/mozilla-https-everywhere-2.1/Changelog
#! | 471 lines | 419 code | 52 blank | 0 comment | 0 complexity | e7ff8841d5e2749eb353f8e1ec57143c MD5 | raw file
Possible License(s): GPL-2.0
- 2.1 (2012-06-18)
- * Fix context menu breakage when URIs lack a host
- * Fixes: CiteULike, MozillaMessaging, Yandex, Demonoid, Pirate Party,
- Gentoo, NYTimes, Microsoft, Wikipedia, Lenovo
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html
- https://trac.torproject.org/projects/tor/ticket/6091
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001190.html
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-May/001186.html
- https://mail1.eff.org/pipermail/https-everywhere/2012-May/001433.html
- * Disable broken: MarketWatch, Disqus, Magento, Lavasoft, Project Syndicate,
- Typepad/Say Media
- https://trac.torproject.org/projects/tor/ticket/5899
- https://trac.torproject.org/projects/tor/ticket/5496
- 2.0.5 (2012-05-16)
- * Rebuild 2.0.4 without a bug in the release scripts that prevented all the
- rulesets from being absent
-
- 2.0.4 (2012-05-16)
- * Fix for compatibility with some other Firefox extensions:
- https://trac.torproject.org/projects/tor/ticket/5682
- * Fixes: Wordpress stylesheets, USENIX, Mozilla, Opera, Indymedia
- https://trac.torproject.org/projects/tor/ticket/5905
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001105.html
- * Disable broken: Pandora, Miranda IM, Pastebin.ca, PaidContent
- https://trac.torproject.org/projects/tor/ticket/5804
- https://trac.torproject.org/projects/tor/ticket/5776
- 2.0.3 (2012-04-26)
- * Fix a downgrade attack that might allow attackers to deny HTTPS
- Everywhere protection for cookies on some domains.
- https://trac.torproject.org/projects/tor/ticket/5676
- * Minor redirection mechanism fixes
- * Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS
- * Improvements: Mozilla
- * Disable broken: ReadWriteWeb
- 2.0.2 (2012-04-19)
- * Fix a weird wrong DOM-origin bug that occurred while redirects were in
- progress (this might have security implications, although we are unsure
- if it was exploitable).
- https://trac.torproject.org/projects/tor/ticket/5477
- * By default, use https://google.co.cctld instead of
- encrypted.google.com
- * Add an optional ruleset to use https://www.google.com
- instead of encrypted.google.com, too
- * Ruleset fixes: Debian, Kohls, Malwarebytes, Yandex, Wikipedia, Mises.org,
- OpenDNS, Wizards of the Coast, Lenovo, Barnes and Noble
- https://trac.torproject.org/projects/tor/ticket/5509
- https://trac.torproject.org/projects/tor/ticket/5491
- https://trac.torproject.org/projects/tor/ticket/5303
- * Stumble across more horrible security holes in the Verizon website:
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
- * Disable the Gentoo ruleset on non-CAcert platforms
- * Disable buggy rulesets: IBM, Scribd, Wunderground :( :( :(
- https://trac.torproject.org/projects/tor/ticket/5344
- https://trac.torproject.org/projects/tor/ticket/5435
- https://trac.torproject.org/projects/tor/ticket/5630
-
-
- 2.0.1 (2012-02-27)
- * 2.0 is now Stable!
- * Fix tiny settings window on some versions of Windows:
- https://trac.torproject.org/projects/tor/ticket/5197
- * Fix drop down menu bug for the non-English versions of the UI
- * Added Farsi and Arabic translations
- * Disable Netflix, which was demonstrating a lot of breakage
- * Improvements: Wikipedia
- * Fixes: Google, Samba
- * Ship 4 new rulesets since 2.0development.6
- (404 new rulesets since 1.2.2!)
- * Check ruleset grammaticity with xmllint/RelaxNG
- chrome-2012.02.09
- * make <exclusion pattern> rulesets elements work in the Chrome version
- https://trac.torproject.org/projects/tor/ticket/5042
- (also disable the LinkedIn ruleset)
- * Support for Google Sorry
- * 6 new rulesets
- 2.0.0development.6 (2012-02-08)
- * Fix a nasty UI crash bug on Windows
- https://trac.torproject.org/projects/tor/ticket/5020
- * Ruleset fixes: Google Video, Yandex, LDS
- https://trac.torproject.org/projects/tor/ticket/5026
- https://trac.torproject.org/projects/tor/ticket/5042
- * Disable problematic LinkedIn ruleset
- * An experimental ruleset for the Google "Sorry" page
- * Improved Nederlands translation
- * Ship 6 new rulesets
- chrome-2012.02.06{,.01}
- * First "Official" EFF alpha Chrome release
- * Installable on Chrome|Chromium 18+
- * Two point versions, to test the autoupdating mechanism
- 2.0.0development.5 (2012-02-02)
- * Fix some data structure inefficiencies that should reduce RAM consumption
- by 25-75MB (!)
- https://trac.torproject.org/projects/tor/ticket/4804
- * Global enable / disable option
- https://trac.torproject.org/projects/tor/ticket/4060
- * Google Cache is back! :)
- * Ship 126 new rulesets
- * Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts, Yandex,
- Hidemyass, Mozilla, Pogo, Google, Google Images, Google Video,
- The Pirate Bay, AK Vorrat, JBoss
- * Improvements: EFF, Flickr, RedHat, Diaspora, PrivatePaste, KDE,
- Portugese Govt
- * Disable broken: NSF.gov, WHO.int, Economist
- * New experimental Yahoo! ruleset (off by default)
- * New translations: Spanish, Nederlands
- 2.0.0development.4 (2011-11-15)
- * The translations actually work
- * Add new translations: Chinese, Russian
- * Ship 37 new rulesets
- * Exclude Userscript paths as an insecure workaround for the Greasemonkey
- and Scriptish instances of this bug:
- https://trac.torproject.org/projects/tor/ticket/3190
- * Fixes: Java.com, Yandex, Wordpress, Wikipedia, Bahn.de, UNSW, Apache,
- DuckDuckGo, Google Images
- * Improvements: Debian, Tumblr, Apple, Facebook, VeriSign, Google Services,
- Flickr, Youtu.be
- * Disable broken: Target, OpenUniversity, TV.com, Radio Shack,
- Yahoo Mail :( :(,
- Google Cache coverage in Google Services :( :( :(
- 2.0.0development.3 (2011-10-19)
- * Selectively reenable nsIContentPolicy::shouldLoad()
- Fixes: https://trac.torproject.org/projects/tor/ticket/4194
- Fixes: https://trac.torproject.org/projects/tor/ticket/4149
- * Crazy experimental IOUtils hacks from NoScript
- https://bugzilla.mozilla.org/show_bug.cgi?id=677643#c75
- (Appears to fix
- https://mail1.eff.org/pipermail/https-everywhere/2011-October/001208.html,
- which is probably a general redirection bug)
- * Secure cookies set by JavaScript as well as those set by HTTP
- Fixes: https://trac.torproject.org/projects/tor/ticket/3766
- * Perform initialisation synchronously, reducing races during startup
- Fixes: https://trac.torproject.org/projects/tor/ticket/3533
- * Ship 9 new rulesets
- * Disable: MikeWest
- * Improvements: YouTube, Google Images
- 2.0.0development.2 (2011-10-05)
- * Enable YouTube by default
- (also closes https://trac.torproject.org/projects/tor/ticket/4032)
- * Merge nsIContentPolicy disablement from stable
- (closes https://trac.torproject.org/projects/tor/ticket/3882)
- * Context menu should work on error pages
- (https://trac.torproject.org/projects/tor/ticket/3815)
- * Fix the ASN setting button in the observatory prefs
- (https://trac.torproject.org/projects/tor/ticket/4170)
- * Make the Observatory much more efficient
- * Ship 46 new rulesets
- * Update for new Wikipedia HTTPS deployment
- * Ruleset Fixes and Enhancements: Yandex, Identica, SBB, Polldaddy, XKCD,
- Statcounter, Caltech, UCSD, FlickR, Android
- * Disable broken: LastPass, Avast, EPEAT, Bloglines
- * Improve the state of our translations-in progress
- * Fancy new Python build scripts
- 2.0.0development.1 (2011-09-15)
- * Begin alpha testing for the Decentralized SSL Observatory!
- (currently opt-in, with a popup prompt if you have Tor Button installed)
- * Ship 164 new rulesets
- * Enable Google Maps by default
- * Pending translations: Arabic, Dutch, German, Portugese, Latvian, Russian,
- Swedish
- * Fixes: OpenDNS, WordPress, Flickr
- * Expansions & Improvements: Google Services, Twitter, Gowalla, Apple, Bit.ly
- AdBlock Plus, KLM, Adobe, UCSD, Heroku, Wikipedia
- * Disable broken rulesets: Deviantart, Bandcamp, Securityfocus
- * Improved build scripts
- 1.2.2 (2012-01-09)
- * Google Cache is back!
- * Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts,
- Yandex
- * Improvements: EFF
- * Disable broken: NSF.gov, WHO.int
- 1.2.1 (2011-10-15)
- * Google Cache is broken, remove it from GoogleServices :( :( :(
- * Fix for the Google Image Search homepage
- * Exclude help.duckduckgo.com:
- https://trac.torproject.org/projects/tor/ticket/4399
- * Disable Yahoo! Mail:
- https://trac.torproject.org/projects/tor/ticket/4441
- * Installable on Firefox 10
- 1.2 (2011-10-14)
- * Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
- * Improvements: use fancy new HTTPS Wikipedia
- * Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
- 1.1 (2011-10-19)
- * Further tweaks to internals, will hopefully fix a number of weird issues:
- https://trac.torproject.org/projects/tor/ticket/4194
- https://trac.torproject.org/projects/tor/ticket/4149
- https://mail1.eff.org/pipermail/https-everywhere/2011-October/001208.html
- * YouTube is enabled by default!
- * Fixes: Yandex, Statcounter, Polldaddy, SBB.ch
- * Improvements: Facebook+
- * Disable broken: Bloglines, EPEAT
- 1.0.3 (2011-09-26)
- * Mozilla is about to release Firefox 7, the stable branch needs to be
- installable there!
- * Disabling nsIContentPolicy callbacks should fix this crash bug:
- https://trac.torproject.org/projects/tor/ticket/3882
- https://bugzilla.mozilla.org/show_bug.cgi?id=677643
- It /might/ cause us to fail to rewrite requests in obscure corner cases.
- We haven't found any in testing, but vigilance will be required.
- * Support for Google Maps
- * Fixes: WordPress, Lenovo, OpenDNS, Avast, Ripe.net, TV.com, 38.de
- * Disable broken: Seagate
- 1.0.2 (2011-09-20)
- * Major improvements to the Wikipedia ruleset
- * Disable broken/buggy rulesets: DeviantArt, eHow, About.me, Bandcamp,
- StudiVZ, Securityfocus, BankofAmerica :( :( :(
- * Small fixes: OpenDNS, WordPress, links in the "About" page
- * Declare incompatibility with Firefox 7 & 8 until Mozilla fixes this:
- https://bugzilla.mozilla.org/show_bug.cgi?id=677643
- 1.0.1 (2011-08-10)
- * Disable some rulesets with partial compatibility issues: Reddit,
- StumbleUpon, Heroku
- * Small Yandex fix
- * Fix/improvement for Google Instant outside the US
- 1.0.0 (2011-08-04)
- * Release 1.0 into the stable branch!
- * Improve toolbar UI for error pages somewhat (it still isn't perfect)
- * Bugfixes: Microsoft, Dropbox, Netflix, MySQL
- * Disable a couple of broken rules
- 1.0.0development.5: (2011-07-13)
- * Ship rulesets as a single "default.rulesets" file, shrinking the .xpi from
- ~370 kB to ~120kB and speeding Firefox startup:
- https://trac.torproject.org/projects/tor/ticket/3404
- * Fix an ephemeral bug where disabled-by-default rules would be briefly
- enabled when first installed
- * Wikipedia shows up in the toolbar/context menu
- * Fixes to netflix & netzpolitik
- * Toolbar/context menu can be opened with left or right click
- 1.0.0development.4: (2011-07-06)
- * Fix a bug with Google Translate
- * Unbreak the Netflix blog
- * Toolbar button now looks OK in Seamonkey
- * Declare compatibility with the next round of Firefox alphas
- 1.0.0development.3: (2011-07-04)
- * Do not show a bizarre popup when people click the HTTPS toolbar button on
- error pages
- * Fix a GoogleServices bug that broke logout from non-US google accounts :(
- 1.0.0development.2: (2011-07-01)
- * Fix bugs that arose when trying to move the toolbar menu icon:
- https://trac.torproject.org/projects/tor/ticket/3497
- * Handle usernames and passwords in URIs more explicitly
- https://trac.torproject.org/projects/tor/ticket/2199
- * By default, move context menu from toolbar to addons bar
- * Ship 22 new rulesets
- * Add support for Google Plus, Accounts and AdWdords
- * Improvements to Microsoft, Twitter and Gitorious
- 1.0.0development.1: (2011-06-27)
- * Add a context menu to let users toggle rulesets that are/might be
- applicable to the current page (we can now stabilise the dev branch!)
- * Ship 42 new rulesets
- * Support for Google Image Search (except the very first landing page :/)
- * Fixes: Netflix, Plone
- * Improvements: Google APIs, Google Services, Mediawiki
- * Disable broken rules: OKCupid, Surveymonkey
- * Declare compatibility with recent Seamonkey releases
- 0.9.9.development.6:
- * Optimistically declare compatibility with Firefoxes up to v 7.*
- * Ship 193 new rulesets
- * Fixes & Improvements: Wikipedia, AmazonAWS, Google Images, Microsoft,
- Mozilla, Netflix, Google User Content, Twitter, Gitorious, AdBlock Plus,
- Youtube, he.net, Bitcoin
- * Remove broken rules: Match.com
- 0.9.9.development.5:
- * Compatible with Firefox 4.0.1+
- * New ruleset management UI (thanks to katmagic and Stefan Tomanek)
- * Ship 136 new rulesets
- * Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious
- * Improvements: Bit.ly, Yahoo, Nokia
- * Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!)
-
- 0.9.9.development.4:
- * Ship 117 new rulesets
- * Fixes: MySQL, GroupOn, country-specific Google news sites,
- * Improvements: mail.com, WordPress
- * Leave WashingtonPost ruleset on in the hope that it gets fixed soon :/
- * Disable broken rules: HTC, I2P ...
- 0.9.9.development.3:
- * In the settings dialogue, offer "Reset defaults" instead of "Enable all"
- * Merge fixes from NoScript that avoid some torbutton bugs
- * Ship 56 new rulesets
- * Numerous tweaks + fixes, including NYTimes and AddThis
- 0.9.9.development.2:
- * Prevent the preferences window from swallowing the screen on OS X / Windows
- * Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS)
- * Attempt to do the same for for CAcert
- * Fixes to: Reddit, Drupal.org
- * Disable some problematic rulesets: Cisco, Opera
- * Enable: Reddit
- * Ship another 62 rulesets
- 0.9.9.development.1:
- * The efficient ruleset checking implementation should now hopefully be...
- efficient
- * Ship all the rulesets (!!!)
- * Except the ones that cause cert warnings, which are there but off by default
- * Build scripts attempt to validate rulesets before making a .xpi
- 0.9.7:
- * Support firefox 5 and 6 betas
- * Numerous improvements and fixes to Google and GoogleServices support
- * Fixes to AmazonAWS
- * Secure j.mp via bit.ly
- * Fix gentoo bugs
- 0.9.6:
- * Support firefox 4.0.1
- * Unbreak recaptcha
- * Disable google.com/jsapi (which was breaking some embedded maps, though
- that bug *might* have been fixed)
- 0.9.5:
- * WashingtonPost is broken and seems to be staying that way; disable it :(
- * Replace "Enable All" with "Reset Defaults"
- * Fixes & Improvements to WordPress + Mozilla
- 0.9.4:
- * Significant performance improvements
- * Disable Cisco by default
- * Fixes & improvements to: NYTimes, WashingtonPost, Cisco, WordPress
- * Support Google Code
- * Disable Google Custom Search Engines (they don't work)
- * Support global installation for OS distributions (thanks dm0)
- 0.9.3:
- * Significant performance improvements
- * Disable Cisco by default
- * Fixes & improvements to: NYTimes, WashingtonPost, Cisco, WordPress
- * Support Google Code
- * Disable Google Custom Search Engines (they don't work)
- * Support global installation for OS distributions (thanks dm0)
- 0.9.2:
- * Fix a bug in our redirection loop detection that was causing touble with
- some parts of NYTimes, Facebook, and other sites
- (closes: https://trac.torproject.org/projects/tor/ticket/2217)
- 0.9.1:
- * Unbreak the "all x news articles" links in Google News
- * Exclude nytimes.com/roomfordebate, since it's broken in https.
- 0.9.0:
- * This is our "Firesheep" release. It has numerous anti-firesheep
- improvements!
- * Split the stricter parts of the Facebook rule into a "Facebook+" rule.
- It's what's required to protect Facebook from Firesheep and similar cookie
- theft attacks, but it may break apps, because apps.facebook.com currently
- has the wrong cert.
- * Allow rulesets to specify that the secure flag should be set on some
- cookies even if the site operator failed to do so
- * Ship rules for:
- - Amazon S3 (AWS)
- - Github
- - Bit.ly
- - Dropbox
- - Evernote
- - Cisco
- * Extensive improvements (including secure cookies) in the Twitter and
- Facebook rules
- * Support for full Live / Hotmail encryption
- * Significant performance optimisation decreases CPU load
- Fixes:
- https://trac.torproject.org/projects/tor/ticket/1656
- https://trac.torproject.org/projects/tor/ticket/2194
- * Rearrange our Channel Replacement code!
- Fixes https://trac.torproject.org/projects/tor/ticket/1684
- https://bugzilla.mozilla.org/show_bug.cgi?id=548102
- Thanks to Giorgio Maone and Boris Zbarsky!
- * Add scrollbars if there are a lot of rules present in the Preferences
- dialog (may still be somewhat buggy...)
- * Optimise GoogleServices.xml and support Google code search
- * Patch for future compatiability with Request Policy:
- https://trac.torproject.org/projects/tor/ticket/1574
- * Support for the Firefox 4 API
- * The Amazon rule was causing a lot of glitches; it is now off by default
- * Control log verbosity with an about:config variable
- * Numerous minor rule improvements
- 0.2.2:
- * Fix a glitch in the Content Policy path that may or may not have been
- responsible for these bugs:
- https://trac.torproject.org/projects/tor/ticket/1700
- https://trac.torproject.org/projects/tor/ticket/1672
- https://trac.torproject.org/projects/tor/ticket/1673
- The patch breaks toolbar search suggestions. And who knows what else?
- * Don't send some country homepages to https://www.google.com/webhp?hl= ;
- use https://encrypted.google.com instead
- * Cleanup and refactor the URI replacement and rewriting code. Should
- hopefully fix https://trac.torproject.org/projects/tor/ticket/1649
- * Add a Google APIs rule
- * Remove some Extremely Nasty code that would delete malformed rulesets (!)
- (it was pasted from Torbutton's cookie handling logic...)
- * Add code.google.com to Google Services
- * The client=firefox* workaround is no longer necessary once we're sending
- non-US users to encrypted.google.com rather than www.google.com
- * Better coverage for GMX, Google services, Twitter
- * Scroogle homepage in HTTPS
- * Add rules for
- - Mail.com logins
- - Microsoft (limited coverage)
- * Fix a nasty Google/Wikipedia bug within 0.2.2.development.{1,2}
- 0.2.1:
- * Although google said https://www.google.com would continue to work, that
- wasn't absolutely true.
- * The new encyrpted.google.com seems to require queries to be #q=thing
- rather than search?q=thing, at least some of the time. So let's do that.
- 0.2.0:
- * Work around the fact that Google does not allow client=firefox* HTTPS
- searches from outside the US, by rewriting those URIs
- * Add rules for:
- - Amazon
- - GMX
- - Live.com (Hotmail logins)
- - Meebo
- - the Netherlands Government
- - Wordpress.com
- - Zoho
- * Remove the assumption that non-US searches would always start with an hl=
- language parameter
- * Handle searches to the google.com/firefox script better
- * Remove accidental duplicates of a couple of rules!
- * Bump maxVersion into the future so we're compatible with Firefox alphas
- * Fix more legacy eff.org bugs
- 0.1.2:
- * Apparently, we are not actually compatible with Firefox 2.0.0.x, so don't
- install with it!
- * Further generalisation of Wikimedia rules
- * Fix bugs in the handling of obscure parts of eff.org and torproject.org
- * A bug in a user rules file should produce an error, rather than causing all
- rules to fail to load
- 0.1.1:
- * Generalise the Wikipedia rules to other Wikimedia services
- * In preferences window, add a link to instructions for writing one's own
- rules