Bump version.

[torbutton/rransom.git] / src / CHANGELOG

1.3.0-alpha
  30 Sep 2010
  * new: Support for transparent proxies in settings
    (patch from Jacob Appelbaum and Kory Kirk)
  * new: tor:// and tors:// url support to auto-toggle into tor mode
    (patch from Kory Kirk)
  * new: Cookie manager to allow individual Cookie protection
    (patch from Kory Kirk)
  * new: Add referrer spoofing based on modified same origin policy
    (patch from Kory Kirk)
  * new: Add DuckDuckGo.com as a Google captcha redirect destination
    (patch from aiden tighe)
  * bugfix: bug 1911: Fix broken useragent locale string on debian
    (patch from lunar)
  * bugfix: Fix captcha detection for encrypted.google.com

1.2.5
  08 Apr 2010
  * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  * bugfix: bug 1321: Fix a session restore bug when closing the last window
  * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  * bugfix: bug 1337: Bind alert windows to correct browser window
  * bugfix: bug 1055: Make the error console the default log output location
  * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  * misc: Always tell a website our window size is rounded even if it's not
  * misc: Add some suggestions to warning about loading external content
  * new: Add option to always update Torbutton via Tor. On by default
  * new: Redirect Google queries elsewhere on captcha (default ixquick)
  * new: Strip identifying info off of Google searchbox queries

1.2.4
  16 Dec 2009
  * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  * bugfix: bug 1163: Fix history loss in FF3.6
  * bugfix: Fix a typo error during logging
  * bugfix: Properly handle session restore in FF3.6
  * misc: Kill a warning message about missing properties in window-mapper.js
  * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)

1.2.3
  02 Dec 2009
  * bugfix: bug 950: Preserve useragent and download settings across toggle
  * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  * bugfix: bug 1041: Preserve tab history in FF3.5
  * bugfix: bug 1047: Fix spurious user agent change notice
  * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  * bugfix: bug 1085: Fix test settings issues with dead privoxy
  * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  * bugfix: bug 1154: Clarify "Last Tor test failed" message
  * misc: Disable geolocation in FF3.5 during Tor mode
  * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  * misc: Disable offline app cache during Tor mode
  * misc: Disable specific site zoom settings during Tor mode
  * new: Transfer Google cookies between country-code domains. This should
    make it such that captchas only need to be solved once per Tor session,
    as opposed to for each country.

1.2.2
  09 Aug 2009
  * bugfix: Workaround Firefox Bug 440892 to prevent external apps from 
    being launched (and thus bypassing proxy settings) without user 
    confirmation. Independently reported by Greg Fleischer and optimist.
  * bugfix: Create a separate "No Proxy For" option and remove the 
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  * bugfix: bug 970: Purge undo tab list on Tor toggle.
  * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages. 
    Mac OS writes Firefox console messages to disk by default.
  * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy 
    strings to fail to display.
  * misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  * misc: Fix a couple of strict javascript warns on FF3.5
  * misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  * misc: Remove torbutton log system init message that may have scared some
    paranoids. 

1.2.1
  21 Mar 2009
  * bugfix: bug 773: Fixed Noscript conflict issue.
  * bugfix: bug 866: Fixed conflict with ZoTero
  * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
    Torbutton's spoofed user agent if Tor is enabled.
  * bugfix: bug 909: Get Torbutton to "properly" react to users changing 
    their Firefox cookie lifetime settings as opposed to using the Torbutton 
    interface.
  * bugfix: bug 834: Fix session saving and startup issues
  * bugfix: bug 875: Removed docShell == null popup during toggle for 
    some users
  * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  * bugfix: Stop-gap timezone spoofing fix for Linux and Mac 
    for FF3. Requires a one-line patch to Firefox for Windows to work.
  * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  * misc: bug 836: redesign startup preference window to make it more
    understandable
  * misc: Torbutton now presents itself as Windows FF3.0.7.
  * misc: Change RDF to allow Torbutton to run on FF3.1 betas.

1.2.0
  30 Jul 2008
  * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  * bugfix: bug 778: Preserve locale in spoofed version if user does not want
    locale spoofing.
  * bugfix: bug 780: Keep session cookies during Tor toggle.
  * bugfix: Potential fix for some PKCS#12 issues.
  * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  * misc: Translation updates.

1.2.0rc6:
  12 Jul 2008
  * bugfix: Fix bug causing Firefox history to get cleared in some situations
  * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  * bugfix: Fix some potential permission denied issues with cookie jars
  * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  * bugfix: Apply cookie lifetime settings to Tor settings on first install.
  * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
  * misc: Allow automatic updates in FF3 by default. They are secure now.
  * misc: Translation updates

1.2.0rc5
  06 Jul 2008
  * bugfix: bug 734: Fix exception with clearing history on toggle
  * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
  * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  * misc: translation updates for French, Farsi, and others
  * misc: demote "mapper check" log message to info
  * new: Option to not write cookie jars to disk submitted by arno

1.2.0rc4
  27 Jun 2008
  * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
    Bug 439384, but it's the best we can do. At least we won't destroy
    cookies anymore.
  * misc: Some strings were present twice in the en-US locale. Didn't seem
    to cause any problems, but probably should be fixed.

1.2.0rc3
  27 Jun 2008
  * bugfix: Lots of compatibility updates with other extensions. Issues
    with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  * bugfix: Fix bug with first window/tab after restart being partially 
    prevented from performing network activity and/or history access.
  * bugfix: Add an additional pref for blocking Non-Tor file url network
    activity. Off by default. This should fix issues with Sage addon in
    Non-Tor mode. 
  * bugfix: Be better about saving all sorts of Firefox prefs that we touch
    so that users' Non-Tor preferences are remembered.
  * bugfix: Fix potential issues with FF3 sessionstore by updating component,
    and performing version detection.
  * bugfix: Separate toggle into a 3 stage process to eliminate potential 
    race conditions and issues with javascript and other functionality 
    not working after Tor toggle.
  * new: Added 'Test Settings' button to Proxy Preferences that uses 
    check.torproject.org to verify Tor status.
  * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  * misc: Fix logging system to be more user-legible.

1.2.0rc2
  08 Jun 2008
  * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are 
    closed but app stays open
  * misc: Potential performance improvements when many windows+tabs are open
  * new: Add 'locked mode' pref to allow users to disable one-click toggling
  * new: Add prefs to start Firefox with a specific Tor state.

1.2.0rc1
  01 Jun 2008
  * general: FF3 should now be functional, but timezone masking is not
    operational
  * bugfix: Fix Places/history component hooking in FF3
  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
    if history writes are disabled.
  * bugfix: General component hooking fixes for FF3
  * bugfix: Block favicon leaking in FF3
  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
  * bugfix: Properly reset cookie lifetime policy when user changes cookie
    handling options.
  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  * bugfix: navigator.oscpu hooking was broken in 1.1.18
  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
    Not possible to cancel existing Livemarks timer (one fetch will still
    happen via Tor before disable). See Firefox Bug 436250
  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
    mimetypes just in case our custom full page blocking code fails

1.1.18
  17 Apr 2008
  * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
    unusable after recent updates by Google.
  * bugfix: Fix an exception in the content policy that may have prevented
    some AJAX page elements from loading.
  * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  * bugfix: Fix to make clear private data work again by fixing up history
    hooking (may also help FF3 compatibility).
  * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
    weirdness).
  * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
    preference
  * bugfix: Fix bug 638: eliminate cross-state history popup on session
    restore
  * bugfix: Only resize windows on document load. Hopefully this will make
    the resizing code less annoying, and drift less.
  * bugfix: Fix Object.prototype extensions involving the Date object 
    (observed on LiveJournal)
  * bugfix: Fix javascript debugger compatibility issues involving source
    window display and other functionality.
  * misc: Prevent blocked popups from opening blank, unusable windows
  * misc: Updated firefox version to 2.0.0.14
  * new: New translations for French, Russian, Farsi, Italian, and Spanish.

1.1.17
  15 Mar 2008
  * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox 
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling

1.1.15
  26 Feb 2008
  * bugfix: Fix hook unmasking of window.screen, window.history,
    and window.navigator discovered by Greg Fleischer. window.Date 
    unmasking is still unfixed. window.history unmasking represents
    potential IP disclosure due to Firefox Bug 409737.
  * bugfix: Fix view-source extension disclosure bug found by Greg 
    Fleischer.
  * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  * new: Attempt to prevent window sizes from drifting during resize.

1.1.14
  24 Feb 2008
  * bugfix: set general.useragent.locale if user wants to spoof an English
    browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the 
    browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled, 
    and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for 
    reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful 
    for general convenience and also as a backup protection against 
    Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
    prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.

1.1.13
  01 Feb 2008
  * bugfix: Implement workarounds to disable Javascript network access 
    for Firefox Bug 409737
  * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 
  * misc: Set network.protocol-handler.warn-external.* to warn on external 
    app handlers during Tor usage
  * misc: Disable browser.safebrowsing.enabled during Tor usage since it
    retrieves some information in plaintext.
  * misc: Disable browser.send_pings.
  * misc: Block Javascript back/forward manipulation if Tor is enabled
  * new: Option to clear HTTP auth on Tor toggle

1.1.12
  26 Nov 2007
  * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
    is the whole bug.
  * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
    window was closed (introduced in 1.1.11)
  * bugfix: Fix a favicon proxy-leak discussed in onionland

1.1.11
  16 Nov 2007
  * bugfix: Fix a scope issue with the JS hooks that caused problems with 
    some sites (gmail, others?)
  * misc: Performance enhancements for speeding up toggle
  * new: Prevent Tor cookies from being written to disk if the user wants
    them cleared.

1.1.10
  06 Nov 2007
  * bugfix: bug 522: Try harder to kill plugins before they do any network IO
    (discovered by goldy)
  * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
    location event.
  * misc: New logging system
  * new: Have user choose between starting in Tor or Non-Tor after crash.
    Leaving it to Firefox is non-deterministic and should not be an option.

1.1.9.1
  23 Oct 2007
  * bugfix: 1.1.9 killed all plugins. Bring them back to life.

1.1.9
  21 Oct 2007
  * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
  * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  * bugfix: bug 522: Block loading of direct clicks of plugin-handled content 
    (discovered by goldy).

1.1.8
  01 Oct 2007
  * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  * bugfix: bug 474: Decouple password+form saving from history writing
  * bugfix: bug 460: Rework handling of hooking based on global events+window
    lookup
  * bugfix: Hooking fixes for pages with nested frames/iframes
  * bugfix: Cookies are now properly synced before storing into a jar
  * misc: Tightened up the alerts a bit more for the javascript hooking
  * misc: Changed defaults to be less intrusive to non-tor usage
  * new: Added options to start in Tor and reload cookies after browser crash 
  * new: Added ability to have both tor and non-tor cookie jars

1.1.7
  20 Sep 2007
  * bugfix: bug 495: couple of memory leaks found and fixed by arno
  * bugfix: bug 497: uninstall exception found and fixed by arno
  * bugfix: bug 460: No more alerts should happen. But does that mean its
    fixed? Outlook uncertain...
  * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  * bugfix: if javascript is disabled, the hooking code no longer complains
  * misc: Update spoofed Firefox version to 2.0.0.6
  * new: "Restore Defaults" button added to the preferences window

1.1.6
  30 Jul 2007
  * bugfix: Fix an exception that may have messed up cookie/cache clearing
    if you allowed Tor to write history URLs (possibly kills bug #457)
  * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
    misses (possibly kills bug #460)
  * misc: Clean up annoying false positives with date hooking checks

1.1.5
  17 Jul 2007
  * bugfix: Reset shutdown option if user wants to manually manage cookies
  * misc: Add code to detect date hooking failures to zero in on Bug #460
  * new: Pref to disable "DOM Storage" during Tor usage

1.1.4 - Defcon CD Release
  6 Jul 2007
  * bugfix: Make plugin state tied to tab load state also
  * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  * new: Add options to spoof charset and language headers
  * new: Add option to disable referer header. This can break some sites.
         Seems to break digg in particular.
  * new: Copy English strings to all language DTDs so they are at least
         functional.

1.1.3 - Black Hat CD Release
  30 Jun 2007
  * bugfix: Fully disable session store if option is set. Otherwise it 
            can save Tor tabs and cause them to be reloaded during Tor usage!
  * new: Differentiate between crucial and recommended settings in preferences

1.1.2
  22 Jun 2007
  * bugfix: Make js hooking a bit more invisible
  * bugfix: Improve navigator.* hooking for user agent spoofing
  * new: Block session saving during tor usage
  * new: Add options to clear cookies during Tor/Non-Tor shutdowns

1.1.1
  20 Jun 2007
  * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
            who expect a fixed DOM structure.
  * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
         it to handle various Tor States+read/write differentiation.
  * new: Allow users to manually manage cookies
  * new: Mark tabs as having been fetched via Tor or in the clear
  * new: Add code to only enable javascript on tabs with the same Tor load 
         state as the current
  * new: options to clear the cache, block disk cache, or block all caching
  * new: Created options tabbox
  * new: Option to block updates if Tor was enabled
  * new: Add nsIContentPolicy to block CSS popups from pages with a different
         load state than current Tor State.
  * new: Added user agent spoofing code
  * new: Support FireFox 2.0 only
  * new: Disable "safe browsing" remote lookups
  * new: block session saving


1.1.0 - Security Development begins (Alpha branch)
  31 Mar 2007
  * new: Option to disable all plugins during Tor usage
  * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  * new: Options to clear history and cookies on Tor toggle
  * bugfix: Fix logging to use error console if logger extension not present

1.0.5
  18 Nov 2006
  * bugfix: fix the about box in firefox 1.0
  * bugfix: set the toolbar button to the correct state upon insertion into 
            the toolbar (ff >= 1.5 only)
  * bugfix: clarify the wording of the one-liner extension description
  * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
  * bugfix: remember previous "custom" proxy settings
  * misc: new icons
  * misc: keyboard shortcut re-assigned to ctrl-2
  * new: previous proxy settings are restored after exiting tor mode
  * new: if the torbutton proxy settings are changed while torbutton is 
         enabled, then the active proxy settings are updated to reflect it
  * new: added twelve locales

1.0.4
  01 Jun 2006
  * bugfix: without-privoxy settings were incorrect
  * bugfix: https settings did not take effect until firefox restart
  * bugfix: let firefox generate our about box, so it will include the version

1.0.3
  31 May 2006
  * bugfix: statusbar style would reset to text after firefox restart

1.0.2
  23 May 2006
  * bugfix: fixed problem with socks_remote_dns
  * new: mozilla thunderbird support
  * new: user may customize proxy settings for nonstandard configurations
  * new: option to not use privoxy in the standard configuration
  * new: slovenian translation
  * new: french translation
  * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  * new: context menu for toolbar button and statusbar panel
  * new: attractive tor icons
  * new: about dialog
  * new: option to display statusbar as an icon instead of text

1.0.1
  16 Mar 2006
  * bugfix: toolbar button tooltips now display the correct status
  * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
  * bugfix: allow user to change proxy exclusion list ("no proxy for")
  * new: use socks_remote_dns on firefox versions that have it
  * new: added update functionality through the extensions manager
  * new: added preference: display statusbar panel (yes/no)
  * new: added compatibility with firefox 1.0 and 0.9

1.0
  07 Mar 2006
  * initial release