilla text
* Bug 23526: Add 2017 Donation banner text
* Bug 23483: Donation banner on about:tor for 2017 (testing mode)
* Bug 22610: Avoid crashes when canceling external helper app related downloads
* Bug 22472: Fix FTP downloads when external helper app dialog is shown
* Bug 22471: Downloading pdf files via the PDF viewer download button is broken
* Bug 22618: Downloading pdf file via file:/// is stalling
* Translations update
* Update HTTPS-Everywhere to 2017.10.4
* Update NoScript to 5.1.2
* Bug 23723: Loading entities from NoScript .dtd files is blocked
* Bug 23724: NoScript update breaks Security Slider and its icon disappears
* Bug 23745: Tab crashes when using Tor Browser to access Google Drive
* Bug 22610: Avoid crashes when canceling external helper app related downloads
* Bug 22472: Fix FTP downloads when external helper app dialog is shown
* Bug 22471: Downloading pdf files via the PDF viewer download button is broken
* Bug 22618: Downloading pdf file via file:/// is stalling
* Bug 23694: Update the detailsURL in update responses
* OS X
* Bug 23807: Tab crashes when playing video on High Sierra
* Linux
* Bug 22692: Enable content sandboxing on Linux
Tor Browser 7.5a5 -- September 28 2017
* All Platforms
* Update Firefox to 52.4.0esr
* Update Tor to 0.3.2.1-alpha
* Update Torbutton to 1.9.8.1
* Bug 20375: Warn users after entering fullscreen mode
* Bug 22989: Fix dimensions of new windows on macOS
* Bug 23526: Add 2017 Donation banner text
* Bug 23483: Donation banner on about:tor for 2017 (testing mode)
* Translations update
* Update Tor Launcher to 0.2.13
* Bug 23240: Retrieve current bootstrap progress before showing progress bar
* Bug 22232: Add README on use of bootstrap status messages
* Translations update
* Update HTTPS-Everywhere to 2017.9.12
* Update NoScript to 5.0.10
* Update sandboxed-tor-browser to 0.0.13
* Bug 23393: Don't crash all tabs when closing one tab
* Bug 23166: Add new obfs4 bridge to the built-in ones
* Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
* Bug 21270: NoScript settings break WebExtensions add-ons
* Bug 23104: CSS line-height reveals the platform Tor Browser is running on
* Windows
* Bug 16010: Enable content sandboxing on Windows
* Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
* Bug 23396: Update the msvcr100.dll we ship
* Bug 23230: Fix build error on Windows 64
* OS X
* Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
* Linux
* Bug 10089: Set middlemouse.contentLoadURL to false by default
* Bug 22692: Enable content sandboxing on Linux
* Bug 18101: Suppress upload file dialog proxy bypass (linux part)
* Build System
* All Platforms
* Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
Tor Browser 7.0.6 -- September 28 2017
* All Platforms
* Update Firefox to 52.4.0esr
* Update Tor to 0.3.1.7
* Update Torbutton to 1.9.7.7
* Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
* Bug 20375: Warn users after entering fullscreen mode
* Update HTTPS-Everywhere to 2017.9.12
* Update NoScript to 5.0.10
* Bug 21830: Copying large text from web console leaks to /tmp
* Bug 23393: Don't crash all tabs when closing one tab
* OS X
* Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
Tor Browser 7.0.5 -- September 4 2017
* All Platforms
* Update Torbutton to 1.9.7.6
* Bug 22989: Fix dimensions of new windows on macOS
* Translations update
* Update HTTPS-Everywhere to 2017.8.31
* Update NoScript to 5.0.9
* Bug 23166: Add new obfs4 bridge to the built-in ones
* Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
* Bug 21270: NoScript settings break WebExtensions add-ons
Tor Browser 7.5a4 -- August 9 2017
* All Platforms
* Update Firefox to 52.3.0esr
* Update Tor to 0.3.1.5-alpha
* Update OpenSSL to 1.0.2l
* Update Torbutton to 1.9.8
* Bug 22610: Avoid crashes when canceling external helper app related downloads
* Bug 22472: Fix FTP downloads when external helper app dialog is shown
* Bug 22471: Downloading pdf files via the PDF viewer download button is broken
* Bug 22618: Downloading pdf file via file:/// is stalling
* Bug 22542: Resize slider window to work without scrollbars
* Bug 21999: Fix display of language prompt in non-en-US locales
* Bug 18913: Don't let about:tor have chrome privileges
* Bug 22535: Search on about:tor discards search query
* Bug 21948: Going back to about:tor page gives "Address isn't valid" error
* Code clean-up
* Translations update
* Update Tor Launcher to 0.2.12.3
* Bug 22592: Default bridge settings are not removed
* Translations update
* Update HTTPS-Everywhere to 5.2.21
* Update NoScript to 5.0.8.1
* Bug 22362: Remove workaround for XSS related browser freezing
* Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
* Update sandboxed-tor-browser to 0.0.12
* Bug 22610: Avoid crashes when canceling external helper app related downloads
* Bug 22472: Fix FTP downloads when external helper app dialog is shown
* Bug 22471: Downloading pdf files via the PDF viewer download button is broken
* Bug 22618: Downloading pdf file via file:/// is stalling
* Bug 21321: Exempt .onions from HTTP related security warnings
* Bug 21830: Copying large text from web console leaks to /tmp
* Bug 22073: Disable GetAddons option on addons page
* Bug 22884: Fix broken about:tor page on higher security levels
* Bug 22829: Remove default obfs4 bridge riemann.
* Windows
* Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
* OS X
* Bug 22831: Enable Snowflake for mac
* Linux
* Bug 22832: Don't include monthly timestamp in libwebrtc build output
* Bug 20848: Deploy Selfrando in 32bit Linux builds
* Build system
* Windows
* Bug 22563: Update mingw-w64 to fix W^X violations
* Bug 20929: Bump GCC version to 5.4.0
* Linux
* Bug 20929: Bump GCC version to 5.4.0
Tor Browser 7.0.4 -- August 8 2017
* All Platforms
* Update Firefox to 52.3.0esr
* Update Tor to 0.3.0.10
* Update Torbutton to 1.9.7.5
* Bug 21999: Fix display of language prompt in non-en-US locales
* Bug 18913: Don't let about:tor have chrome privileges
* Bug 22535: Search on about:tor discards search query
* Bug 21948: Going back to about:tor page gives "Address isn't valid" error
* Code clean-up
* Translations update
* Update Tor Launcher to 0.2.12.3
* Bug 22592: Default bridge settings are not removed
* Translations update
* Update HTTPS-Everywhere to 5.2.21
* Update NoScript to 5.0.8.1
* Bug 22362: Remove workaround for XSS related browser freezing
* Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
* Bug 21321: Exempt .onions from HTTP related security warnings
* Bug 22073: Disable GetAddons option on addons page
* Bug 22884: Fix broken about:tor page on higher security levels
* Windows
* Bug 22829: Remove default obfs4 bridge riemann.
* Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
* OS X
* Bug 22829: Remove default obfs4 bridge riemann.
Tor Browser 7.5a3 -- July 28 2017
* Linux
* Bug 23044: Don't allow GIO supported protocols by default
Tor Browser 7.0.3 -- July 27 2017
* Linux
* Bug 23044: Don't allow GIO supported protocols by default
* Bug 22829: Remove default obfs4 bridge riemann.
Tor Browser 7.5a2 -- July 6 2017
* All Platforms
* Update Tor to 0.3.1.4-alpha
* Update HTTPS-Everywhere to 5.2.19
* Linux
* Update sandboxed-tor-browser to 0.0.9
Tor Browser 7.0.2 -- July 3 2017
* All Platforms
* Update Tor to 0.3.0.9, fixing bug #22753
* Update HTTPS-Everywhere to 5.2.19
Tor Browser 7.5a1 -- June 14 2017
* All Platforms
* Update Firefox to 52.2.0esr
* Update Tor to 0.3.1.3-alpha
* Update Torbutton to 1.9.7.4
* Bug 22542: Security Settings window too small on macOS 10.12
* Bug 22104: Adjust our content policy whitelist for ff52-esr
* Bug 22457: Allow resources loaded by view-source://
* Bug 21627: Ignore HTTP 304 responses when checking redirects
* Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
* Translations update
* Update Tor Launcher to 0.2.12.2
* Bug 22283: Linux 7.0a4 is broken after update due to unix: lines in torrc
* Translations update
* Update HTTPS-Everywhere to 5.2.18
* Update NoScript to 5.0.5
* Update sandboxed-tor-browser to 0.0.7
* Bug 22362: NoScript's XSS filter freezes the browser
* Bug 21766: Fix crash when the external application helper dialog is invoked
* Bug 21886: Download is stalled in non-e10s mode
* Bug 22333: Disable WebGL2 API for now
* Bug 21861: Disable additional mDNS code to avoid proxy bypasses
* Bug 21684: Don't expose navigator.AddonManager to content
* Bug 21431: Clean-up system extensions shipped in Firefox 52
* Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
* Bug 16285: Don't ship ClearKey EME system and update EME preferences
* Bug 21972: about:support is partially broken
* Bug 21323: Enable Mixed Content Blocking
* Bug 22415: Fix format error in our pipeline patch
* Bug 21862: Rip out potentially unsafe Rust code
* Bug 16485: Improve about:cache page
* Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
* Bug 22458: Fix broken `about:cache` page on higher security levels
* Bug 18531: Uncaught exception when opening ip-check.info
* Bug 18574: Uncaught exception when clicking items in Library
* Bug 22327: Isolate Page Info media previews to first party domain
* Bug 22452: Isolate tab list menuitem favicons to first party domain
* Bug 15555: View-source requests are not isolated by first party domain
* Bug 5293: Neuter fingerprinting with Battery API
* Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
* Bug 22468: Add default obfs4 bridges frosty and dragon
* Windows
* Bug 22419: Prevent access to file://
* Bug 21617: Fix single RWX page on Windows
* OS X
* Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
* Linux
* Bug 16285: Remove ClearKey related library stripping
* Bug 21852: Don't use jemalloc4 anymore
* Android
* Bug 19078: Disable RtspMediaResource stuff in Orfox
Tor Browser 7.0.1 -- June 13 2017
* All Platforms
* Update Firefox to 52.2.0esr
* Update Tor to 0.3.0.8
* Update Torbutton to 1.9.7.4
* Bug 22542: Security Settings window too small on macOS 10.12
* Update HTTPS-Everywhere to 5.2.18
* Bug 22362: NoScript's XSS filter freezes the browser
* OS X
* Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
Tor Browser 7.0 -- June 7 2017
* All Platforms
* Update Firefox to 52.1.2esr
* Update Tor to 0.3.0.7
* Update Torbutton to 1.9.7.3
* Bug 22104: Adjust our content policy whitelist for ff52-esr
* Bug 22457: Allow resources loaded by view-source://
* Bug 21627: Ignore HTTP 304 responses when checking redirects
* Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
* Bug 21865: Update our JIT preferences in the security slider
* Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
* Bug 21745: Fix handling of catch-all circuit
* Bug 21547: Fix circuit display under e10s
* Bug 21268: e10s compatibility for New Identity
* Bug 21267: Remove window resize implementation for now
* Bug 21201: Make Torbutton multiprocess compatible
* Translations update
* Update Tor Launcher to 0.2.12.2
* Bug 22283: Linux 7.0a4 broken after update due to unix: lines in torrc
* Bug 20761: Don't ignore additional SocksPorts
* Bug 21920: Don't show locale selection dialog
* Bug 21546: Mark Tor Launcher as multiprocess compatible
* Bug 21264: Add a README file
* Translations update
* Update HTTPS-Everywhere to 5.2.17
* Update NoScript to 5.0.5
* Update Go to 1.8.3 (bug 22398)
* Bug 21962: Fix crash on about:addons page
* Bug 21766: Fix crash when the external application helper dialog is invoked
* Bug 21886: Download is stalled in non-e10s mode
* Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
* Bug 21569: Add first-party domain to Permissions key
* Bug 22165: Don't allow collection of local IP addresses
* Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
* Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
* Bug 13612: Disable Social API
* Bug 10283: Disable SpeechSynthesis API
* Bug 22333: Disable WebGL2 API for now
* Bug 21861: Disable additional mDNS code to avoid proxy bypasses
* Bug 21684: Don't expose navigator.AddonManager to content
* Bug 21431: Clean-up system extensions shipped in Firefox 52
* Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
* Bug 16285: Don't ship ClearKey EME system and update EME preferences
* Bug 21675: Spoof window.navigator.hardwareConcurrency
* Bug 21792: Suppress MediaError.message
* Bug 16337: Round times exposed by Animation API to nearest 100ms
* Bug 21972: about:support is partially broken
* Bug 21726: Keep Graphite support disabled
* Bug 21323: Enable Mixed Content Blocking
* Bug 21685: Disable remote new tab pages
* Bug 21790: Disable captive portal detection
* Bug 21686: Disable Microsoft Family Safety support
* Bug 22073: Make sure Mozilla's experiments are disabled
* Bug 21683: Disable newly added Safebrowsing capabilities
* Bug 22071: Disable Kinto-based blocklist update mechanism
* Bug 22415: Fix format error in our pipeline patch
* Bug 22072: Hide TLS error reporting checkbox
* Bug 20761: Don't ignore additional SocksPorts
* Bug 21862: Rip out potentially unsafe Rust code
* Bug 16485: Improve about:cache page
* Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
* Bug 21340: Identify and backport new patches from Firefox
* Bug 22153: Fix broken feeds on higher security levels
* Bug 22025: Fix broken certificate error pages on higher security levels
* Bug 21887: Fix broken error pages on higher security levels
* Bug 22458: Fix broken `about:cache` page on higher security levels
* Bug 21876: Enable e10s by default on all supported platforms
* Bug 21876: Always use esr policies for e10s
* Bug 20905: Fix resizing issues after moving to a direct Firefox patch
* Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
* Bug 21885: SVG is not disabled in Tor Browser based on ESR52
* Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
* Bug 18531: Uncaught exception when opening ip-check.info
* Bug 18574: Uncaught exception when clicking items in Library
* Bug 22327: Isolate Page Info media previews to first party domain
* Bug 22452: Isolate tab list menuitem favicons to first party domain
* Bug 15555: View-source requests are not isolated by first party domain
* Bug 3246: Double-key cookies
* Bug 8842: Fix XML parsing error
* Bug 5293: Neuter fingerprinting with Battery API
* Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
* Bug 19645: TBB zooms text when resizing browser window
* Bug 19192: Untrust Blue Coat CA
* Bug 19955: Avoid confusing warning that favicon load request got cancelled
* Bug 20005: Backport fixes for memory leaks investigation
* Bug 20755: ltn.com.tw is broken in Tor Browser
* Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
* Bug 20680: Rebase Tor Browser patches to 52 ESR
* Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
* Bug 22468: Add default obfs4 bridges frosty and dragon
* Windows
* Bug 22419: Prevent access to file://
* Bug 12426: Make use of HeapEnableTerminationOnCorruption
* Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
* Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
* OS X
* Bug 21940: Don't allow privilege escalation during update
* Bug 22044: Fix broken default search engine on macOS
* Bug 21879: Use our default bookmarks on OSX
* Bug 21779: Non-admin users can't access Tor Browser on macOS
* Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
* Bug 21724: Make Firefox and Tor Browser distinct macOS apps
* Bug 21931: Backport OSX SetupMacCommandLine updater fixes
* Bug 15910: Don't download GMPs via the local fallback
* Linux
* Bug 16285: Remove ClearKey related library stripping
* Bug 22041: Fix update error during update to 7.0a3
* Bug 22238: Fix use of hardened wrapper for Firefox build
* Bug 21907: Fix runtime error on CentOS 6
* Bug 15910: Don't download GMPs via the local fallback
* Android
* Bug 19078: Disable RtspMediaResource stuff in Orfox
* Build system
* Windows
* Bug 21837: Fix reproducibility of accessibility code for Windows
* Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
* Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
* Bug 18831: Use own Yasm for Firefox cross-compilation
* OS X
* Bug 21328: Updating to clang 3.8.0
* Bug 21754: Remove old GCC toolchain and macOS SDK
* Bug 19783: Remove unused macOS helper scripts
* Bug 10369: Don't use old GCC toolchain anymore for utils
* Bug 21753: Replace our old GCC toolchain in PT descriptor
* Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
* Bug 22328: Remove clang PIE wrappers
* Linux
* Bug 21930: NSS libraries are missing from mar-tools archive
* Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
* Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore
* Bug 21629: Fix broken ASan builds when switching to ESR 52
* Bug 22444: Use hardening-wrapper when building GCC
* Bug 22361: Fix hardening of libraries built in linux/gitian-utils.yml
Tor Browser 7.0a4 -- May 15 2017
* All Platforms
* Update Firefox to 52.1.1esr
* Update Tor to 0.3.0.6
* Update Tor Launcher to 0.2.12.1
* Bug 20761: Don't ignore additional SocksPorts
* Translation update
* Update HTTPS-Everywhere to 5.2.16
* Update NoScript to 5.0.4
* Bug 21962: Fix crash on about:addons page
* Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
* Bug 21569: Add first-party domain to Permissions key
* Bug 22165: Don't allow collection of local IP addresses
* Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
* Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
* Bug 13612: Disable Social API
* Bug 10283: Disable SpeechSynthesis API
* Bug 21675: Spoof window.navigator.hardwareConcurrency
* Bug 21792: Suppress MediaError.message
* Bug 16337: Round times exposed by Animation API to nearest 100ms
* Bug 21726: Keep Graphite support disabled
* Bug 21685: Disable remote new tab pages
* Bug 21790: Disable captive portal detection
* Bug 21686: Disable Microsoft Family Safety support
* Bug 22073: Make sure Mozilla's experiments are disabled
* Bug 21683: Disable newly added Safebrowsing capabilities
* Bug 22071: Disable Kinto-based blocklist update mechanism
* Bug 22072: Hide TLS error reporting checkbox
* Bug 20761: Don't ignore additional SocksPorts
* Bug 21340: Identify and backport new patches from Firefox
* Bug 22153: Fix broken feeds on higher security levels
* Bug 22025: Fix broken certificate error pages on higher security levels
* Bug 21710: Upgrade Go to 1.8.1
* Mac
* Bug 21940: Don't allow privilege escalation during update
* Bug 22044: Fix broken default search engine on macOS
* Bug 21879: Use our default bookmarks on OSX
* Bug 21779: Non-admin users can't access Tor Browser on macOS
* Linux
* Bug 22041: Fix update error during update to 7.0a3
* Bug 22238: Fix use of hardened wrapper for Firefox build
* Bug 20683: Selfrando support for 64-bit Linux systems
Tor Browser 7.0a3 -- April 20 2017
* All Platforms
* Update Firefox to 52.1.0esr
* Tor to 0.3.0.5-rc
* Update Torbutton to 1.9.7.2
* Bug 21865: Update our JIT preferences in the security slider
* Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
* Bug 21745: Fix handling of catch-all circuit
* Bug 21547: Fix circuit display under e10s
* Bug 21268: e10s compatibility for New Identity
* Bug 21267: Remove window resize implementation for now
* Bug 21201: Make Torbutton multiprocess compatible
* Translations update
* Update Tor Launcher to 0.2.12
* Bug 21920: Don't show locale selection dialog
* Bug 21546: Mark Tor Launcher as multiprocess compatible
* Bug 21264: Add a README file
* Translations update
* Update HTTPS-Everywhere to 5.2.14
* Update NoScript to 5.0.2
* Update sandboxed-tor-browser to 0.0.6
* Bug 21764: Use bubblewrap's `--die-with-parent` when supported
* Fix e10s Web Content crash on systems with grsec kernels
* Bug 21928: Force a reinstall if an existing hardened bundle is present
* Bug 21929: Remove hardened/ASAN related code
* Bug 21927: Remove the ability to install/update the hardened bundle
* Bug 21244: Update the MAR signing key for 7.0
* Bug 21536: Remove asn's scramblesuit bridge from Tor Browser
* Add back the old release MAR signing key
* Add `prlimit64` to the firefox system call whitelist
* Fix compilation with Go 1.8
* Use Config.Clone() to clone TLS configs when available
* Update Go to 1.7.5 (bug 21709)
* Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
* Bug 21887: Fix broken error pages on higher security levels
* Bug 21876: Enable e10s by default on all supported platforms
* Bug 21876: Always use esr policies for e10s
* Bug 20905: Fix resizing issues after moving to a direct Firefox patch
* Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
* Bug 21885: SVG is not disabled in Tor Browser based on ESR52
* Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
* Bug 3246: Double-key cookies
* Bug 8842: Fix XML parsing error
* Bug 16886: "Add-on compatibility check dialog" contains Firefox logo
* Bug 19192: Untrust Blue Coat CA
* Bug 19955: Avoid confusing warning that favicon load request got cancelled
* Bug 20005: Backport fixes for memory leaks investigation
* Bug 20755: ltn.com.tw is broken in Tor Browser
* Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
* Bug 20680: Rebase Tor Browser patches to 52 ESR
* Bug 21917: Add new obfs4 bridges
* Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
* Windows
* Bug 21795: Fix Tor Browser crashing on github.com
* Bug 12426: Make use of HeapEnableTerminationOnCorruption
* Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
* Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
* OS X
* Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
* Bug 21724: Make Firefox and Tor Browser distinct macOS apps
* Bug 21931: Backport OSX SetupMacCommandLine updater fixes
* Bug 15910: Don't download GMPs via the local fallback
* Linux
* Bug 21907: Fix runtime error on CentOS 6
* Bug 21748: Fix broken Snowflake build and update bridge details
* Bug 21954: Snowflake breaks the 7.0a3 build
* Bug 15910: Don't download GMPs via the local fallback
* Build system
* Windows
* Bug 21837: Fix reproducibility of accessibility code for Windows
* Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
* Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
* Bug 18831: Use own Yasm for Firefox cross-compilation
* OS X
* Bug 21328: Updating to clang 3.8.0
* Bug 21754: Remove old GCC toolchain and macOS SDK
* Bug 19783: Remove unused macOS helper scripts
* Bug 10369: Don't use old GCC toolchain anymore for utils
* Bug 21753: Replace our old GCC toolchain in PT descriptor
* Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
* Linux
* Bug 21930: NSS libraries are missing from mar-tools archive
* Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
* Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore
* Bug 21629: Fix broken ASan builds when switching to ESR 52
Tor Browser 6.5.2 -- April 19 2017
* All Platforms
* Update Firefox to 45.9.0esr
* Update HTTPS-Everywhere to 5.2.14
* Update NoScript to 5.0.2
* Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
* Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
* Bug 21917: Add new obfs4 bridges
* Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
* Windows
* Bug 21795: Fix Tor Browser crashing on github.com
Tor Browser 7.0a2-hardened -- March 7 2017
* All Platforms
* Update Firefox to 45.8.0esr
* Tor to 0.3.0.4-rc
* OpenSSL to 1.0.2k
* Update Torbutton to 1.9.7.1
* Bug 21396: Allow leaking of resource/chrome URIs (off by default)
* Bug 21574: Add link for zh manual and create manual links dynamically
* Bug 21330: Non-usable scrollbar appears in tor browser security settings
* Bug 21324: Don't update NoScript button with timer update
* Translation updates
* Update HTTPS-Everywhere to 5.2.11
* Bug 21514: Restore W^X JIT implementation removed from ESR45
* Bug 21536: Remove scramblesuit bridge
* Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
* Bug 21326: Update the "Using a system-installed Tor" section in start script
* Build system
* Bug 17034: Use our built binutils and GCC for building tor
* Code clean-up
Tor Browser 7.0a2 -- March 7 2017
* All Platforms
* Update Firefox to 45.8.0esr
* Tor to 0.3.0.4-rc
* OpenSSL to 1.0.2k
* Update Torbutton to 1.9.7.1
* Bug 21396: Allow leaking of resource/chrome URIs (off by default)
* Bug 21574: Add link for zh manual and create manual links dynamically
* Bug 21330: Non-usable scrollbar appears in tor browser security settings
* Bug 21324: Don't update NoScript button with timer update
* Translation updates
* Update HTTPS-Everywhere to 5.2.11
* Bug 21514: Restore W^X JIT implementation removed from ESR45
* Bug 21536: Remove scramblesuit bridge
* Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
* Bug 21348: Make snowflake only available on Linux for now
* Linux
* Bug 21326: Update the "Using a system-installed Tor" section in start script
* Build system
* OS X
* Bug 21343: Remove unused FTE related parts for macOS
* Linux
* Bug 17034: Use our built binutils and GCC for building tor
* Clean-up
Tor Browser 6.5.1 -- March 7 2017
* All Platforms
* Update Firefox to 45.8.0esr
* Tor to 0.2.9.10
* OpenSSL to 1.0.2k
* Update Torbutton to 1.9.6.14
* Bug 21396: Allow leaking of resource/chrome URIs (off by default)
* Bug 21574: Add link for zh manual and create manual links dynamically
* Bug 21330: Non-usable scrollbar appears in tor browser security settings
* Translation updates
* Update HTTPS-Everywhere to 5.2.11
* Bug 21514: Restore W^X JIT implementation removed from ESR45
* Bug 21536: Remove scramblesuit bridge
* Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
* Linux
* Bug 21326: Update the "Using a system-installed Tor" section in start script
Tor Browser 7.0a1-hardened -- January 25 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.3.0.2-alpha
* Update Torbutton to 1.9.7
* Bug 19898: Use DuckDuckGo on about:tor
* Bug 21091: Hide the update check menu entry when running under the sandbox
* Bug 21243: Add links to es, fr, and pt Tor Browser manual
* Bug 21194: Show snowflake in the circuit display
* Bug 21131: Remove 2016 donation banner
* Translation updates
* Update HTTPS-Everywhere to 5.2.9
* Update NoScript to 2.9.5.3
* Bug 20471: Allow javascript: links from HTTPS first party pages
* Bug 20651: DuckDuckGo does not work with JavaScript disabled
* Bug 20589: Add new MAR signing key
* Bug 20735: Add snowflake pluggable transport to alpha Linux builds
* Build system
* All platforms
* Bug 20927: Upgrade Go to 1.7.4
Tor Browser 7.0a1 -- January 25 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.3.0.2-alpha
* Update Torbutton to 1.9.7
* Bug 19898: Use DuckDuckGo on about:tor
* Bug 21091: Hide the update check menu entry when running under the sandbox
* Bug 21243: Add links to es, fr, and pt Tor Browser manual
* Bug 21194: Show snowflake in the circuit display
* Bug 21131: Remove 2016 donation banner
* Translation updates
* Update HTTPS-Everywhere to 5.2.9
* Update NoScript to 2.9.5.3
* Bug 20471: Allow javascript: links from HTTPS first party pages
* Bug 20651: DuckDuckGo does not work with JavaScript disabled
* Bug 20589: Add new MAR signing key
* Windows
* Bug 20981: On Windows, check TZ for timezone first
* OS X
* Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
* Linux
* Update sandboxed-tor-browser to 0.0.3
* Bug 20735: Add snowflake pluggable transport to alpha Linux builds
* Build system
* All platforms
* Bug 20927: Upgrade Go to 1.7.4
* Linux
* Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3
Tor Browser 6.5 -- January 24 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.2.9.9
* OpenSSL to 1.0.2j
* Update Torbutton to 1.9.6.12
* Bug 16622: Timezone spoofing moved to tor-browser.git
* Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
* Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
* Bug 20701: Allow the directory listing stylesheet in the content policy
* Bug 19837: Whitelist internal URLs that Firefox requires for media
* Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
* Bug 19273: Improve external app launch handling and associated warnings
* Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
* Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
* Bug 17767: Make "JavaScript disabled" more visible in Security Slider
* Bug 20556: Use pt-BR strings from now on
* Bug 20614: Add links to Tor Browser User Manual
* Bug 20414: Fix non-rendering arrow on OS X
* Bug 20728: Fix bad preferences.xul dimensions
* Bug 19898: Use DuckDuckGo on about:tor
* Bug 21091: Hide the update check menu entry when running under the sandbox
* Bug 19459: Move resizing code to tor-browser.git
* Bug 20264: Change security slider to 3 options
* Bug 20347: Enhance security slider's custom mode
* Bug 20123: Disable remote jar on all security levels
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 17546: Add tooltips to explain our privacy checkboxes
* Bug 17904: Allow security settings dialog to resize
* Bug 18093: Remove 'Restore Defaults' button
* Bug 20373: Prevent redundant dialogs opening
* Bug 20318: Remove helpdesk link from about:tor
* Bug 21243: Add links for pt, es, and fr Tor Browser manuals
* Bug 20753: Remove obsolete StartPage locale strings
* Bug 21131: Remove 2016 donation banner
* Bug 18980: Remove obsolete toolbar button code
* Bug 18238: Remove unused Torbutton code and strings
* Bug 20388+20399+20394: Code clean-up
* Translation updates
* Update Tor Launcher to 0.2.10.3
* Bug 19568: Set CurProcD for Thunderbird/Instantbird
* Bug 19432: Remove special handling for Instantbird/Thunderbird
* Translation updates
* Update HTTPS-Everywhere to 5.2.9
* Update NoScript to 2.9.5.3
* Bug 16622: Spoof timezone with Firefox patch
* Bug 17334: Spoof referrer when leaving a .onion domain
* Bug 19273: Write C++ patch for external app launch handling
* Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
* Bug 12523: Mark JIT pages as non-writable
* Bug 20123: Always block remote jar files
* Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
* Bug 19164: Remove support for SHA-1 HPKP pins
* Bug 19186: KeyboardEvents are only rounding to 100ms
* Bug 16998: Isolate preconnect requests to URL bar domain
* Bug 19478: Prevent millisecond resolution leaks in File API
* Bug 20471: Allow javascript: links from HTTPS first party pages
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
* Bug 20709: Fix wrong update URL in alpha bundles
* Bug 19481: Point the update URL to aus1.torproject.org
* Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
* Bug 20442: Backport fix for local path disclosure after drag and drop
* Bug 20160: Backport fix for broken MP3-playback
* Bug 20043: Isolate SharedWorker script requests to first party
* Bug 18923: Add script to run all Tor Browser regression tests
* Bug 20651: DuckDuckGo does not work with JavaScript disabled
* Bug 19336+19835: Enhance about:tbupdate page
* Bug 20399+15852: Code clean-up
* Windows
* Bug 20981: On Windows, check TZ for timezone first
* Bug 18175: Maximizing window and restarting leads to non-rounded window size
* Bug 13437: Rounded inner window accidentally grows to non-rounded size
* OS X
* Bug 20590: Badly resized window due to security slider notification bar on OS X
* Bug 20439: Make the build PIE on OSX
* Linux
* Bug 20691: Updater breaks if unix domain sockets are used
* Bug 15953: Weird resizing dance on Tor Browser startup
* Build system
* All platforms
* Bug 20927: Upgrade Go to 1.7.4
* Bug 20583: Make the downloads.json file reproducible
* Bug 20133: Don't apply OpenSSL patch anymore
* Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
* Bug 18291: Remove some uses of libfaketime
* Bug 18845: Make zip and tar helpers generate reproducible archives
* OS X
* Bug 20258: Make OS X Tor archive reproducible again
* Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
* Bug 19856: Make OS X builds reproducible (getting libfaketime back)
* Bug 19410: Fix incremental updates by taking signatures into account
* Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one
Tor Browser 6.5a6-hardened -- December 14 2016
* All Platforms
* Update Firefox to 45.6.0esr
* Tor to 0.2.9.7-rc
* Update Torbutton to 1.9.6.9
* Bug 16622: Timezone spoofing moved to tor-browser.git
* Bug 20701: Allow the directory listing stylesheet in the content policy
* Bug 20556: Use pt-BR strings from now on
* Bug 20614: Add links to Tor Browser User Manual
* Bug 20414: Fix non-rendering arrow on OS X
* Bug 20728: Fix bad preferences.xul dimensions
* Bug 20318: Remove helpdesk link from about:tor
* Bug 20753: Remove obsolete StartPage locale strings
* Bug 20947: Donation banner improvements
* Translation updates
* Update HTTPS-Everywhere to 5.2.8
* Bug 16622: Spoof timezone with Firefox patch
* Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
* Bug 20709: Fix wrong update URL in alpha bundles
* Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
* Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
* Bug 20837: Activate iat-mode for certain obfs4 bridges
* Bug 20838: Uncomment NX01 default obfs4 bridge
* Bug 20840: Rotate ports a third time for default obfs4 bridges
Tor Browser 6.5a6 -- December 14 2016
* All Platforms
* Update Firefox to 45.6.0esr
* Tor to 0.2.9.6-rc
* Update Torbutton to 1.9.6.8
* Bug 16622: Timezone spoofing moved to tor-browser.git
* Bug 20701: Allow the directory listing stylesheet in the content policy
* Bug 20556: Use pt-BR strings from now on
* Bug 20614: Add links to Tor Browser User Manual
* Bug 20414: Fix non-rendering arrow on OS X
* Bug 20728: Fix bad preferences.xul dimensions
* Bug 20318: Remove helpdesk link from about:tor
* Bug 20753: Remove obsolete StartPage locale strings
* Translation updates
* Update HTTPS-Everywhere to 5.2.8
* Bug 16622: Spoof timezone with Firefox patch
* Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
* Bug 20709: Fix wrong update URL in alpha bundles
* Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
* Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
* Bug 20837: Activate iat-mode for certain obfs4 bridges
* Bug 20838: Uncomment NX01 default obfs4 bridge
* Bug 20840: Rotate ports a third time for default obfs4 bridges
* Linux
* Bug 20352: Integrate sandboxed-tor-browser into our Gitian build
* Bug 20758: Make Linux sandbox build deterministic
* Bug 10281: Use jemalloc4 and abort on redzone corruption
* OS X
* Bug 20121: Create Seatbelt profile(s) for Tor Browser
Tor Browser 6.0.8 -- December 13 2016
* All Platforms
* Update Firefox to 45.6.0esr
* Tor to 0.2.8.11
* Update Torbutton to 1.9.5.13
* Bug 20947: Donation banner improvements
* Update HTTPS-Everywhere to 5.2.8
* Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
* Bug 20837: Activate iat-mode for certain obfs4 bridges
* Bug 20838: Uncomment NX01 default obfs4 bridge
* Bug 20840: Rotate ports a third time for default obfs4 bridges
Tor Browser 6.5a5-hardened -- December 1 2016
* All Platforms
* Update Firefox to 45.5.1esr
* Update NoScript to 2.9.5.2
* Linux
* Bug 20691: Updater breaks if unix domain sockets are used
Tor Browser 6.5a5 -- December 1 2016
* All Platforms
* Update Firefox to 45.5.1esr
* Update NoScript to 2.9.5.2
* Linux
* Bug 20691: Updater breaks if unix domain sockets are used
Tor Browser 6.0.7 -- November 30 2016
* All Platforms
* Update Firefox to 45.5.1esr
* Update NoScript to 2.9.5.2
Tor Browser 6.5a4-hardened -- November 16 2016
* All Platforms
* Update Firefox to 45.5.0esr
* Update Tor to 0.2.9.5-alpha
* Update OpenSSL to 1.0.2j
* Update Torbutton to 1.9.6.7
* Bug 20414: Add donation banner on about:tor for 2016 campaign
* Bug 20111: use Unix domain sockets for SOCKS port by default
* Bug 19459: Move resizing code to tor-browser.git
* Bug 20264: Change security slider to 3 options
* Bug 20347: Enhance security slider's custom mode
* Bug 20123: Disable remote jar on all security levels
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 17546: Add tooltips to explain our privacy checkboxes
* Bug 17904: Allow security settings dialog to resize
* Bug 18093: Remove 'Restore Defaults' button
* Bug 20373: Prevent redundant dialogs opening
* Bug 20388+20399+20394: Code clean-up
* Translation updates
* Update Tor Launcher to 0.2.11.1
* Bug 20111: use Unix domain sockets for SOCKS port by default
* Bug 20185: Avoid using Unix domain socket paths that are too long
* Bug 20429: Do not open progress window if tor doesn't get started
* Bug 19646: Wrong location for meek browser profile on OS X
* Translation updates
* Update HTTPS-Everywhere to 5.2.7
* Update meek to 0.25
* Bug 19646: Wrong location for meek browser profile on OS X
* Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
* Bug 20304: Support spaces and other special characters for SOCKS socket
* Bug 20490: Fix assertion failure due to fix for #20304
* Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
* Bug 20442: Backport fix for local path disclosure after drag and drop
* Bug 20160: Backport fix for broken MP3-playback
* Bug 20043: Isolate SharedWorker script requests to first party
* Bug 20123: Always block remote jar files
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 19838: Add dgoulet's bridge and add another one commented out
* Bug 19481: Point the update URL to aus1.torproject.org
* Bug 20296: Rotate ports again for default obfs4 bridges
* Bug 20651: DuckDuckGo does not work with JavaScript disabled
* Bug 20399+15852: Code clean-up
* Bug 15953: Weird resizing dance on Tor Browser startup
* Build system
* All platforms
* Bug 20023: Upgrade Go to 1.7.3
* Bug 20583: Make the downloads.json file reproducible
Tor Browser 6.5a4 -- November 16 2016
* All Platforms
* Update Firefox to 45.5.0esr
* Update Tor to 0.2.9.5-alpha
* Update OpenSSL to 1.0.2j
* Update Torbutton to 1.9.6.7
* Bug 20414: Add donation banner on about:tor for 2016 campaign
* Bug 20111: use Unix domain sockets for SOCKS port by default
* Bug 19459: Move resizing code to tor-browser.git
* Bug 20264: Change security slider to 3 options
* Bug 20347: Enhance security slider's custom mode
* Bug 20123: Disable remote jar on all security levels
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 17546: Add tooltips to explain our privacy checkboxes
* Bug 17904: Allow security settings dialog to resize
* Bug 18093: Remove 'Restore Defaults' button
* Bug 20373: Prevent redundant dialogs opening
* Bug 20388+20399+20394: Code clean-up
* Translation updates
* Update Tor Launcher to 0.2.10.2
* Bug 20111: use Unix domain sockets for SOCKS port by default
* Bug 20185: Avoid using Unix domain socket paths that are too long
* Bug 20429: Do not open progress window if tor doesn't get started
* Bug 19646: Wrong location for meek browser profile on OS X
* Translation updates
* Update HTTPS-Everywhere to 5.2.7
* Update meek to 0.25
* Bug 19646: Wrong location for meek browser profile on OS X
* Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
* Bug 20304: Support spaces and other special characters for SOCKS socket
* Bug 20490: Fix assertion failure due to fix for #20304
* Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
* Bug 20442: Backport fix for local path disclosure after drag and drop
* Bug 20160: Backport fix for broken MP3-playback
* Bug 20043: Isolate SharedWorker script requests to first party
* Bug 20123: Always block remote jar files
* Bug 20244: Move privacy checkboxes to about:preferences#privacy
* Bug 19838: Add dgoulet's bridge and add another one commented out
* Bug 19481: Point the update URL to aus1.torproject.org
* Bug 20296: Rotate ports again for default obfs4 bridges
* Bug 20651: DuckDuckGo does not work with JavaScript disabled
* Bug 20399+15852: Code clean-up
* Windows
* Bug 20342: Add tor-gencert.exe to expert bundle
* Bug 18175: Maximizing window and restarting leads to non-rounded window size
* Bug 13437: Rounded inner window accidentally grows to non-rounded size
* OS X
* Bug 20204: Windows don't drag on macOS Sierra anymore
* Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
* Bug 20590: Badly resized window due to security slider notification bar on OS X
* Bug 20439: Make the build PIE on OSX
* Linux
* Bug 15953: Weird resizing dance on Tor Browser startup
* Build system
* All platforms
* Bug 20023: Upgrade Go to 1.7.3
* Bug 20583: Make the downloads.json file reproducible
* OS X
* Bug 20258: Make OS X Tor archive reproducible again
* Bug 20184: Make OS X builds reproducible again
* Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one
Tor Browser 6.0.6 -- November 15
* All Platforms
* Update Firefox to 45.5.0esr
* Update Tor to 0.2.8.9
* Update OpenSSL to 1.0.1u
* Update Torbutton to 1.9.5.12
* Bug 20414: Add donation banner on about:tor for 2016 campaign
* Translation updates
* Update Tor Launcher to 0.2.9.4
* Bug 20429: Do not open progress window if tor doesn't get started
* Bug 19646: Wrong location for meek browser profile on OS X
* Update HTTPS-Everywhere to 5.2.7
* Update meek to 0.25
* Bug 19646: Wrong location for meek browser profile on OS X
* Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
* Bug 19838: Add dgoulet's bridge and add another one commented out
* Bug 20296: Rotate ports again for default obfs4 bridges
* Bug 19735: Switch default search engine to DuckDuckGo
* Bug 20118: Don't unpack HTTPS Everywhere anymore
* Windows
* Bug 20342: Add tor-gencert.exe to expert bundle
* OS X
* Bug 20204: Windows don't drag on macOS Sierra anymore
* Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
* Build system
* All platforms
* Bug 20023: Upgrade Go to 1.7.3
Tor Browser 6.5a3-hardened -- September 20 2016
* All Platforms
* Update Firefox to 45.4.0esr
* Update Tor to 0.2.9.2-alpha
* Update OpenSSL to 1.0.2h (bug 20095)
* Update Torbutton to 1.9.6.4
* Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
* Bug 17767: Make "JavaScript disabled" more visible in Security Slider
* Bug 19995: Clear site security settings during New Identity
* Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
* Bug 19837: Whitelist internal URLs that Firefox requires for media
* Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
* Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
* Bug 14271: Make Torbutton work with Unix Domain Socket option
* Translation updates
* Update Tor Launcher to 0.2.11
* Bug 14272: Make Tor Launcher work with Unix Domain Socket option
* Bug 19568: Set CurProcD for Thunderbird/Instantbird
* Bug 19432: Remove special handling for Instantbird/Thunderbird
* Translation updates
* Update HTTPS-Everywhere to 5.2.4
* Update NoScript to 2.9.0.14
* Bug 19851: Fix ASan error by upgrading GCC to 5.4.0
* Bug 17858: Fix creation of incremental MARs for hardened builds
* Bug 14273: Backport patches for Unix Domain Socket support
* Bug 19890: Disable installation of system addons
* Bug 17334: Spoof referrer when leaving a .onion domain
* Bug 20092: Rotate ports for default obfs4 bridges
* Bug 20040: Add update support for unpacked HTTPS Everywhere
* Bug 20118: Don't unpack HTTPS Everywhere anymore
* Bug 19336+19835: Enhance about:tbupdate page
* Build system
* All platforms
* Bug 20133: Don't apply OpenSSL patch anymore
* Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
Tor Browser 6.5a3 -- September 20 2016
* All Platforms
* Update Firefox to 45.4.0esr
* Update Tor to 0.2.9.2-alpha
* Update OpenSSL to 1.0.2h (bug 20095)
* Update Torbutton to 1.9.6.4
* Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
* Bug 17767: Make "JavaScript disabled" more visible in Security Slider
* Bug 19995: Clear site security settings during New Identity
* Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
* Bug 19837: Whitelist internal URLs that Firefox requires for media
* Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
* Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
* Bug 14271: Make Torbutton work with Unix Domain Socket option
* Translation updates
* Update Tor Launcher to 0.2.10.1
* Bug 14272: Make Tor Launcher work with Unix Domain Socket option
* Bug 19568: Set CurProcD for Thunderbird/Instantbird
* Bug 19432: Remove special handling for Instantbird/Thunderbird
* Translation updates
* Update HTTPS-Everywhere to 5.2.4
* Update NoScript to 2.9.0.14
* Bug 14273: Backport patches for Unix Domain Socket support
* Bug 19890: Disable installation of system addons
* Bug 17334: Spoof referrer when leaving a .onion domain
* Bug 20092: Rotate ports for default obfs4 bridges
* Bug 20040: Add update support for unpacked HTTPS Everywhere
* Bug 20118: Don't unpack HTTPS Everywhere anymore
* Bug 19336+19835: Enhance about:tbupdate page
* Android
* Bug 19706: Store browser data in the app home directory
* Build system
* All platforms
* Bug 20133: Don't apply OpenSSL patch anymore
* Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
* OS X
* Bug 19856: Make OS X builds reproducible again
* Bug 19410: Fix incremental updates by taking signatures into account
Tor Browser 6.0.5 -- September 16
* All Platforms
* Update Firefox to 45.4.0esr
* Update Tor to 0.2.8.7
* Update Torbutton to 1.9.5.7
* Bug 19995: Clear site security settings during New Identity
* Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
* Update HTTPS-Everywhere to 5.2.4
* Bug 20092: Rotate ports for default obfs4 bridges
* Bug 20040: Add update support for unpacked HTTPS Everywhere
* Windows
* Bug 19725: Remove old updater files left on disk after upgrade to 6.x
* Linux
* Bug 19725: Remove old updater files left on disk after upgrade to 6.x
* Android
* Bug 19706: Store browser data in the app home directory
* Build system
* All platforms
* Upgrade Go to 1.4.3
Tor Browser 6.0.4 -- August 16 2016
* All Platforms
* Update Tor to 0.2.8.6
* Update NoScript to 2.9.0.14
* Bug 19890: Disable installation of system addons
Tor Browser 6.5a2-hardened -- August 3 2016
* All Platforms
* Update Firefox to 45.3.0esr
* Update Tor to tor-0.2.8.5-rc
* Update Torbutton to 1.9.6.1
* Bug 19689: Use proper parent window for plugin prompt
* Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
* Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
* Bug 19273: Improve external app launch handling and associated warnings
* Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
* Update HTTPS-Everywhere to 5.2.1
* Update NoScript to 2.9.0.12
* Bug 17406: Include Selfrando into our hardened builds
* Bug 19417: Disable asmjs for now
* Bug 19715: Disable the meek-google pluggable transport option
* Bug 19714: Remove mercurius4 obfs4 bridge
* Bug 19585: Fix regression test for keyboard layout fingerprinting
* Bug 19515: Tor Browser is crashing in graphics code
* Bug 18513: Favicon requests can bypass New Identity
* Bug 19273: Write C++ patch for external app launch handling
* Bug 16998: Isolate preconnect requests to URL bar domain
* Bug 18923: Add script to run all Tor Browser regression tests
* Bug 19478: Prevent millisecond resolution leaks in File API
* Bug 19401: Fix broken PDF download button
* Bug 19411: Don't show update icon if a partial update failed
* Bug 19400: Back out GCC bug workaround to avoid asmjs crash
* Bug 19735: Switch default search engine to DuckDuckGo
* Bug 19276: Disable Xrender due to possible performance regressions
* Bug 19725: Remove old updater files left on disk after upgrade to 6.x
* Build System
* All Platforms
* Bug 19703: Upgrade Go to 1.6.3
Tor Browser 6.5a2 -- August 3 2016
* All Platforms
* Update Firefox to 45.3.0esr
* Update Tor to tor-0.2.8.5-rc
* Update Torbutton to 1.9.6.1
* Bug 19689: Use proper parent window for plugin prompt
* Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
* Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
* Bug 19273: Improve external app launch handling and associated warnings
* Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
* Update HTTPS-Everywhere to 5.2.1
* Update NoScript to 2.9.0.12
* Bug 19417: Disable asmjs for now
* Bug 19715: Disable the meek-google pluggable transport option
* Bug 19714: Remove mercurius4 obfs4 bridge
* Bug 19585: Fix regression test for keyboard layout fingerprinting
* Bug 19515: Tor Browser is crashing in graphics code
* Bug 18513: Favicon requests can bypass New Identity
* Bug 19273: Write C++ patch for external app launch handling
* Bug 16998: Isolate preconnect requests to URL bar domain
* Bug 18923: Add script to run all Tor Browser regression tests
* Bug 19478: Prevent millisecond resolution leaks in File API
* Bug 19401: Fix broken PDF download button
* Bug 19411: Don't show update icon if a partial update failed
* Bug 19400: Back out GCC bug workaround to avoid asmjs crash
* Bug 19735: Switch default search engine to DuckDuckGo
* Windows
* Bug 19348: Adapt to more than one build target on Windows (fixes updates)
* Bug 19725: Remove old updater files left on disk after upgrade to 6.x
* Linux
* Bug 19276: Disable Xrender due to possible performance regressions
* Bug 19725: Remove old updater files left on disk after upgrade to 6.x
* OS X
* Bug 19269: Icon doesn't appear in Applications folder or Dock
* Android
* Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
* Build System
* All Platforms
* Bug 19703: Upgrade Go to 1.6.3
Tor Browser 6.0.3 -- August 2 2016
* All Platforms
* Update Firefox to 45.3.0esr
* Update Torbutton to 1.9.5.6
* Bug 19417: Disable asmjs for now
* Bug 19689: Use proper parent window for plugin prompt
* Update HTTPS-Everywhere to 5.2.1
* Update NoScript to 2.9.0.12
* Bug 19417: Disable asmjs for now
* Bug 19715: Disable the meek-google pluggable transport option
* Bug 19714: Remove mercurius4 obfs4 bridge
* Bug 19585: Fix regression test for keyboard layout fingerprinting
* Bug 19515: Tor Browser is crashing in graphics code
* Bug 18513: Favicon requests can bypass New Identity
* OS X
* Bug 19269: Icon doesn't appear in Applications folder or Dock
* Android
* Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
Tor Browser 6.0.2 -- June 21 2016
* All Platforms
* Update Torbutton to 1.9.5.5
* Bug 19417: Clear asmjscache
* Bug 19401: Fix broken PDF download button
* Bug 19411: Don't show update icon if a partial update failed
* Bug 19400: Back out GCC bug workaround to avoid asmjs crash
* Windows
* Bug 19348: Adapt to more than one build target on Windows (fixes updates)
* Linux
* Bug 19276: Disable Xrender due to possible performance regressions
Tor Browser 6.5a1-hardened -- June 8 2016
* All Platforms
* Update Firefox to 45.2.0esr
* Update Tor to 0.2.8.3-alpha
* Update Torbutton to 1.9.6
* Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
* Bug 18905: Hide unusable items from help menu
* Bug 17599: Provide shortcuts for New Identity and New Circuit
* Bug 18980: Remove obsolete toolbar button code
* Bug 18238: Remove unused Torbutton code and strings
* Translation updates
* Code clean-up
* Update Tor Launcher to 0.2.8.5
* Bug 18947: Tor Browser is not starting on OS X if put into /Applications
* Update HTTPS-Everywhere to 5.1.9
* Update meek to 0.22 (tag 0.22-18371-3)
* Bug 19121: The update.xml hash should get checked during update
* Bug 12523: Mark JIT pages as non-writable
* Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
* Bug 19164: Remove support for SHA-1 HPKP pins
* Bug 19186: KeyboardEvents are only rounding to 100ms
* Bug 18884: Don't build the loop extension
* Bug 19187: Backport fix for crash related to popup menus
* Bug 19212: Fix crash related to network panel in developer tools
* Bug 18703: Fix circuit isolation issues on Page Info dialog
* bug 19115: Tor Browser should not fall back to Bing as its search engine
* Bug 18915+19065: Use our search plugins in localized builds
* Bug 19176: Zip our language packs deterministically
* Bug 18811: Fix first-party isolation for blobs URLs in Workers
* Bug 18950: Disable or audit Reader View
* Bug 18886: Remove Pocket
* Bug 18619: Tor Browser reports "InvalidStateError" in browser console
* Bug 18945: Disable monitoring the connected state of Tor Browser users
* Bug 18855: Don't show error after add-on directory clean-up
* Bug 18885: Disable the option of logging TLS/SSL key material
* Bug 18770: SVGs should not show up on Page Info dialog when disabled
* Bug 18958: Spoof screen.orientation values
* Bug 19047: Disable Heartbeat prompts
* Bug 18914: Use English-only label in <isindex/> tags
* Bug 18996: Investigate server logging in esr45-based Tor Browser
* Bug 17790: Add unit tests for keyboard fingerprinting defenses
* Bug 18995: Regression test to ensure CacheStorage is disabled
* Bug 18912: Add automated tests for updater cert pinning
* Bug 16728: Add test cases for favicon isolation
* Bug 18976: Remove some FTE bridges
* Linux
* Bug 19189: Backport for working around a linker (gold) bug
* Build System
* All PLatforms
* Bug 18333: Upgrade Go to 1.6.2
* Bug 18919: Remove unused keys and unused dependencies
* Bug 18291: Remove some uses of libfaketime
* Bug 18845: Make zip and tar helpers generate reproducible archives
Tor Browser 6.5a1 -- June 8 2016
* All Platforms
* Update Firefox to 45.2.0esr
* Update Tor to 0.2.8.3-alpha
* Update Torbutton to 1.9.6
* Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
* Bug 18905: Hide unusable items from help menu
* Bug 17599: Provide shortcuts for New Identity and New Circuit
* Bug 18980: Remove obsolete toolbar button code
* Bug 18238: Remove unused Torbutton code and strings
* Translation updates
* Code clean-up
* Update Tor Launcher to 0.2.9.3
* Bug 18947: Tor Browser is not starting on OS X if put into /Applications
* Update HTTPS-Everywhere to 5.1.9
* Update meek to 0.22 (tag 0.22-18371-3)
* Bug 18904: Mac OS: meek-http-helper profile not updated
* Bug 19121: The update.xml hash should get checked during update
* Bug 12523: Mark JIT pages as non-writable
* Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
* Bug 19164: Remove support for SHA-1 HPKP pins
* Bug 19186: KeyboardEvents are only rounding to 100ms
* Bug 18884: Don't build the loop extension
* Bug 19187: Backport fix for crash related to popup menus
* Bug 19212: Fix crash related to network panel in developer tools
* Bug 18703: Fix circuit isolation issues on Page Info dialog
* bug 19115: Tor Browser should not fall back to Bing as its search engine
* Bug 18915+19065: Use our search plugins in localized builds
* Bug 19176: Zip our language packs deterministically
* Bug 18811: Fix first-party isolation for blobs URLs in Workers
* Bug 18950: Disable or audit Reader View
* Bug 18886: Remove Pocket
* Bug 18619: Tor Browser reports "InvalidStateError" in browser console
* Bug 18945: Disable monitoring the connected state of Tor Browser users
* Bug 18855: Don't show error after add-on directory clean-up
* Bug 18885: Disable the option of logging TLS/SSL key material
* Bug 18770: SVGs should not show up on Page Info dialog when disabled
* Bug 18958: Spoof screen.orientation values
* Bug 19047: Disable Heartbeat prompts
* Bug 18914: Use English-only label in <isindex/> tags
* Bug 18996: Investigate server logging in esr45-based Tor Browser
* Bug 17790: Add unit tests for keyboard fingerprinting defenses
* Bug 18995: Regression test to ensure CacheStorage is disabled
* Bug 18912: Add automated tests for updater cert pinning
* Bug 16728: Add test cases for favicon isolation
* Bug 18976: Remove some FTE bridges
* OS X
* Bug 18951: HTTPS-E is missing after update
* Bug 18904: meek-http-helper profile not updated
* Bug 18928: Upgrade is not smooth (requires another restart)
* Linux
* Bug 19189: Backport for working around a linker (gold) bug
* Build System
* All PLatforms
* Bug 18333: Upgrade Go to 1.6.2
* Bug 18919: Remove unused keys and unused dependencies
* Bug 18291: Remove some uses of libfaketime
* Bug 18845: Make zip and tar helpers generate reproducible archives
Tor Browser 6.0.1 -- June 7 2016
* All Platforms
* Update Firefox to 45.2.0esr
* Bug 18884: Don't build the loop extension
* Bug 19187: Backport fix for crash related to popup menus
* Bug 19212: Fix crash related to network panel in developer tools
* Linux
* Bug 19189: Backport for working around a linker (gold) bug
Tor Browser 6.0 -- May 30 2016
* All Platforms
* Update Firefox to 45.1.1esr
* Update OpenSSL to 1.0.1t
* Update Torbutton to 1.9.5.4
* Bug 18466: Make Torbutton compatible with Firefox ESR 45
* Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
* Bug 18905: Hide unusable items from help menu
* Bug 16017: Allow users to more easily set a non-tor SSH proxy
* Bug 17599: Provide shortcuts for New Identity and New Circuit
* Translation updates
* Code clean-up
* Update Tor Launcher to 0.2.9.3
* Bug 13252: Do not store data in the application bundle
* Bug 18947: Tor Browser is not starting on OS X if put into /Applications
* Bug 11773: Setup wizard UI flow improvements
* Translation updates
* Update HTTPS-Everywhere to 5.1.9
* Update meek to 0.22 (tag 0.22-18371-3)
* Bug 18371: Symlinks are incompatible with Gatekeeper signing
* Bug 18904: Mac OS: meek-http-helper profile not updated
* Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
* Bug 18900: Fix broken updater on Linux
* Bug 19121: The update.xml hash should get checked during update
* Bug 18042: Disable SHA1 certificate support
* Bug 18821: Disable libmdns support for desktop and mobile
* Bug 18848: Disable additional welcome URL shown on first start
* Bug 14970: Exempt our extensions from signing requirement
* Bug 16328: Disable MediaDevices.enumerateDevices
* Bug 16673: Disable HTTP Alternative-Services
* Bug 17167: Disable Mozilla's tracking protection
* Bug 18603: Disable performance-based WebGL fingerprinting option
* Bug 18738: Disable Selfsupport and Unified Telemetry
* Bug 18799: Disable Network Tickler
* Bug 18800: Remove DNS lookup in lockfile code
* Bug 18801: Disable dom.push preferences
* Bug 18802: Remove the JS-based Flash VM (Shumway)
* Bug 18863: Disable MozTCPSocket explicitly
* Bug 15640: Place Canvas MediaStream behind site permission
* Bug 16326: Verify cache isolation for Request and Fetch APIs
* Bug 18741: Fix OCSP and favicon isolation for ESR 45
* Bug 16998: Disable <link rel="preconnect"> for now
* Bug 18898: Exempt the meek extension from the signing requirement as well
* Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
* Bug 18890: Test importScripts() for cache and network isolation
* Bug 18886: Hide pocket menu items when Pocket is disabled
* Bug 18703: Fix circuit isolation issues on Page Info dialog
* bug 19115: Tor Browser should not fall back to Bing as its search engine
* Bug 18915+19065: Use our search plugins in localized builds
* Bug 19176: Zip our language packs deterministically
* Bug 18811: Fix first-party isolation for blobs URLs in Workers
* Bug 18950: Disable or audit Reader View
* Bug 18886: Remove Pocket
* Bug 18619: Tor Browser reports "InvalidStateError" in browser console
* Bug 18945: Disable monitoring the connected state of Tor Browser users
* Bug 18855: Don't show error after add-on directory clean-up
* Bug 18885: Disable the option of logging TLS/SSL key material
* Bug 18770: SVGs should not show up on Page Info dialog when disabled
* Bug 18958: Spoof screen.orientation values
* Bug 19047: Disable Heartbeat prompts
* Bug 18914: Use English-only label in <isindex/> tags
* Bug 18996: Investigate server logging in esr45-based Tor Browser
* Bug 17790: Add unit tests for keyboard fingerprinting defenses
* Bug 18995: Regression test to ensure CacheStorage is disabled
* Bug 18912: Add automated tests for updater cert pinning
* Bug 16728: Add test cases for favicon isolation
* Bug 18976: Remove some FTE bridges
* Windows
* Bug 13419: Support ICU in Windows builds
* Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
* Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
* OS X
* Bug 6540: Support OS X Gatekeeper
* Bug 13252: Tor Browser should not store data in the application bundle
* Bug 18951: HTTPS-E is missing after update
* Bug 18904: meek-http-helper profile not updated
* Bug 18928: Upgrade is not smooth (requires another restart)
* Build System
* All Platforms
* Bug 18127: Add LXC support for building with Debian guest VMs
* Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
* Bug 18919: Remove unused keys and unused dependencies
* Windows
* Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
* Bug 18290: Bump mingw-w64 commit we use
* OS X
* Bug 18331: Update toolchain for Firefox 45 ESR
* Bug 18690: Switch to Debian Wheezy guest VMs
* Linux
* Bug 18699: Stripping fails due to obsolete Browser/components directory
* Bug 18698: Include libgconf2-dev for our Linux builds
* Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
Tor Browser 6.0a5-hardened -- April 28 2016
* All Platforms
* Update Firefox to 45.1.0esr
* Update Tor to 0.2.8.2-alpha
* Update Torbutton to 1.9.5.3
* Bug 18466: Make Torbutton compatible with Firefox ESR 45
* Translation updates
* Update Tor Launcher to 0.2.8.4
* Bug 13252: Do not store data in the application bundle
* Bug 10534: Don't advertise the help desk directly anymore
* Translation updates
* Update HTTPS-Everywhere to 5.1.6
* Update NoScript to 2.9.0.11
* Update meek to 0.22 (tag 0.22-18371-2)
* Bug 18371: Symlinks are incompatible with Gatekeeper signing
* Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
* Bug 18900: Fix broken updater on Linux
* Bug 18042: Disable SHA1 certificate support
* Bug 18821: Disable libmdns support for desktop and mobile
* Bug 18848: Disable additional welcome URL shown on first start
* Bug 14970: Exempt our extensions from signing requirement
* Bug 16328: Disable MediaDevices.enumerateDevices
* Bug 16673: Disable HTTP Alternative-Services
* Bug 17167: Disable Mozilla's tracking protection
* Bug 18603: Disable performance-based WebGL fingerprinting option
* Bug 18738: Disable Selfsupport and Unified Telemetry
* Bug 18799: Disable Network Tickler
* Bug 18800: Remove DNS lookup in lockfile code
* Bug 18801: Disable dom.push preferences
* Bug 18802: Remove the JS-based Flash VM (Shumway)
* Bug 18863: Disable MozTCPSocket explicitly
* Bug 15640: Place Canvas MediaStream behind site permission
* Bug 16326: Verify cache isolation for Request and Fetch APIs
* Bug 18741: Fix OCSP and favicon isolation for ESR 45
* Bug 16998: Disable <link rel="preconnect"> for now
* Bug 17506: Reenable building hardened Tor Browser with startup cache
* Bug 18898: Exempt the meek extension from the signing requirement as well
* Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
* Bug 18890: Test importScripts() for cache and network isolation
* Bug 18726: Add new default obfs4 bridge (GreenBelt)
* Build System
* Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
* Bug 18699: Stripping fails due to obsolete Browser/components directory
* Bug 18698: Include libgconf2-dev for our Linux builds
Tor Browser 6.0a5 -- April 28 2016
* All Platforms
* Update Firefox to 45.1.0esr
* Update Tor to 0.2.8.2-alpha
* Update Torbutton to 1.9.5.3
* Bug 18466: Make Torbutton compatible with Firefox ESR 45
* Translation updates
* Update Tor Launcher to 0.2.9.1
* Bug 13252: Do not store data in the application bundle
* Bug 10534: Don't advertise the help desk directly anymore
* Translation updates
* Update HTTPS-Everywhere to 5.1.6
* Update NoScript to 2.9.0.11
* Update meek to 0.22 (tag 0.22-18371-2)
* Bug 18371: Symlinks are incompatible with Gatekeeper signing
* Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
* Bug 18900: Fix broken updater on Linux
* Bug 18042: Disable SHA1 certificate support
* Bug 18821: Disable libmdns support for desktop and mobile
* Bug 18848: Disable additional welcome URL shown on first start
* Bug 14970: Exempt our extensions from signing requirement
* Bug 16328: Disable MediaDevices.enumerateDevices
* Bug 16673: Disable HTTP Alternative-Services
* Bug 17167: Disable Mozilla's tracking protection
* Bug 18603: Disable performance-based WebGL fingerprinting option
* Bug 18738: Disable Selfsupport and Unified Telemetry
* Bug 18799: Disable Network Tickler
* Bug 18800: Remove DNS lookup in lockfile code
* Bug 18801: Disable dom.push preferences
* Bug 18802: Remove the JS-based Flash VM (Shumway)
* Bug 18863: Disable MozTCPSocket explicitly
* Bug 15640: Place Canvas MediaStream behind site permission
* Bug 16326: Verify cache isolation for Request and Fetch APIs
* Bug 18741: Fix OCSP and favicon isolation for ESR 45
* Bug 16998: Disable <link rel="preconnect"> for now
* Bug 18898: Exempt the meek extension from the signing requirement as well
* Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
* Bug 18890: Test importScripts() for cache and network isolation
* Bug 18726: Add new default obfs4 bridge (GreenBelt)
* Windows
* Bug 13419: Support ICU in Windows builds
* Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
* Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
* OS X
* Bug 6540: Support OS X Gatekeeper
* Bug 13252: Tor Browser should not store data in the application bundle
* Build System
* All Platforms
* Bug 18127: Add LXC support for building with Debian guest VMs
* Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
* Windows
* Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
* Bug 18290: Bump mingw-w64 commit we use
* OS X
* Bug 18331: Update toolchain for Firefox 45 ESR
* Bug 18690: Switch to Debian Wheezy guest VMs
* Linux
* Bug 18699: Stripping fails due to obsolete Browser/components directory
* Bug 18698: Include libgconf2-dev for our Linux builds
Tor Browser 5.5.5 -- April 26 2016
* All Platforms
* Update Firefox to 38.8.0esr
* Update Tor Launcher to 0.2.7.9
* Bug 10534: Don't advertise the help desk directly anymore
* Translation updates
* Update HTTPS-Everywhere to 5.1.6
* Update NoScript to 2.9.0.11
* Bug 18726: Add new default obfs4 bridge (GreenBelt)
Tor Browser 6.0a4-hardened -- March 17 2016
* All Platforms
* Update Firefox to 38.7.1esr
* Update Torbutton to 1.9.5.2
* Bug 18557: Exempt Graphite from the Security Slider
* Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443
Tor Browser 6.0a4 -- March 17 2016
* All Platforms
* Update Firefox to 38.7.1esr
* Update Torbutton to 1.9.5.2
* Bug 18557: Exempt Graphite from the Security Slider
* Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443
Tor Browser 5.5.4 -- March 16 2016
* All Platforms
* Update Firefox to 38.7.1esr
* Update Torbutton to 1.9.4.5
* Bug 18557: Exempt Graphite from the Security Slider
* Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443
Tor Browser 6.0a3-hardened -- March 8 2016
* All Platforms
* Update Firefox to 38.7.0esr
* Update Tor to 0.2.8.1-alpha
* Update OpenSSL to 1.0.1s
* Update NoScript to 2.9.0.4
* Update HTTPS Everywhere to 5.1.4
* Update Torbutton to 1.9.5.1
* Bug 16990: Don't mishandle multiline commands
* Bug 18144: about:tor update arrow position is wrong
* Bug 16725: Allow resizing with non-default homepage
* Bug 16917: Allow users to more easily set a non-tor SSH proxy
* Translation updates
* Bug 18030: Isolate favicon requests on Page Info dialog
* Bug 18297: Use separate Noto JP,KR,SC,TC fonts
* Bug 18170: Make sure the homepage is shown after an update as well
* Bug 16728: Add test cases for favicon isolation
* Windows
* Bug 18292: Disable staged updates on Windows
Tor Browser 6.0a3 -- March 8 2016
* All Platforms
* Update Firefox to 38.7.0esr
* Update Tor to 0.2.8.1-alpha
* Update OpenSSL to 1.0.1s
* Update NoScript to 2.9.0.4
* Update HTTPS Everywhere to 5.1.4
* Update Torbutton to 1.9.5.1
* Bug 16990: Don't mishandle multiline commands
* Bug 18144: about:tor update arrow position is wrong
* Bug 16725: Allow resizing with non-default homepage
* Bug 16917: Allow users to more easily set a non-tor SSH proxy
* Translation updates
* Bug 18030: Isolate favicon requests on Page Info dialog
* Bug 18297: Use separate Noto JP,KR,SC,TC fonts
* Bug 18170: Make sure the homepage is shown after an update as well
* Bug 16728: Add test cases for favicon isolation
* Windows
* Bug 18292: Disable staged updates on Windows
Tor Browser 5.5.3 -- March 8 2016
* All Platforms
* Update Firefox to 38.7.0esr
* Update OpenSSL to 1.0.1s
* Update NoScript to 2.9.0.4
* Update HTTPS Everywhere to 5.1.4
* Update Torbutton to 1.9.4.4
* Bug 16990: Don't mishandle multiline commands
* Bug 18144: about:tor update arrow position is wrong
* Bug 16725: Allow resizing with non-default homepage
* Translation updates
* Bug 18030: Isolate favicon requests on Page Info dialog
* Bug 18297: Use separate Noto JP,KR,SC,TC fonts
* Bug 18170: Make sure the homepage is shown after an update as well
* Windows
* Bug 18292: Disable staged updates on Windows
Tor Browser 6.0a2-hardened -- February 15 2016
* All Platforms
* Update Firefox to 38.6.1esr
* Update NoScript to 2.9.0.3
* Bug 18168: Don't clear an iframe's window.name (fix of #16620)
* Bug 18137: Add two new obfs4 default bridges
* Windows
* Bug 18169: Whitelist zh-CN UI font
* OSX
* Bug 18172: Add Emoji support
* Linux
* Bug 18172: Add Emoji support
* Build System
* Linux
* Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
* Bug 18198: Building the hardened Tor Browser in a Debian Wheezy VM is broken
Tor Browser 6.0a2 -- February 15 2016
* All Platforms
* Update Firefox to 38.6.1esr
* Update NoScript to 2.9.0.3
* Bug 18168: Don't clear an iframe's window.name (fix of #16620)
* Bug 18137: Add two new obfs4 default bridges
* Windows
* Bug 18169: Whitelist zh-CN UI font
* OSX
* Bug 18172: Add Emoji support
* Linux
* Bug 18172: Add Emoji support
Tor Browser 5.5.2 -- February 12 2016
* All Platforms
* Update Firefox to 38.6.1esr
* Update NoScript to 2.9.0.3
Tor Browser 5.5.1 -- February 4 2016
* All Platforms
* Bug 18168: Don't clear an iframe's window.name (fix of #16620)
* Bug 18137: Add two new obfs4 default bridges
* Windows
* Bug 18169: Whitelist zh-CN UI font
* OS X
* Bug 18172: Add Emoji support
* Linux
* Bug 18172: Add Emoji support
Tor Browser 6.0a1-hardened -- January 27 2016
* All Platforms
* Update Firefox to 38.6.0esr
* Update NoScript to 2.9.0.2
* Update Torbutton to 1.9.5
* Bug 16990: Show circuit display for connections using multi-party channels
* Bug 18019: Avoid empty prompt shown after non-en-US update
* Bug 18004: Remove Tor fundraising donation banner
* Code cleanup
* Translation updates
* Update Tor Launcher to 0.2.8.3
* Bug 18113: Randomly permutate available default bridges of chosen type
* Bug 11773: Setup wizard UI flow improvements
* Translation updates
* Bug 17428: Remove Flashproxy
* Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
* Bug 18072: Change recommended pluggable transport type to obfs4
* Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
* Bug 16322: Use onion address for DuckDuckGo search engine
* Bug 17917: Changelog after update is empty if JS is disabled
* Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
Tor Browser 6.0a1 -- January 27 2016
* All Platforms
* Update Firefox to 38.6.0esr
* Update NoScript to 2.9.0.2
* Update Torbutton to 1.9.5
* Bug 16990: Show circuit display for connections using multi-party channels
* Bug 18019: Avoid empty prompt shown after non-en-US update
* Bug 18004: Remove Tor fundraising donation banner
* Code cleanup
* Translation updates
* Update Tor Launcher to 0.2.9
* Bug 18113: Randomly permutate available default bridges of chosen type
* Bug 11773: Setup wizard UI flow improvements
* Translation updates
* Bug 17428: Remove Flashproxy
* Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
* Bug 18072: Change recommended pluggable transport type to obfs4
* Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
* Bug 16322: Use onion address for DuckDuckGo search engine
* Bug 17917: Changelog after update is empty if JS is disabled
* Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
* Build System
* Linux
* Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
Tor Browser 5.5 -- January 26 2016
* All Platforms
* Update Firefox to 38.6.0esr
* Update libevent to 2.0.22-stable
* Update NoScript to 2.9.0.2
* Update Torbutton to 1.9.4.3
* Bug 16990: Show circuit display for connections using multi-party channels
* Bug 18019: Avoid empty prompt shown after non-en-US update
* Bug 18004: Remove Tor fundraising donation banner
* Bug 16940: After update, load local change notes
* Bug 17108: Polish about:tor appearance
* Bug 17568: Clean up tor-control-port.js
* Bug 16620: Move window.name handling into a Firefox patch
* Bug 17351: Code cleanup
* Translation updates
* Update Tor Launcher to 0.2.7.8
* Bug 18113: Randomly permutate available default bridges of chosen type
* Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
* Bug 10140: Add new Tor Browser locale (Japanese)
* Bug 17428: Remove Flashproxy
* Bug 13512: Load a static tab with change notes after an update
* Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
* Bug 15564: Isolate SharedWorkers by first-party domain
* Bug 16940: After update, load local change notes
* Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
* Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
* Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
* Bug 17369: Disable RC4 fallback
* Bug 17442: Remove custom updater certificate pinning
* Bug 16620: Move window.name handling into a Firefox patch
* Bug 17220: Support math symbols in font whitelist
* Bug 10599+17305: Include updater and build patches needed for hardened builds
* Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
* Bug 18072: Change recommended pluggable transport type to obfs4
* Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
* Bug 16322: Use onion address for DuckDuckGo search engine
* Bug 17917: Changelog after update is empty if JS is disabled
* Windows
* Bug 17250: Add localized font names to font whitelist
* Bug 16707: Allow more system fonts to get used on Windows
* Bug 13819: Ship expert bundles with console enabled
* Bug 17250: Fix broken Japanese fonts
* Bug 17870: Add intermediate certificate for authenticode signing
* OS X
* Bug 17122: Rename Japanese OS X bundle
* Bug 16707: Allow more system fonts to get used on OS X
* Bug 17661: Whitelist font .Helvetica Neue DeskInterface
* Linux
* Bug 16672: Don't use font whitelisting for Linux users
Tor Browser 5.5a6-hardened -- January 7 2016
* All Platforms
* Update NoScript to 2.9
* Update HTTPS Everywhere to 5.1.2
* Bug 17931: Tor Browser crashes in LogMessageToConsole()
* Bug 17875: Discourage editing of torrc-defaults
Tor Browser 5.5a6 -- January 7 2016
* All Platforms
* Update NoScript to 2.9
* Update HTTPS Everywhere to 5.1.2
* Bug 17931: Tor Browser crashes in LogMessageToConsole()
* Bug 17875: Discourage editing of torrc-defaults
* Bug 17870: Add intermediate certificate for authenticode signing
Tor Browser 5.0.7 -- January 7 2016
* All Platforms
* Update NoScript to 2.9
* Update HTTPS Everywhere to 5.1.2
* Bug 17931: Tor Browser crashes in LogMessageToConsole()
* Bug 17875: Discourage editing of torrc-defaults
Tor Browser 5.5a5-hardened -- December 18 2015
* All Platforms
* Update Firefox to 38.5.0esr
* Update Tor to 0.2.7.6
* Update OpenSSL to 1.0.1q
* Update NoScript to 2.7
* Update Torbutton to 1.9.4.2
* Bug 16940: After update, load local change notes
* Bug 16990: Avoid matching '250 ' to the end of node name
* Bug 17565: Tor fundraising campaign donation banner
* Bug 17770: Fix alignments on donation banner
* Bug 17792: Include donation banner in some non en-US Tor Browsers
* Bug 17108: Polish about:tor appearance
* Bug 17568: Clean up tor-control-port.js
* Translation updates
* Update Tor Launcher to 0.2.8.1
* Bug 17344: Enumerate available language packs for language prompt
* Code clean-up
* Translation updates
* Bug 12516: Compile Tor Browser with -fwrapv
* Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
* Bug 15564: Isolate SharedWorkers by first-party domain
* Bug 16940: After update, load local change notes
* Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
* Bug 17747: Add ndnop3 as new default obfs4 bridge
* Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
* Bug 17369: Disable RC4 fallback
* Bug 17442: Remove custom updater certificate pinning
* Bug 16863: Avoid confusing error when loop.enabled is false
* Bug 17502: Add a preference for hiding "Open with" on download dialog
* Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
* Bug 16441: Suppress "Reset Tor Browser" prompt
Tor Browser 5.5a5 -- December 18 2015
* All Platforms
* Update Firefox to 38.5.0esr
* Update Tor to 0.2.7.6
* Update OpenSSL to 1.0.1q
* Update NoScript to 2.7
* Update Torbutton to 1.9.4.2
* Bug 16940: After update, load local change notes
* Bug 16990: Avoid matching '250 ' to the end of node name
* Bug 17565: Tor fundraising campaign donation banner
* Bug 17770: Fix alignments on donation banner
* Bug 17792: Include donation banner in some non en-US Tor Browsers
* Bug 17108: Polish about:tor appearance
* Bug 17568: Clean up tor-control-port.js
* Translation updates
* Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
* Bug 15564: Isolate SharedWorkers by first-party domain
* Bug 16940: After update, load local change notes
* Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
* Bug 17747: Add ndnop3 as new default obfs4 bridge
* Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
* Bug 17369: Disable RC4 fallback
* Bug 17442: Remove custom updater certificate pinning
* Bug 16863: Avoid confusing error when loop.enabled is false
* Bug 17502: Add a preference for hiding "Open with" on download dialog
* Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
* Bug 16441: Suppress "Reset Tor Browser" prompt
* Windows
* Bug 13819: Ship expert bundles with console enabled
* Bug 17250: Fix broken Japanese fonts
* OS X
* Bug 17661: Whitelist font .Helvetica Neue DeskInterface
Tor Browser 5.0.6 -- December 18 2015
* All Platforms
* Bug 17877: Tor Browser 5.0.5 is using the wrong Mozilla build tag
Tor Browser 5.0.5 -- December 15 2015
* All Platforms
* Update Firefox to 38.5.0esr
* Update Tor to 0.2.7.6
* Update OpenSSL to 1.0.1q
* Update NoScript to 2.7
* Update HTTPS Everywhere to 5.1.1
* Update Torbutton to 1.9.3.7
* Bug 16990: Avoid matching '250 ' to the end of node name
* Bug 17565: Tor fundraising campaign donation banner
* Bug 17770: Fix alignments on donation banner
* Bug 17792: Include donation banner in some non en-US Tor Browsers
* Translation updates
* Bug 17207: Hide MIME types and plugins from websites
* Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
* Bug 16863: Avoid confusing error when loop.enabled is false
* Bug 17502: Add a preference for hiding "Open with" on download dialog
* Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
* Bug 16441: Suppress "Reset Tor Browser" prompt
* Bug 17747: Add ndnop3 as new default obfs4 bridge
Tor Browser 5.5a4 -- November 3 2015
* All Platforms
* Update Firefox to 38.4.0esr
* Update Tor to 0.2.7.4-rc
* Update NoScript to 2.6.9.39
* Update HTTPS-Everywhere to 5.1.1
* Update Torbutton to 1.9.4.1
* Bug 9623: Spoof Referer when leaving a .onion domain
* Bug 16620: Remove old window.name handling code
* Bug 17164: Don't show text-select cursor on circuit display
* Bug 17351: Remove unused code
* Translation updates
* Bug 17207: Hide MIME types and plugins from websites
* Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
* Bug 16620: Move window.name handling into a Firefox patch
* Bug 17220: Support math symbols in font whitelist
* Bug 10599+17305: Include updater and build patches needed for hardened builds
* Bug 17318: Remove dead ScrambleSuit bridge
* Bug 17428: Remove default Flashproxy bridges
* Bug 17473: Update meek-amazon fingerprint
* Windows
* Bug 17250: Add localized font names to font whitelist
* OS X
* Bug 17122: Rename Japanese OS X bundle
* Linux
* Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
Tor Browser 5.0.4 -- November 3 2015
* All Platforms
* Update Firefox to 38.4.0esr
* Update NoScript to 2.6.9.39
* Update Torbutton to 1.9.3.5
* Bug 9623: Spoof Referer when leaving a .onion domain
* Bug 16735: about:tor should accommodate different fonts/font sizes
* Bug 16937: Don't translate the homepage/spellchecker dictionary string
* Bug 17164: Don't show text-select cursor on circuit display
* Bug 17351: Remove unused code
* Translation updates
* Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
* Bug 17318: Remove dead ScrambleSuit bridge
* Bug 17473: Update meek-amazon fingerprint
* Bug 16983: Isolate favicon requests caused by the tab list dropdown
* Bug 17102: Don't crash while opening a second Tor Browser
* Windows:
* Bug 16906: Don't depend on Windows crypto DLLs
* Linux:
* Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
Tor Browser 5.5a3 -- September 22 2015
* All Platforms
* Update Firefox to 38.3.0esr
* Update libevent to 2.0.22-stable
* Update Torbutton to 1.9.4
* Bug 16937: Don't translate the homepage/spellchecker dictionary string
* Bug 16735: about:tor should accommodate different fonts/font sizes
* Bug 16887: Update intl.accept_languages value
* Bug 15493: Update circuit display on new circuit info
* Bug 16797: brandShorterName is missing from brand.properties
* Translation updates
* Bug 10140: Add new Tor Browser locale (Japanese)
* Bug 17102: Don't crash while opening a second Tor Browser
* Bug 16983: Isolate favicon requests caused by the tab list dropdown
* Bug 13512: Load a static tab with change notes after an update
* Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
* Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
* Bug 16837: Disable Firefox Hotfix updates
* Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
* Bug 16781: Allow saving pdf files in built-in pdf viewer
* Bug 16842: Restore Media tab on Page information dialog
* Bug 16727: Disable about:healthreport page
* Bug 16783: Normalize NoScript default whitelist
* Bug 16775: Fix preferences dialog with security slider set to "High"
* Bug 13579: Update download progress bar automatically
* Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
* Bug 17046: Event.timeStamp should not reveal startup time
* Bug 16872: Fix warnings when opening about:downloads
* Bug 17097: Fix intermittent crashes when using the print dialog
* Windows
* Bug 16906: Fix Mingw-w64 compilation/Don't depend on Windows crypto DLLs
* Bug 16707: Allow more system fonts to get used on Windows
* OS X
* Bug 16910: Update copyright year in OS X bundles
* Bug 16707: Allow more system fonts to get used on OS X
* Linux
* Bug 16672: Don't use font whitelisting for Linux users
Tor Browser 5.0.3 -- September 22 2015
* All Platforms
* Update Firefox to 38.3.0esr
* Update Torbutton to 1.9.3.4
* Bug 16887: Update intl.accept_languages value
* Bug 15493: Update circuit display on new circuit info
* Bug 16797: brandShorterName is missing from brand.properties
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
* Bug 16837: Disable Firefox Hotfix updates
* Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
* Bug 16781: Allow saving pdf files in built-in pdf viewer
* Bug 16842: Restore Media tab on Page information dialog
* Bug 16727: Disable about:healthreport page
* Bug 16783: Normalize NoScript default whitelist
* Bug 16775: Fix preferences dialog with security slider set to "High"
* Bug 13579: Update download progress bar automatically
* Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
* Bug 17046: Event.timeStamp should not reveal startup time
* Bug 16872: Fix warnings when opening about:downloads
* Bug 17097: Fix intermittent crashes when using the print dialog
* Windows
* Bug 16906: Fix Mingw-w64 compilation breakage
* OS X
* Bug 16910: Update copyright year in OS X bundles
Tor Browser 5.5a2 -- August 28 2015
* All Platforms:
* Update Firefox to 38.2.1esr
* Update NoScript to 2.6.9.36
* Bug 16771: Fix crash on some websites due to blob URIs
* Linux
* Bug 16860: Avoid duplicate desktop icons on Gnome and Unity
Tor Browser 5.0.2 -- August 27 2015
* All Platforms
* Update Firefox to 38.2.1esr
* Update NoScript to 2.6.9.36
* Linux
* Bug 16860: Avoid duplicate icons on Unity and Gnome
Tor Browser 5.0.1 -- August 18 2015
* All Platforms
* Bug 16771: Fix crash on some websites due to blob URIs
Tor Browser 5.5a1 -- August 11 2015
* All Platforms
* Update Firefox to 38.2.0esr
* Update NoScript to 2.6.9.34
* Update Torbutton to 1.9.3.3
* Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
* Bug 16730: Reset NoScript whitelist on upgrade
* Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
* Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
* Bug 14429: Make sure the automatic resizing is enabled
* Translation updates
* Update Tor Launcher to 0.2.7.7
* Translation updates
* Bug 16730: Prevent NoScript from updating the default whitelist
* Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
* Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
* Bug 16311: Fix navigation timing in ESR 38
* Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
* Bug 16672: Change font whitelists and configs for rendering issues (partial)
Tor Browser 5.0 -- August 11 2015
* All Platforms
* Update Firefox to 38.2.0esr
* Update OpenSSL to 1.0.1p
* Update HTTPS-Everywhere to 5.0.7
* Update NoScript to 2.6.9.34
* Update meek to 0.20
* Update Tor to 0.2.6.10 with patches:
* Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name checks.
* Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
* Bug 15482: Don't allow circuits to change while a site is in use
* Update Torbutton to 1.9.3.2
* Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
* Bug 16730: Reset NoScript whitelist on upgrade
* Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
* Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
* Bug 16268: Show Tor Browser logo on About page
* Bug 16639: Check for Updates menu item can cause update download failure
* Bug 15781: Remove the sessionstore filter
* Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
* Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
* Bug 16200: Update Cache API usage and prefs for FF38
* Bug 16357: Use Mozilla API to wipe permissions db
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Update Tor Launcher to 0.2.7.7
* Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
* Bug 15145: Visually distinguish "proxy" and "bridge" screens.
* Translation updates
* Bug 16730: Prevent NoScript from updating the default whitelist
* Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
* Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
* Bug 16884: Prefer IPv6 when supported by the current Tor exit
* Bug 16488: Remove "Sign in to Sync" from the browser menu
* Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
* Bug 15703: Isolate mediasource URIs and media streams to first party
* Bug 16429+16416: Isolate blob URIs to first party
* Bug 16632: Turn on the background updater and restart prompting
* Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
* Bug 16523: Fix in-browser JavaScript debugger
* Bug 16236: Windows updater: avoid writing to the registry
* Bug 16625: Fully disable network connection prediction
* Bug 16495: Fix SVG crash when security level is set to "High"
* Bug 13247: Fix meek profile error after bowser restarts
* Bug 16005: Relax WebGL minimal mode
* Bug 16300: Isolate Broadcast Channels to first party
* Bug 16439: Remove Roku screencasting code
* Bug 16285: Disabling EME bits
* Bug 16206: Enforce certificate pinning
* Bug 15910: Disable Gecko Media Plugins for now
* Bug 13670: Isolate OCSP requests by first party domain
* Bug 16448: Isolate favicon requests by first party
* Bug 7561: Disable FTP request caching
* Bug 6503: Fix single-word URL bar searching
* Bug 15526: ES6 page crashes Tor Browser
* Bug 16254: Disable GeoIP-based search results.
* Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
* Bug 13024: Disable DOM Resource Timing API
* Bug 16340: Disable User Timing API
* Bug 14952: Disable HTTP/2
* Bug 1517: Reduce precision of time for Javascript
* Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
* Bug 16311: Fix navigation timing in ESR 38
* Windows
* Bug 16014: Staged update fails if meek is enabled
* Bug 16269: repeated add-on compatibility check after update (meek enabled)
* Mac OS
* Use OSX 10.7 SDK
* Bug 16253: Tor Browser menu on OS X is broken with ESR 38
* Bug 15773: Enable ICU on OS X
* Build System
* Bug 16351: Upgrade our toolchain to use GCC 5.1
* Bug 15772 and child tickets: Update build system for Firefox 38
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
* Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
Tor Browser 5.0a4 -- August 3 2015
* All Platforms
* Update Tor to 0.2.7.2-alpha with patches:
* Bug 15482: Don't allow circuits to change while a site is in use
* Update OpenSSL to 1.0.1p
* Update HTTPS-Everywhere to 5.0.7
* Update NoScript to 2.6.9.31
* Update Torbutton to 1.9.3.1
* Bug 16268: Show Tor Browser logo on About page
* Bug 16639: Check for Updates menu item can cause update download failure
* Bug 15781: Remove the sessionstore filter
* Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
* Translation updates
* Bug 16884: Prefer IPv6 when supported by the current Tor exit
* Bug 16488: Remove "Sign in to Sync" from the browser menu
* Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
* Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
* Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
* Bug 15703: Isolate mediasource URIs and media streams to first party
* Bug 16429+16416: Isolate blob URIs to first party
* Bug 16632: Turn on the background updater and restart prompting
* Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
* Bug 16523: Fix in-browser JavaScript debugger
* Bug 16236: Windows updater: avoid writing to the registry
* Bug 16005: Restrict WebGL minimal mode a bit (fixup)
* Bug 16625: Fully disable network connection prediction
* Bug 16495: Fix SVG crash when security level is set to "High"
* Build System
* Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
Tor Browser 5.0a3 -- June 30 2015
* All Platforms
* Update Firefox to 38.1.0esr
* Update OpenSSL to 1.0.1o
* Update NoScript to 2.6.9.27
* Update meek to 0.20
* Tor patch backport
* Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
* Update Torbutton to 1.9.3.0
* Bug 16403: Set search parameters for Disconnect
* Bug 14429: Make sure the automatic resizing is disabled
* Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
* Bug 16200: Update Cache API usage and prefs for FF38
* Bug 16357: Use Mozilla API to wipe permissions db
* Translation updates
* Update Tor Launcher to 0.2.7.6
* Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
* Bug 15145: Visually distinguish "proxy" and "bridge" screens.
* Translation updates
* Bug 13247: Fix meek profile error after bowser restarts
* Bug 16397: Fix crash related to disabling SVG
* Bug 16403: Set search parameters for Disconnect
* Bug 16446: Update FTE bridge #1 fingerprint
* Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
* Bug 16005: Relax WebGL minimal mode
* Bug 16300: Isolate Broadcast Channels to first party
* Bug 16439: Remove Roku screencasting code
* Bug 16285: Disabling EME bits
* Bug 16206: Enforce certificate pinning
* Bug 15910: Disable GMPs for now
* Bug 13670: Isolate OCSP requests by first party domain
* Bug 16448: Isolate favicon requests by first party
* Bug 7561: Disable FTP request caching
* Bug 6503: Fix single-word URL bar searching
* Bug 15526: ES6 page crashes Tor Browser
* Bug 16254: Disable GeoIP-based search results.
* Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
* Bug 13024: Disable DOM Resource Timing API
* Bug 16340: Disable User Timing API
* Bug 14952: Disable HTTP/2
* Mac OS
* Use OSX 10.7 SDK
* Bug 16253: Tor Browser menu on OS X is broken with ESR 38
* Build System
* Bug 16351: Upgrade our toolchain to use GCC 5.1
* Bug 15772 and child tickets: Update build system for Firefox 38
Tor Browser 4.5.3 -- June 30 2015
* All Platforms
* Update Firefox to 31.8.0esr
* Update OpenSSL to 1.0.1o
* Update NoScript to 2.6.9.27
* Update Torbutton to 1.9.2.8
* Bug 16403: Set search parameters for Disconnect
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Bug 16397: Fix crash related to disabling SVG
* Bug 16403: Set search parameters for Disconnect
* Bug 16446: Update FTE bridge #1 fingerprint
* Tor patch backport
* Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
Tor Browser 5.0a2 -- June 15 2015
* All Platforms
* Update Tor to 0.2.7.1-alpha
* Update HTTPS-Everywhere to 5.0.5
* Update OpenSSL to 1.0.1n
* Update NoScript to 2.6.9.26
* Update meek to 0.19
* Update Torbutton to 1.9.2.7
* Bug 15984: Disabling Torbutton breaks the Add-ons Manager
* Bug 14429: Make sure the automatic resizing is enabled
* Translation updates
* Bug 16130: Defend against logjam attack
* Bug 15984: Disabling Torbutton breaks the Add-ons Manager
* Windows
* Bug 16014: Staged update fails if meek is enabled
* Bug 16269: repeated add-on compatibility check after update (meek enabled)
* Linux
* Bug 16026: Fix crash in GStreamer
* Bug 16083: Update comment in start-tor-browser
Tor Browser 4.5.2 -- June 15 2015
* All Platforms
* Update Tor to 0.2.6.9
* Update HTTPS-Everywhere to 5.0.5
* Update OpenSSL to 1.0.1n
* Update NoScript to 2.6.9.26
* Update Torbutton to 1.9.2.6
* Bug 15984: Disabling Torbutton breaks the Add-ons Manager
* Bug 14429: Make sure the automatic resizing is disabled
* Translation updates
* Bug 16130: Defend against logjam attack
* Bug 15984: Disabling Torbutton breaks the Add-ons Manager
* Linux
* Bug 16026: Fix crash in GStreamer
* Bug 16083: Update comment in start-tor-browser
Tor Browser 5.0a1 -- May 14 2015
* All Platforms
* Update Firefox to 31.7.0esr
* Update meek to 0.18
* Update Tor Launcher to 0.2.7.5
* Translation updates only
* Update Torbutton to 1.9.2.5
* Bug 15837: Show descriptions if unchecking custom mode
* Bug 15927: Force update of the NoScript UI when changing security level
* Bug 15915: Hide circuit display if it is disabled.
* Bug 14429: Improved automatic window resizing
* Translation updates
* Bug 15945: Disable NoScript's ClearClick protection for now
* Bug 15933: Isolate by base (top-level) domain name instead of FQDN
* Bug 15857: Fix file descriptor leak in updater that caused update failures
* Bug 15899: Fix errors with downloading and displaying PDFs
* Bug 15773: Enable ICU on OS X
* Bug 1517: Reduce precision of time for Javascript
* Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
* Bug 13875: Improve the spoofing of window.devicePixelRatio
* Windows
* Bug 15872: Fix meek pluggable transport startup issue with Windows 7
* Build System
* Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Tor Browser 4.5.1 -- May 12 2015
* All Platforms
* Update Firefox to 31.7.0esr
* Update meek to 0.18
* Update Tor Launcher to 0.2.7.5
* Translation updates only
* Update Torbutton to 1.9.2.3
* Bug 15837: Show descriptions if unchecking custom mode
* Bug 15927: Force update of the NoScript UI when changing security level
* Bug 15915: Hide circuit display if it is disabled.
* Translation updates
* Bug 15945: Disable NoScript's ClearClick protection for now
* Bug 15933: Isolate by base (top-level) domain name instead of FQDN
* Bug 15857: Fix file descriptor leak in updater that caused update failures
* Bug 15899: Fix errors with downloading and displaying PDFs
* Windows
* Bug 15872: Fix meek pluggable transport startup issue with Windows 7
* Build System
* Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
* Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Tor Browser 4.5 -- Apr 28 2015
* All Platforms
* Update Tor to 0.2.6.7 with additional patches:
* Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
* Update NoScript to 2.6.9.22
* Update HTTPS-Everywhere to 5.0.3
* Bug 15689: Resume building HTTPS-Everywhere from git tags
* Update meek to 0.17
* Update obfs4proxy to 0.0.5
* Update Tor Launcher to 0.2.7.4
* Bug 15704: Do not enable network if wizard is opened
* Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
* Bug 13576: Don't strip "bridge" from the middle of bridge lines
* Bug 15657: Display the host:port of any connection faiures in bootstrap
* Update Torbutton to 1.9.2.2
* Bug 15562: Bind SharedWorkers to thirdparty pref
* Bug 15533: Restore default security level when restoring defaults
* Bug 15510: Close Tor Circuit UI control port connections on New Identity
* Bug 15472: Make node text black in circuit status UI
* Bug 15502: Wipe blob URIs on New Identity
* Bug 15795: Some security slider prefs do not trigger custom checkbox
* Bug 14429: Disable automatic window resizing for now
* Bug 4100: Raise HTTP Keep-Alive back to 115 second default
* Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
* Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
* Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
* Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
* Bug 15794: Crash on some pages with SVG images if SVG is disabled
* Bug 15562: Disable Javascript SharedWorkers due to third party tracking
* Bug 15757: Disable Mozilla video statistics API extensions
* Bug 15758: Disable Device Sensor APIs
* Linux
* Bug 15747: Improve start-tor-browser argument handling
* Bug 15672: Provide desktop app registration+unregistration for Linux
* Windows
* Bug 15539: Make installer exe signatures reproducibly removable
* Bug 10761: Fix instances of shutdown crashes
Tor Browser 4.5a5 -- Mar 31 2015
* All Platforms
* Update Firefox to 31.6.0esr
* Update OpenSSL to 1.0.1m
* Update Tor to 0.2.6.6
* Update NoScript to 2.6.9.19
* Update HTTPS-Everywhere to 5.0
* Update meek to 0.16
* Update Tor Launcher to 0.2.7.3
* Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
* Update Torbutton to 1.9.1.0
* Bug 9387: "Security Slider 1.0"
* Include descriptions and tooltip hints for security levels
* Notify users that the security slider exists
* Flip slider so that "low" is on the bottom
* Make use of new SVG and MathML prefs
* Bug 13766: Set a 10 minute circuit lifespan for non-content requests
* Bug 15460: Ensure FTP urls use content-window circuit isolation
* Bug 13650: Clip initial window height to 1000px
* Bug 14429: Ensure windows can only be resized to 200x100px multiples
* Bug 15334: Display Cookie Protections menu if disk records are enabled
* Bug 14324: Show HS circuit in Tor circuit display
* Bug 15086: Handle RTL text in Tor circuit display
* Bug 15085: Fix about:tor RTL text alignment problems
* Bug 10216: Add a pref to disable the local tor control port test
* Bug 14937: Show meek and flashproxy bridges in tor circuit display
* Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
* Bug 13019: Change locale hiding pref to boolean
* Bug 7255: Warn users about maximizing windows
* Bug 14631: Improve profile access error msgs (strings).
* Pluggable Transport Dependency Updates:
* Bug 15448: Use golang 1.4.2 for meek and obs4proxy
* Bug 15265: Switch go.net repo to golang.org/x/net
* Bug 14937: Hard-code meek and flashproxy node fingerprints
* Bug 13019: Prevent Javascript from leaking system locale
* Bug 10280: Improved fix to prevent loading plugins into address space
* Bug 15406: Only include addons in incremental updates if they actually update
* Bug 15029: Don't prompt to include missing plugins
* Bug 12827: Create preference to disable SVG images (for security slider)
* Bug 13548: Create preference to disable MathML (for security slider)
* Bug 14631: Improve startup error messages for filesystem permissions issues
* Bug 15482: Don't allow circuits to change while a site is in use
* Linux
* Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
* Bug 12468: Only print/write log messages if launched with --debug
* Windows
* Bug 3861: Begin signing Tor Browser for Windows the Windows way
* Bug 15201: Disable 'runas Administrator' codepaths in updater
* Bug 14688: Create shortcuts to desktop and start menu by default (optional)
Tor Browser 4.0.6 -- Mar 31 2015
* All Platforms
* Update Firefox to 31.6.0esr
* Update meek to 0.16
* Update OpenSSL to 1.0.1m
Tor Browser 4.0.5 -- Mar 23 2015
* All Platforms
* Update Firefox to 31.5.3esr
* Update Tor to 0.2.5.11
* Update NoScript to 2.6.9.19
Tor Browser 4.5a4 -- Feb 24 2015
* All Platforms
* Update Firefox to 31.5.0esr
* Update Tor to 0.2.6.3-alpha
* Update OpenSSL to 1.0.1l
* Update NoScript to 2.6.9.15
* Update obfs4proxy to 0.0.4
* Use obfs4proxy for ScrambleSuit bridges
* Update Torbutton to 1.9.0.0
* Bug 13882: Fix display of bridges after bridge settings have been changed
* Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
* Bug 10280: Strings and pref for preventing plugin initialization.
* Bug 14866: Show correct circuit when more than one exists for a given domain
* Bug 9442: Add New Circuit button to Torbutton menu
* Bug 9906: Warn users before closing all windows and performing new identity.
* Bug 8400: Prompt for restart if disk records are enabled/disabled.
* Bug 14630: Hide Torbutton's proxy settings tab.
* Bug 14632: Disable Cookie Manager until we get it working.
* Bug 11175: Remove "About Torbutton" from onion menu.
* Bug 13900: Remove remaining SafeCache code in favor of C++ patch
* Bug 14490: Use Disconnect search in about:tor search box
* Bug 14392: Don't steal input focus in about:tor search box
* Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
* Bug 13406: Stop directing users to download-easy.html.en on update
* Bug 9387: Handle "custom" mode better in Security Slider
* Bug 12430: Bind jar: pref to Security Slider
* Bug 14448: Restore Torbutton menu operation on non-English localizations
* Translation updates
* Update Tor Launcher to 0.2.7.2
* Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
* Bug 14336: Fix navigation button display issues on some wizard panes
* Translation updates
* Bug 14203: Prevent meek from displaying an extra update notification
* Bug 14849: Remove new NoScript menu option to make permissions permanent
* Bug 14851: Set NoScript pref to disable permanent permissions
* Bug 14490: Make Disconnect the default omnibox search engine
* Bug 11236: Fix omnibox order for non-English builds
* Also remove Amazon, eBay and bing; add Youtube and Twitter
* Bug 10280: Don't load any plugins into the address space.
* Bug 14392: Make about:tor hide itself from the URL bar
* Bug 12430: Provide a preference to disable remote jar: urls
* Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
* Bug 5698: Fix branding in "About Torbrowser" window
* Windows:
* Bug 13169: Don't use /dev/random on Windows for SSP
* Linux:
* Bug 13717: Make sure we use the bash shell on Linux
Tor Browser 4.0.4 -- Feb 24 2015
* All Platforms
* Update Firefox to 31.5.0esr
* Update OpenSSL to 1.0.1l
* Update NoScript to 2.6.9.15
* Update HTTPS-Everywhere to 4.0.3
* Bug 14203: Prevent meek from displaying an extra update notification
* Bug 14849: Remove new NoScript menu option to make permissions permanent
* Bug 14851: Set NoScript pref to disable permanent permissions
Tor Browser 4.5a3 -- Jan 19 2015
* All Platforms
* Update Firefox to 31.4.0esr
* Update Tor to 0.2.6.2-alpha
* Update NoScript to 2.6.9.10
* Update HTTPS Everywhere to 5.0development.2
* Update meek to 0.15
* Update Torbutton to 1.8.1.3
* Bug 13998: Handle changes in NoScript 2.6.9.8+
* Bug 14100: Option to hide NetworkSettings menuitem
* Bug 13079: Option to skip control port verification
* Bug 13835: Option to change default Tor Browser homepage
* Bug 11449: Fix new identity error if NoScript is not enabled
* Bug 13881: Localize strings for tor circuit display
* Bug 9387: Incorporate user feedback
* Bug 13671: Fixup for circuit display if bridges are used
* Translation updates
* Update Tor Launcher to 0.2.7.1
* Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
* Translation updates
* Bug 13379: Sign our MAR files
* Bug 13788: Fix broken meek in 4.5-alpha series
* Bug 13439: No canvas prompt for content callers
Tor Browser 4.0.3 -- Jan 13 2015
* All Platforms
* Update Firefox to 31.4.0esr
* Update NoScript to 2.6.9.10
* Update meek to 0.15
* Update Tor Launcher to 0.2.7.0.2
* Translation updates only
Tor Browser 4.5-alpha-2 -- Dec 5 2014
* All Platforms
* Update Firefox to 31.3.0esr
* Update NoScript to 2.6.9.5
* Update HTTPS Everywhere to 5.0development.1
* Update Torbutton to 1.8.1.2
* Bug 13672: Make circuit display optional
* Bug 13671: Make bridges visible on circuit display
* Bug 9387: Incorporate user feedback
* Bug 13784: Remove third party authentication tokens
* Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in ESR 31.3.0)
Tor Browser 4.0.2 -- Dec 2 2014
* All Platforms
* Update Firefox to 31.3.0esr
* Update NoScript to 2.6.9.5
* Update HTTPS Everywhere to 4.0.2
* Update Torbutton to 1.7.0.2
* Bug 13019: Synchronize locale spoofing pref with our Firefox patch
* Bug 13746: Properly link Torbutton UI to thirdparty pref.
* Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode
* Bug 5926: Prevent JS engine locale leaks (by setting the C library locale)
* Bug 13504: Remove unreliable/unreachable non-public bridges
* Bug 13435: Remove our custom POODLE fix
* Windows
* Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
* Bug 13558: Fix crash on Windows XP during download folder changing
* Bug 13594: Fix update failure for Windows XP users
Tor Browser 4.5-alpha-1 -- Nov 14 2014
* All Platforms
* Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
* Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
* Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
* Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
* Bug 13301: Prevent extensions incompatibility error after upgrades
* Bug 13460: Fix MSVC compilation issue
* Bug 13504: Remove stale bridges from default bridge set
* Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode
* Update Tor to 0.2.6.1-alpha
* Update NoScript to 2.6.9.3
* Update Torbutton to 1.8.1.1
* Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
* Bug 13019: Synchronize locale spoofing pref with our Firefox patch
* Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
* Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
* Bug 13651: Prevent circuit-status related UI hang.
* Bug 13666: Various circuit status UI fixes
* Bugs 13742+13751: Remove cache isolation code in favor of direct C++ patch
* Bug 13746: Properly update third party isolation pref if disabled from UI
* Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
* Bug 12903: Include obfs4proxy pluggable transport
* Windows
* Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
* Bug 13558: Fix crash on Windows XP during download folder changing
* Bug 13091: Make app name "Tor Browser" instead of "Tor"
* Bug 13594: Fix update failure for Windows XP users
* Mac
* Bug 10138: Switch to 64bit builds for MacOS
Tor Browser 4.0.1 -- Oct 30 2014
* All Platforms
* Update Tor to 0.2.5.10
* Update NoScript to 2.6.9.3
* Bug 13301: Prevent extensions incompatibility error after upgrades
* Bug 13460: Fix MSVC compilation issue
* Windows
* Bug 13443: Disable DirectShow to prevent crashes on many sites
* Bug 13091: Make app name "Tor Browser" instead of "Tor"
Tor Browser 4.0 -- Oct 15 2014
* All Platforms
* Update Firefox to 31.2.0esr
* Update Torbutton to 1.7.0.1
* Bug 13378: Prevent addon reordering in toolbars on first-run.
* Bug 10751: Adapt Torbutton to ESR31's Australis UI.
* Bug 13138: ESR31-about:tor shows "Tor is not working"
* Bug 12947: Adapt session storage blocker to ESR 31.
* Bug 10716: Take care of drag/drop events in ESR 31.
* Bug 13366: Fix cert exemption dialog when disk storage is enabled.
* Update Tor Launcher to 0.2.7.0.1
* Translation updates only
* Udate fteproxy to 0.2.19
* Update NoScript to 2.6.9.1
* Bug 13416: Defend against new SSLv3 attack (poodle).
* Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
* Bug 13016: Hide CSS -moz-osx-font-smoothing values.
* Bug 13356: Meek and other symlinks missing after complete update.
* Bug 13025: Spoof screen orientation to landscape-primary.
* Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
* Bug 13318: Minimize number of buttons on the browser toolbar.
* Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
* Bug 13023: Disable the gamepad API.
* Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
* Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
* Bug 13186: Disable DOM Performance timers
* Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
Tor Browser 4.0-alpha-3 -- Sep 24 2014
* All Platforms
* Update Tor to 0.2.5.8-rc
* Update Firefox to 24.8.1esr
* Update meek to 0.11
* Update NoScript to 2.6.8.42
* Update Torbutton to 1.6.12.3
* Bug 13091: Use "Tor Browser" everywhere
* Bug 10804: Workaround fix for some cases of startup hang
* Bug 13091: Use "Tor Browser" everywhere
* Bug 13049: Browser update failure (self.update is undefined)
* Bug 13047: Updater should not send Kernel and GTK version
* Bug 12998: Prevent intermediate certs from being written to disk
* Bug 13245: Prevent non-english TBBs from upgrading to english version.
* Linux:
* Bug 9150: Make RPATH unavailable on Tor binary.
* Bug 13031: Add full RELRO protection.
Tor Browser Bundle 3.6.6 -- Sep 24 2014
* All Platforms
* Update Tor to tor-0.2.4.24
* Update Firefox to 24.8.1esr
* Update NoScript to 2.6.8.42
* Update HTTPS Everywhere to 4.0.1
* Bug 12998: Prevent intermediate certs from being written to disk
* Update Torbutton to 1.6.12.3
* Bug 13091: Use "Tor Browser" everywhere
* Bug 10804: Workaround fix for some cases of startup hang
* Linux
* Bug 9150: Make RPATH unavailable on Tor binary.
Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014
* All Platforms
* Update Firefox to 24.8.0esr
* Update NoScript to 2.6.8.39
* Update Tor Launcher to 0.2.7.0
* Bug 11405: Remove firewall prompt from wizard.
* Bug 12895: Mention @riseup.net as a valid bridge request email address
* Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
* Bug 11199: Improve error messages if Tor exits unexpectedly
* Update Torbutton to 1.6.12.1
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 4234: Automatic Update support (off by default)
* Bug 9881: Open popups in new tabs by default
* Meek Pluggable Transport:
* Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
* Windows:
* Bug 10065: Enable DEP, ASLR, and SSP hardening options
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 3.6.5 -- Sep 2 2014
* All Platforms
* Update Firefox to 24.8.0esr
* Update NoScript to 2.6.8.39
* Update HTTPS Everywhere to 4.0.0
* Update Torbutton to 1.6.12.1
* Bug 12684: New strings for canvas image extraction message
* Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
* Bug 9531: Workaround to avoid rare hangs during New Identity
* Bug 12684: Improve Canvas image extraction permissions prompt
* Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
* Bug 12974: Disable NTLM and Negotiate HTTP Auth
* Bug 2874: Remove Components.* from content access (regression)
* Bug 9881: Open popups in new tabs by default
* Linux:
* Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 4.0-alpha-1 -- Aug 8 2014
* All Platforms
* Ticket 10935: Include the Meek Pluggable Transport (version 0.10)
* Two modes of Meek are provided: Meek over Google and Meek over Amazon
* Update Firefox to 24.7.0esr
* Update Tor to 0.2.5.6-alpha
* Update OpenSSL to 1.0.1i
* Update NoScript to 2.6.8.36
* Script permissions now apply based on URL bar
* Update HTTPS Everywhere to 5.0development.0
* Update Torbutton to 1.6.12.0
* Bug 12221: Remove obsolete Javascript components from the toggle era
* Bug 10819: Bind new third party isolation pref to Torbutton security UI
* Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
* Bug 12680: Change Torbutton URL in about dialog.
* Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
* Bug 9531: Workaround to avoid rare hangs during New Identity
* Update Tor Launcher to 0.2.6.2
* Bug 11199: Improve behavior if tor exits
* Bug 12451: Add option to hide TBB's logo
* Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
* Bug 11471: Ensure text fits the initial configuration dialog
* Bug 9516: Send Tor Launcher log messages to Browser Console
* Bug 11641: Reorganize bundle directory structure to mimic Firefox
* Bug 10819: Create a preference to enable/disable third party isolation
* Backported Tor Patches:
* Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.
* Linux:
* Bug 10178: Make it easier to set an alternate Tor control port and password
* Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
* Bug 12249: Don't create PT debug files anymore
Tor Browser Bundle 3.6.4 -- Aug 8 2014
* All Platforms
* Update Tor to 0.2.4.23
* Update Tor launcher to 0.2.5.6
* Bug 9516: Show Tor log in TorBrowser's Browser Console
* Update OpenSSL to 1.0.1i
* Backported Tor Patches:
* Bug 11654: Properly apply the fix for malformed bug11156 log message
* Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.
* Update NoScript to 2.6.8.36
* Update Torbutton to 1.6.11.1
* Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
* Bug 12680: Fix Torbutton about url.
Tor Browser Bundle 3.6.3 -- Jul 24 2014
* All Platforms
* Update Firefox to 24.7.0esr
* Update obfsproxy to 0.2.12
* Update FTE to 0.2.17
* Update NoScript to 2.6.8.33
* Update HTTPS Everywhere to 3.5.3
* Bug 12673: Update FTE bridges
* Update Torbutton to 1.6.11.0
* Bug 12221: Remove obsolete Javascript components from the toggle era
* Bug 10819: Bind new third party isolation pref to Torbutton security UI
* Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
* Linux:
* Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
* Bug 12249: Don't create PT debug files anymore
Tor Browser Bundle 3.6.2 -- Jun 9 2014
* All Platforms
* Update Firefox to 24.6.0esr
* Update OpenSSL to 1.0.1h
* Update NoScript to 2.6.8.28
* Update Tor to 0.2.4.22
* Update Tor Launcher to 0.2.5.5
* Bug 10425: Provide geoip6 file location to Tor process
* Bug 11754: Remove untranslated locales that were dropped from Transifex
* Bug 11772: Set Proxy Type menu correctly after restart
* Bug 11699: Change &amp;#160 to &#160; in UI elements
* Update Torbutton to 1.6.10.0
* Bug 11510: about:tor should not report success if tor proxy is unreachable
* Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
* Bug 11722: Add hidden pref to force remote Tor check
* Bug 11763: Fix pref dialog double-click race that caused settings to be reset
* Bug 11629: Support proxies with Pluggable Transports
* Updates FTEProxy to 0.2.15
* Updates obfsproxy to 0.2.9
* Backported Tor Patches:
* Bug 11654: Fix malformed log message in bug11156 patch.
* Bug 10425: Add in Tor's geoip6 files to the bundle distribution
* Bugs 11834 and 11835: Include Pluggable Transport documentation
* Bug 9701: Prevent ClipBoardCache from writing to disk.
* Bug 12146: Make the CONNECT Host header the same as the Request-URI.
* Bug 12212: Disable deprecated webaudio API
* Bug 11253: Turn on TLS 1.1 and 1.2.
* Bug 11817: Don't send startup time information to Mozilla.
Tor Browser Bundle 3.6.1 -- May 6 2014
* All Platforms
* Update HTTPS-Everywhere to 3.5.1
* Update NoScript to 2.6.8.22
* Bug 11658: Fix proxy configuration for non-Pluggable Transports users
* Backport Pending Tor Patches:
* Bug 8402: Allow Tor proxy configuration while PTs are present
* Note: The Pluggable Transports themselves have not been updated to
support proxy configuration yet.
Tor Browser Bundle 3.6 -- Apr 29 2014
* All Platforms
* Update Firefox to 24.5.0esr
* Update Tor Launcher to 0.2.5.4
* Bug #11482: Hide bridge settings prompt if no default bridges.
* Bug #11484: Show help button even if no default bridges.
* Update Torbutton to 1.6.9.0
* Bug 7439: Improve download warning dialog text.
* Bug 11384: Completely remove hidden toggle menu item.
* Update NoScript to 2.6.8.20
* Update fte transport to 0.2.13
* Backport Pending Tor Patches:
* Bug 11156: Additional obfsproxy startup error message fixes
* Bug 11586: Include license files for component software in Docs directory.
* Windows and Mac:
* Bug 9308: Prevent install path from leaking in some JS exceptions
on Mac and Windows builds
Tor Browser Bundle 3.6-beta-2 -- Apr 8 2014
* All Platforms
* Update OpenSSL to 1.0.1g
* Bug 9010: Add Turkish language support.
* Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
* Update fte transport to 0.2.12
* Update NoScript to 2.6.8.19
* Update Torbutton to 1.6.8.1
* Bug 11242: Fix improper "update needed" message after in-place upgrade.
* Bug 10398: Ease translation of about:tor page elements
* Update Tor Launcher to 0.2.5.3
* Bug 9665: Localize Tor's unreachable bridges bootstrap error
* Backport Pending Tor Patches:
* Bug 9665: Report a bootstrap error if all bridges are unreachable
* Bug 11200: Prevent spurious error message prior to enabling network.
* Linux:
* Bug 11190: Switch linux PT build process to python2
* Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
* Windows:
* Bug 11286: Fix fte transport launch error
Tor Browser Bundle 3.5.4 -- Apr 7 2014
* All Platforms
* Update OpenSSL to 1.0.1g
Tor Browser Bundle 3.5.3 -- Mar 19 2014
* All Platforms
* Update Firefox to 24.4.0esr
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Update NoScript to 2.6.8.17
* Update Tor to 0.2.4.21
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Linux:
* Bug 9353: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script
Tor Browser Bundle 3.6-beta-1 -- Mar 17 2014
* All Platforms
* Update Firefox to 24.4.0esr
* Include Pluggable Transports by default:
* Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
* Update Tor Launcher to 0.2.5.1
* Bug 10418: Provide UI configuration for Pluggable Transports
* Bug 10604: Allow Tor status & error messages to be translated
* Bug 10894: Make bridge UI clear that helpdesk is a last resort for
bridges
* Bug 10610: Clarify wizard UI text describing obstacles/blocking
* Bug 11074: Support Tails use case (XULRunner and optional
customizations)
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Update NoScript to 2.6.8.17
* Update Tor to 0.2.4.21
* Backport Pending Tor Patches:
* Bug 5018: Don't launch Pluggable Transport helpers if not in use
* Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
* Bug 11069: Detect and report Pluggable Transport bootstrap failures
* Bug 11156: Prevent spurious warning about missing pluggable transports
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Mac:
* Bug 4261: Use DMG instead of ZIP for Mac packages
* Linux:
* Bug 9353: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script
Tor Browser Bundle 3.5.2.1 -- Feb 14 2014
* All Platforms
* Bug 10895: Fix broken localized bundles
* Windows:
* Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist
Tor Browser Bundle 3.5.2 -- Feb 8 2014
* All Platforms
* Rebase Tor Browser to Firefox 24.3.0ESR
* Bug 10419: Block content window connections to localhost
* Update Torbutton to 1.6.6.0
* Bug 10800: Prevent findbox exception and popup in New Identity
* Bug 10640: Fix about:tor's update pointer position for RTL languages.
* Bug 10095: Fix some cases where resolution is not a multiple of 200x100
* Bug 10374: Clear site permissions on New Identity
* Bug 9738: Fix for auto-maximizing on browser start
* Bug 10682: Workaround to really disable updates for Torbutton
* Bug 10419: Don't allow connections to localhost if Torbutton is toggled
* Bug 10140: Move Japanese to extra locales (not part of TBB dist)
* Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
* Update Tor Launcher to 0.2.4.4
* Bug 10682: Workaround to really disable updates for Tor Launcher
* Update NoScript to 2.6.8.13
Tor Browser Bundle 3.5.1 -- Jan 22 2014
* All Platforms
* Bug 10447: Remove SocksListenAddress to allow multiple socks ports.
* Bug 10464: Remove addons.mozilla.org from NoScript whitelist
* Bug 10537: Build an Arabic version of TBB 3.5
* Update Torbutton to 1.6.5.5
* Bug 9486: Clear NoScript Temporary Permissions on New Identity
* Include Arabic translations
* Update Tor Launcher to 0.2.4.3
* Include Arabic translations
* Update Tor to 0.2.4.20
* Update OpenSSL to 1.0.1f
* Update NoScript to 2.6.8.12
* Update HTTPS-Everywhere to 3.4.5
* Windows
* Bug 9259: Enable Accessibility (screen reader) support
* Mac
* misc: Update bundle version field in Info.plist (for MacUpdates service)
Tor Browser Bundle 3.5 -- Dec 17 2013
* All Platforms
* Update Tor to 0.2.4.19
* Update Tor Launcher to 0.2.4.2
* Bug 10382: Fix a Tor Launcher hang on TBB exit
* Update Torbutton to 1.6.5.2
* Misc: Switch update download URL back to download-easy
Tor Browser Bundle 3.5rc1 -- Dec 12 2013
* All Platforms
* Update Firefox to 24.2.0esr
* Update NoScript to 2.6.8.7
* Update HTTPS-Everywhere to 3.4.4tbb (special TBB tag)
* Tag includes a patch to handle enabling/disabling Mixed Content Blocking
* Bug 5060: Disable health report service
* Bug 10367: Disable prompting about health report and Mozilla Sync
* Misc Prefs: Disable HTTPS-Everywhere first-run tooltips
* Misc Prefs: Disable layer acceleration to avoid crashes on Windows
* Misc Prefs: Disable Mixed Content Blocker pending backport of Mozilla Bug 878890
* Update Tor Launcher to 0.2.4.1
* Bug 10147: Adblock Plus interferes w/Tor Launcher dialog
* Bug 10201: FF ESR 24 hangs during exit on Mac OS
* Bug 9984: Support running Tor Launcher from InstantBird
* Misc: Support browser directory location API changes in Firefox 24
* Update Torbutton to 1.6.5.1
* Bug 10352: Clear FF24 Private Browsing Mode data during New Identity
* Bug 8167: Update cache isolation for FF24 API changes
* Bug 10201: FF ESR 24 hangs during exit on Mac OS
* Bug 10078: Properly clear crypto tokens during New Identity on FF24
* Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24
* Linux
* Bug 10213; Use LD_LIBRARY_PATH (fixes launch issues on old Linux distros)
Tor Browser Bundle 3.0rc1 -- Nov 21 2013
* All Platforms:
* Update Firefox to 17.0.11esr
* Update Tor to 0.2.4.18-rc
* Remove unsupported PDF.JS addon from the bundle
* Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshake.
* Update Torbutton to 1.6.4.1
* Bug #10002: Make the TBB3.0 blog tag our update download URL for now
* Windows
* Bug #10102: Patch binutils to remove nondeterministic bytes in compiled binaries
* Linux
* Bug #10049: Fix architecture check to work from outside TBB's directory
* Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
* Misc: Disable Firefox updater during compile time (in addition to pref)
Tor Browser Bundle 3.0beta1 -- Oct 31 2013
* All Platforms:
* Update Firefox to 17.0.10esr
* Update NoScript to 2.6.8.2
* Update HTTPS-Everywhere to 3.4.2
* Bug #9114: Reorganize the bundle directory structure to ease future
autoupdates
* Bug #9173: Patch Tor Browser to auto-detect profile directory if
launched without the wrapper script.
* Bug #9012: Hide Tor Browser infobar for missing plugins.
* Bug #8364: Change the default entry page for the addons tab to the
installed addons page.
* Bug #9867: Make flash objects really be click-to-play if flash is enabled.
* Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify
caller usage of the API
* Bug #3661: Remove polipo and privoxy from the banned ports list.
* misc: Fix a potential memory leak in the Image Cache isolation
* misc: Fix a potential crash if OS theme information is ever absent
* Update Tor-Launcher to 0.2.3.1-beta
* Bug #9114: Handle new directory structure
* misc: Tor Launcher now supports Thunderbird
* Update Torbutton to 1.6.4
* Bug #9224: Support multiple Tor socks ports for about:tor status check
* Bug #9587: Add TBB version number to about:tor
* Bug #9144: Workaround to handle missing translation properties
* Windows:
* Bug #9084: Fix startup crash on Windows XP.
* Linux:
* Bug #9487: Create detached debuginfo files for Linux Tor and Tor
Browser binaries.
Tor Browser Bundle 3.0alpha4 -- Sep 24 2013
* All Platforms:
* Bug #8751: Randomize TLS HELLO timestamp in HTTPS connections
* Bug #9790 (workaround): Temporarily re-enable JS-Ctypes for cache
isolation and SSL Observatory
* Update Firefox to 17.0.9esr
* Update Tor to 0.2.4.17-rc
* Update NoScript to 2.6.7.1
* Update Tor-Launcher to 0.2.2-alpha
* Bug #9675: Provide feedback mechanism for clock-skew and other early
startup issues
* Bug #9445: Allow user to enter bridges with or without 'bridge' keyword
* Bug #9593: Use UTF16 for Tor process launch to handle unicode paths.
* misc: Detect when Tor exits and display appropriate notification
* Update Torbutton to 1.6.2.1
* Bug 9492: Fix Torbutton logo on OSX and Windows (and related
initialization code)
* Bug 8839: Disable Google/Startpage search filters using Tor-specific urls
Tor Browser Bundle 3.0alpha3 -- Aug 01 2013
* All Platforms:
* Update Firefox to 17.0.8esr
* Update Tor to 0.2.4.15-rc
* Update HTTPS-Everywhere to 3.3.1
* Update NoScript to 2.6.6.9
* Improve build input fetching and authentication
* Bug #9283: Update NoScript prefs for usability.
* Bug #6152 (partial): Disable JSCtypes support at compile time
* Update Torbutton to 1.6.1
* Bug 8478: Change when window resize code fires to avoid rounding errors
* Bug 9331: Hack an update URL for the next TBB release
* Bug 9144: Change an aboutTor.dtd string so transifex will accept it
* Update Tor-Launcher to 0.2.1-alpha
* Bug #9128: Remove dependency on JSCtypes
* Windows
* Bug #9195: Disable download manager AV scanning (to prevent cloud
reporting+scanning of downloaded files)
* Mac:
* Bug #9173 (partial): Launch firefox-bin on MacOS instead of TorBrowser.app
(improves dock behavior).
Tor Browser Bundle 3.0alpha2 -- June 27 2013
* All Platforms:
* Update Firefox to 17.0.7esr
* Update Tor to 0.2.4.14-alpha
* Include Tor's GeoIP file
* This should fix custom torrc issues with country-based node
restrictions
* Fix several build determinism issues
* Include ChangeLog in bundles.
* Linux:
* Use Ubuntu's 'hardening-wrapper' to build our Linux binaries
* Windows:
* Fix many crash issues by disabling Direct2D support for now.
* Mac:
* Bug 8987: Disable TBB's 'Saved Application State' disk records on OSX 10.7+
Tor Browser Bundle 3.0alpha1 -- June 17 2013
* All Platforms:
* Remove Vidalia; Use the new Tor Launcher Firefox Addon instead
* Update Torbutton to 1.6.0
* bug 7494: Create a local home page for TBB as about:tor
* misc: Perform a control port test of proper Tor configuration by default.
Only use https://check.torproject.org if the control port is
unavailable.
* misc: Add an icon menu option for Tor Launcher's Network Settings
* misc: Add branding string overrides (primarily controls browser name and
homepage)
* Update HTTPS-Everywhere to 3.2.2
* Update NoScript to 2.6.6.6
* Update PDF.JS to 0.8.1
* Windows:
* Use MinGW-w64 (via Gitian) to cross-compile the bundles from Ubuntu
* Use TBB-Windows-Installer to guide Windows users through TBB extraction
* Temporarily disable WebGL and Accessibility support due to minor MinGW
issues
* Mac:
* Use 'Toolchain4' fork by Ray Donnelley to cross-compile the bundles from
Ubuntu