What's new in HTTPS Everywhere 2022.5.24
May 25, 2022
- Improved EASE mode prompt
- Add background tab on install or update to educate users on HTTPS only mode features in their browsers
- Updated dependencies
New in HTTPS Everywhere 2021.7.13 (Jul 14, 2021)
- Amend Incognito Key for Chrome and Firefox #20092
- Fix unexpected arithmetic operations on strings #20043
- Remove Top Alexa Labeller #20083
- Update deprecated log function #20101
- Patch Chrome Test Failure #20102
New in HTTPS Everywhere 2021.4.15 (Jul 14, 2021)
- Add DuckDuckGo Smarter Encryption update channel
- Bloom filter for rulesets
- Firefox Fenix option page updates for Android users
- Move to Python 3 from Python 3.6
- Fix undefined type access
- Fix empty default types
New in HTTPS Everywhere 2021.1.27 (Jan 31, 2021)
- EASE Mode UI Changes
- NPM Dependency updates
- Geckodriver pull update
- Chromedriver pull update
- Integrate CSS Grid for Options Page and EASE UI
- Put Options in new tab
New in HTTPS Everywhere 2020.11.17 (Nov 20, 2020)
- Copy URL in EASE interstitial
- Dependapot NPM updates
- CRX distribution scripts for transparency for Edge and Opera
- Port inclusion on allowlist for EASE
- UI change to reflect a global setting
New in HTTPS Everywhere 2020.8.13 (Aug 19, 2020)
- Fix port based whitelsiting issue #19291
- Update documentation
- Update dependencies (NPM and Chromedriver)
- Minor code fixes in JS
New in HTTPS Everywhere 2020.5.20 (Aug 17, 2020)
- This release for Firefox has no differences from 2020.5.19 version for Firefox users
New in HTTPS Everywhere 2020.5.19 (May 20, 2020)
- Patches rule creation, minor UX issues, and EASE mode errors.
- No major interface changes with this release.
New in HTTPS Everywhere 2020.3.16 (Mar 17, 2020)
- EASE HTTP Once CSS fix
- Allow users to whitelist hosts from the option page
- EASE mode fixes for locale issue
- Fetch Test Prep, TLS 1.2 update
- Fetch Test Prep, Updated check rules script
- Fix options page appearance on Firefox when dark mode is on
- Dark mode adjustments
New in HTTPS Everywhere 2019.11.7 (Nov 10, 2019)
- EASE HTTP Once Exception
- Add Private network IPs to exclusion for HTTPSE
- Revert icons back to previous state
- Optimizations to url handling and hsts prune
New in HTTPS Everywhere 2019.6.27 (Jul 1, 2019)
- Making stylistic changes for mobile friendliness in Fennec
- Inclusion and use of the lib-wasm submodule, lowering memory overhead
- Refactor secure cookie logic
- Code cleanup
- Bundled ruleset updates
New in HTTPS Everywhere 2019.6.4 (Jul 1, 2019)
- Fix bug where link HTML is replaced in cancel page, instead of text
- Bundled ruleset update
New in HTTPS Everywhere 2019.5.13 (May 14, 2019)
- UI nd functionality patches for stable rules
- Translations string fixes
- Minor npm updates for HSTS pruning
New in HTTPS Everywhere 2019.5.6.1 (May 8, 2019)
- UI tweaks for spacing and font sizes
- Fix reload bug
- Patch for offline release channel
New in HTTPS Everywhere 2019.5.2.1 (May 3, 2019)
- UI changes in extension menu (#17854)
- EASE interstitial UI tweaks (#17347)
- Remove support for wildcard in the middle (#12319)
- Update default timestamp for deterministic builds (#17623)
- Refactor and enhance trivialize-cookie-rules.js (#17438)
- Run HSTS-prune and fix impacted rulesets (#17338)
- Update HSTS preload max age (#17564)
- Fix DeprecationWarning in HTTPS Everywhere Checker (#17596 )
- Fix Chromium local store exception (#17557)
- Remove middle wildcard support in rules.js (#17715)
New in HTTPS Everywhere 2019.1.31 (Feb 1, 2019)
- Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
- EASE mode patches for interstitial page and reload to trigger for EASE mode
- ES Lint clean up
- Disable test for Chrome (will work in patch while disabled)
- Deprecate I.P.s in rulesets (Special case for DNS I.P.s)
New in HTTPS Everywhere 2019.1.7 (Jan 8, 2019)
- Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
- Amend check_rules.py fetch test to disable rules only if all rules are problematic, and comment rules out if other rules are functional in the set
- HSTS Prune and updates
- Bundled ruleset updates
New in HTTPS Everywhere 2018.10.31 (Jan 8, 2019)
- Add additional error code for 'Block all unencrypted requests' interstitial page.
- Fix race condition when adding update channel
- Add UX to remove user rules in options page
- Bundled ruleset updates
New in HTTPS Everywhere 2018.9.19 (Sep 20, 2018)
- Ensure the 'Block all unencrypted requests' interstitial page catches more HTTPS misconfigurations (#16418)
- Allow users to disable HTTPS Everywhere on specific sites. Add additional UX controls in the options page for this. (#10041)
- Adding 'scope' to update channels, which defines regex limiting the URLs an update channel is allowed to operate on (#16430)
- Bundled ruleset updates
New in HTTPS Everywhere 2018.8.22 (Aug 23, 2018)
- Adding a warning to pages which 'Block all unencrypted requests' is unable to upgrade
- Adding a UX that enables users to add, delete, and edit update channels
- Reduces memory overhead by optimizing exclusion regex
- Block insecure FTP connections when 'Block all unencrypted requests' is checked
- Bundled ruleset updates
New in HTTPS Everywhere 2018.6.21 (Jun 22, 2018)
- Fix: URLs with a hostname of '.' cause endless loop to be triggered
- Bundled ruleset updates
New in HTTPS Everywhere 2018.6.13 (Jun 14, 2018)
- Improve popup page performance and slightly reduce memory usage
- Measure and slightly improve memory usage for rulesets
- Fix CORS issues in Firefox. This bug was previously breaking embedded videos or css on many websites. Chrome browser was not affected by this bug
- Add "Reset to Defaults" option to reset the default ruleset states
- Add "Show Devtools tab" option to hide CDT tab
- Bundled ruleset updates
New in HTTPS Everywhere 2018.4.11 (May 1, 2018)
- Reduce out-of-band ruleset update TTL from 48 to 24 hours
- Bundled ruleset updates
New in HTTPS Everywhere 2018.4.3 (May 1, 2018)
- Applies the out-of-band ruleset updates, sourced from https://www.https-rulesets.org/. Clients perform a periodic check for new rulesets to download, which are verified with the Web Crypto API using a pinned key, then applied.
- Ruleset updates
New in HTTPS Everywhere 2018.3.13 (May 1, 2018)
- The unused `cacert` platform was removed from rulesets for simplicity
- Organizing the add-on files into a clean directory structure
- Ruleset updates
New in HTTPS Everywhere 2018.2.26 (Feb 27, 2018)
- Many/most mixed content blocking issues are solved when enabling the "Block all unencrypted requests" option thanks to the injection of the upgrade-insecure-requests header. This means this option can be more easily used for daily browsing with less site breakage.
- Rulesets are alphabetically sorted in HTTPS Everywhere popup, with the first-party site (if covered) at the top.
- Fixes an obscure Android bug where rulesets don't appear in popup for the first window that is opened after restart.
- Many ruleset bugs have been solved (some dating 3 years back!)
New in HTTPS Everywhere 2018.1.29 (Jan 30, 2018)
New in HTTPS Everywhere 2018.1.11 (Jan 12, 2018)
New in HTTPS Everywhere 2017.12.6 (Dec 7, 2017)
- Remove unnecessary files from release
- Ruleset updates
New in HTTPS Everywhere 2017.11.21 (Nov 24, 2017)
New in HTTPS Everywhere 2017.10.30 (Oct 31, 2017)
- Introduce migrations, migrate settings from localStorage to storage api
- Firefox: full WebExtensions version
New in HTTPS Everywhere 2017.10.24 (Oct 25, 2017)
- Significant code refactor
- Fixes for Fennec
- Ruleset updates
New in HTTPS Everywhere 2017.10.4 (Oct 5, 2017)
- Markup and small UI changes
- Modularize JS, clean up control flow
- Ruleset updates
New in HTTPS Everywhere 2017.9.12 (Sep 17, 2017)
- Decrease memory footprint by using JSON in default.rulesets
- Markup changes
- Ruleset updates
New in HTTPS Everywhere 5.2.21 (Jul 19, 2017)
New in HTTPS Everywhere 5.2.20 (Jul 6, 2017)
New in HTTPS Everywhere 5.2.19 (Jun 23, 2017)
- Chrome: Allow advanced users to enable rulesets which cause MCB
- Chrome: Fix - removal of custom rulesets should persist
- Ruleset updates
New in HTTPS Everywhere 5.2.18 (Jun 6, 2017)
- FF: Suppress request to check.torproject.org if SSL Observatory is disabled
- Chrome: Adding "View All Rules" link to Atlas
- Chrome: Allow removal of user-added, custom rulesets
- Ruleset updates
New in HTTPS Everywhere 5.2.17 (May 23, 2017)
New in HTTPS Everywhere 5.2.16 (May 9, 2017)
New in HTTPS Everywhere 5.2.15 (Apr 20, 2017)
New in HTTPS Everywhere 5.2.14 (Apr 6, 2017)
New in HTTPS Everywhere 5.2.13 (Mar 18, 2017)
New in HTTPS Everywhere 5.2.12 (Mar 10, 2017)
- Excepting loopback hostnames from 'HTTPS Nowhere' functionality
- Ruleset updates
New in HTTPS Everywhere 5.2.11 (Feb 14, 2017)
New in HTTPS Everywhere 5.2.10 (Jan 26, 2017)
- Removing targets which are HSTS preloaded in all supported browsers
- Ruleset updates
New in HTTPS Everywhere 5.2.9 (Dec 20, 2016)
- Ruleset updates
- In HTTP Nowhere mode, attempt HTTPS before block
New in HTTPS Everywhere 5.2.8 (Dec 5, 2016)
New in HTTPS Everywhere 5.2.7 (Nov 9, 2016)
New in HTTPS Everywhere 5.2.6 (Oct 21, 2016)
- Ruleset fixes
- Fix for domain isolation in Tor Browser with SSL Observatory
New in HTTPS Everywhere 5.2.5 (Sep 22, 2016)
- Ruleset fixes
- Removing deprecated torbutton options
New in HTTPS Everywhere 5.2.4 (Sep 2, 2016)
- Ruleset fixes
- Chrome Dev: Possible fix to "Extension Corrupted" errors
- Firefox Android: Fixing numerous issues with UI and functionality
- Firefox: Expanding SSL Observatory popup window
New in HTTPS Everywhere 5.2.3 (Aug 26, 2016)
- Bugfix release: fixing a possible DLL hijacking vulnerability
New in HTTPS Everywhere 5.2.2 (Aug 25, 2016)
New in HTTPS Everywhere 5.2.1 (Aug 2, 2016)
- Bug fix release: fix CSS to prevent large icons.
New in HTTPS Everywhere 5.1.2 (Dec 17, 2015)
New in HTTPS Everywhere 5.1.1 (Aug 27, 2015)
- Ruleset fixes
- Clean up some unused code that was causing review problems on AMO.
New in HTTPS Everywhere 5.1.0 (Aug 20, 2015)
- Signed by AMO; otherwise not different from 5.0.9.
New in HTTPS Everywhere 5.0.8 (Aug 14, 2015)
- Ruleset fixes
- Restore checkbox icons on Firefox
- Add a link to the HTTPS Everywhere Atlas
New in HTTPS Everywhere 5.0.7 (Aug 14, 2015)
- Ruleset fixes, in particular disable broken Netflix rule
- Fix "Add a rule" functionality in Chrome.
New in HTTPS Everywhere 5.0.6 (Jul 14, 2015)
- EFF 25th birthday edition
- Ruleset fixes
- Move "Enable / Disable rules" options into menu.
New in HTTPS Everywhere 5.0.5 (May 29, 2015)
- Ruleset fixes
- Fix ordering of locales to default to English again.
New in HTTPS Everywhere 5.0.4 (May 13, 2015)
New in HTTPS Everywhere 5.0.3 (Apr 24, 2015)
New in HTTPS Everywhere 5.0.2 (Apr 10, 2015)
New in HTTPS Everywhere 5.0.1 (Apr 3, 2015)
- Disabled some broken rulesets.
- Fixed and updated many rulesets.
- Better null checking in Firefox.
- Add "Block All HTTP Requests" in Chrome.
New in HTTPS Everywhere 5.0 (Mar 26, 2015)
- Many new rulesets.
- Improved automated ruleset testing.
- Many new translations in Firefox version.
- Support for Firefox electrolysis (aka e10s aka process separation).
New in HTTPS Everywhere 5.0 Dev 3 (Mar 23, 2015)
- Added automated ruleset testing.
- Disabled many rules that failed ruleset tests.
- Fix cookie securing so it works for wildcard cookies even when a wildcard target host is not present.
- User rule creation in Chromium is only offered on HTTPS.
- Enabling and disabling user rules on Chromium works.
- Candidate for 5.0 series stable release.
New in HTTPS Everywhere 4.0.3 (Jan 23, 2015)
- Ruleset updates.
- Update SSL Observatory code to match Firefox API changes in hashing.
- Bring code in line with guidelines for addons.mozilla.org.
New in HTTPS Everywhere 4.0.2 (Dec 30, 2014)
- Disable SSL 3 to Prevent POODLE attack: https://github.com/EFForg/https-everywhere/pull/674
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal
New in HTTPS Everywhere 5.0 Dev 2 (Dec 24, 2014)
- Merged mobile support from 4.0 branch.
- New translations imported: Catalan, Chinese (Taiwan), Croatian (Croatia), Estonian, Faroese, French (Canada), Khmer, Malay (Malaysia), Portuguese (Brazil), Romanian, Serbian, Sinhala (Sri Lanka), Slovak (Slovakia), Slovenian (Slovenia), Thai, Ukrainian
- Various ruleset fixes.
- Candidate for a 5.0 series stable release.
New in HTTPS Everywhere 5.0 Dev 1 (Dec 16, 2014)
- Support for multi-process Firefox (aka electrolysis or e10s).
- Merge latest rulesets.
New in HTTPS Everywhere 4.0.1 (Sep 12, 2014)
- Significant new coverage: Reddit, Quora
- Fixes include: Frontier Networks, Hotmail / Live, Microsoft, Mozilla, Ohio State, Rackspace, SJ.se, Timbo.se
- Enhancements to MCB detection and subsequent ruleset fixes
New in HTTPS Everywhere 4.0.0 (Aug 5, 2014)
- Ruleset fixes to wikimedia, stanford-university, joyent, and gaytorrents.
- Merge Android Firefox branch, so Android now has the same release cycle as the stable HTTPS Everywhere branch for Firefox.
- Remove old unused ContentPolicy code.
New in HTTPS Everywhere 5.0 Dev 0 (Jul 30, 2014)
- Various rules for new gaming sites: https://github.com/EFForg/https-everywhere/pull/387
- Add exception for flashproxy: https://github.com/EFForg/https-everywhere/issues/357
- Updates to joyent, moevideo, FreeDesktop, Gfycat, Bytemark, tchibo, Kantonalbank rules, godaddy, Bing, Pcwelt.de, Gamestar.de, o2-online, heise.de, mozdev.org, Wikimedia, Spotify, Stanford-University, various Swiss websites, SourceForge, utwente.nl, teamfortress.com, Fastly, mozilla.org, AmazonAws, Technology Review, jitsi, googlecode.com, CDT, and other rules.
- Add Denh.am, justeatuk, owncloud, seanmckaybeck.com, strimoid.pl, elkosmasgr, mantisbt, IAPC, ReadTheDocs, tox.im, and other rules.
- Initialize Convergence's NSS.js with nss library path: https://github.com/EFForg/https-everywhere/pull/315
- Add filter for OCSP and other requests that should be unrewritten: https://github.com/EFForg/https-everywhere/pull/332
- Add testing framework and a few basic extension tests: https://github.com/EFForg/https-everywhere/pull/338
- Fix Chrome redirect loop detection: https://github.com/EFForg/https-everywhere/issues/289
- Fix loading of user rules: https://github.com/EFForg/https-everywhere/pull/293
- Fix SSL Obs. preferences XML parsing bug.
- Add experimental "HTTP Nowhere" mode (blocks all HTTP requests): https://github.com/EFForg/https-everywhere/pull/379
New in HTTPS Everywhere 3.5.3 (Jul 3, 2014)
- Ruleset fixes to Mozilla, PCWorld, MacWorld, Google Books, 4chan blog, BuzzFeed, BBC, googlecode, TechDirt, Wikia, Technology Review, Google Translate, CDT, Science Direct, Sourceforge
- Fix rulesets.sqlite path, allowing global installation (Github #255)
- Revert components/ssl-observatory.js to 3.4.5, possibly fixing crash bug (Github #262)
- Update observatory whitelist
New in HTTPS Everywhere 4.0 Dev 17 (May 24, 2014)
- Re-enable ability to see all rulesets in enable/disable dialog.
- Fix allowing global installation
- Better observatory whitelisting
- Add option for SSL obs. revoked cert warnings
- Numerous ruleset updates
New in HTTPS Everywhere 3.5.1 (Apr 28, 2014)
- Revert https://github.com/EFForg/https-everywhere/pull/134 due to YouTube breakage.
- Re-enable ability to see all rulesets in enable/disable dialog.
- Added more Debian coverage.
- Fixes to Doubleclick, Guardian, Heroku, Home Depot, HypeMachine, IMDB, Justin.tv, Kikatek, Mozilla, MyFitnessPal, Pinterest, XKCD, Reuters, Technet, Tumblr, Wordpress, Yandex, Youtube, Flickr.
- Fix Australis icon positioning: https://github.com/EFForg/https-everywhere/pull/216
- chrome-2014.4.25: Ruleset fixes (same as 3.5.1)
New in HTTPS Everywhere 3.5 (Apr 17, 2014)
- Merge all non-ruleset changes from 4.0development.16
- Merge all new/modified rulesets from 4.0development.16 that are in the Alexa Top 1000 using utils/alexa-ruleset-checker.py. For a full list, see utils/alexa-logs/07042014.log.
New in HTTPS Everywhere 4.0 Dev 16 (Apr 17, 2014)
- Restore code that loads custom rule files: https://github.com/EFForg/https-everywhere/pull/156
- Use loadContext interface to get windows associated with requests
- Reduce annoying logging messages
- Report cert warning pages to SSL Observatory
- Remove SSL Observatory observers when disabled
- Don't set LOAD_REPLACE flag: https://github.com/EFForg/https-everywhere/pull/134
- Add script to merge rulesets in Alexa Top 1M, thanks to Claudio MOretti: https://github.com/EFForg/https-everywhere/pull/149
- 8 new rules
- 59 modified rules
New in HTTPS Everywhere 3.4.5 (Jan 6, 2014)
- Firefox (3.4.5):
- Updated license
- Updated README.md
- Updated contributors list
- Fix a performance bug when re-enabling HTTPS-Everywhere from its menu
- Observatory cert whitelist update
- Updated rules: Atlassian, Brightcove, MIT, Pidgin, Microsoft, Whonix, Skanetrafiken, Stack-Exchange, Stack-Exchange-mixedcontent
- Google Chrome (2014.1.3):
- Various ruleset fixes
- Various performance improvements
- Add LRU caching for rules
- Refactor out unused code
- Reload page when rule is disabled
- Upgrade URI.js
- Add fi translation
- Enable mixed content rules for Opera
New in HTTPS Everywhere 3.4.3 (Dec 4, 2013)
- Firefox (3.4.3):
- Fixes: Cloudfront / Amazon MP3 player, Cornell/Arxiv, FlickR, AmazonAWS/spiegel.tv
- Disable broken: Barns and Noble, Behance, Boards.ie, Elsevier, Kohls, OpenDNS, Spin.de, Svenskakyrkan
- Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20: https://bugzilla.mozilla.org/show_bug.cgi?id=939180
- Fix really silly Observatory UI bug that would leave the Observatory off for non-Tor users after they turned it on
- Update Observatory blacklist
- Bump maxVersion from Firefox 25 to 28.
- Firefox (4.0 development.14):
- Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20: https://bugzilla.mozilla.org/show_bug.cgi?id=939180
- Fix really silly Observatory UI bug that would leave the Observatory off for non-Tor users after they turned it on
- Ship 438 new rulesets
- Update Observatory blacklist
- Google Cheome (2013.10.16):
- Various ruleset fixes
- Fix unsafe loop variables
New in HTTPS Everywhere 3.4.2 (Oct 8, 2013)
- HTTPS Everywhere builds are now deterministic!
- Global memory leak bug fixes
- Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov, Bing, Cengage
- New rules from dev: IPTorrents.com, TvTorrents
New in HTTPS Everywhere 4.0 Dev 12 (Sep 20, 2013)
- Fix clients1.google.com OSCP meltdown
- Updated rules: ConnMan, Viddler.com, ISC, GNOME, Dozuki, Thingiverse, Box, ComputerWorld, Makerbot, McClatchy Interactive.com, Mozilla, Ohio State University, printrbot, Thingiverse, Tradedoubler, XiTi.com, Flameeyes, Open Clipart Library, Musopen, CERN, FilZilla, Google Services, Linux Foundation, Debian, Python.org, Ardour, Netmarble, Drexel University, Guifi.net, net-security.org, University of California, WordPress blogs, Perl.org
- New rules: Akira.org, AntiPolygraph.org, Banu.com, break.com, Click and Pledge.com, DataCoup.com, linux-sunxi.org, Lockbox.com, PSC.edu, University of Greifswald, University of Rostock, WIMM.com, ZeusClicks.com, gayorrents.net, Addison.com.hk, Auto Ad Manager.com, Blutmagie.de, Brixwork.com, HDtracks.com, hostname.sk, iPXE.org, Linn Records.com, Navigant Research.com, OpenLDAP.org, Quotes and Sayings.com, Solid-Run.com, TU-Dresden.de, Tux.Org, Ultrasurf.us, Zamzar.com, chaox.net, digilinux.ru, iNaturalist.org, IUCNredlist.org, jensge.org, Libre Graphics World.org, NAB.org, PengPod.com, pythonhosted.org, randombit.net, factorable.net, JoeyH.name, Acunetix.com, Alex Cabal.com, Altera.com, Commotionwireless.net,
- CounterMail.com, dotplex.de, Dyne.org, finalrewind.net, Keelog.com, Mailinator.com, My Shadow.com, OpenMailBox.org, PwdHash.com, Silent Sender.com, Standard Ebooks.com, Tarasic.com.tw, Barracuda.com
New in HTTPS Everywhere 4.0 Dev 10 (Aug 19, 2013)
- Firefox (3.4.1)
- Fix typo resulting in variable leak in get_prefs(),
- chrome-2013.8.17:
- Urgent bugfix release for https://trac.torproject.org/projects/tor/ticket/9507
- release from the stable / 3.0 branch, not master
- don't ship the development ruleset library, it's not ready for prime time yet
- avoid performance hits from repeatedly re-testing rulesets
- other possible weirdness
- Firefox 4.0 development.10:
- Numerous rules added, modified, and deleted
- Added utils/find_rules.py, python script by Osama Khalid to apply HTTPS Everywhere rules to URLs
- Updated readme to include more dependencies
New in HTTPS Everywhere 3.3.1 (Jul 27, 2013)
- [Wikimedia] removed mixedcontent
New in HTTPS Everywhere 3.3 (Jul 27, 2013)
- This major release fixed the following mixed content blocker (MCB) related bugs in time for Firefox 23:
- https://trac.torproject.org/projects/tor/ticket/9196
- https://trac.torproject.org/projects/tor/ticket/8774
- https://trac.torproject.org/projects/tor/ticket/8776
- In effect, this update disables rulesets that cause mixed content errors by default, and adds platform="mixedcontent" to 950 new rules. This is necessary to prevent a massive amount of websites from breaking by default for our users when Firefox 23 comes out.
- [Internet Archive] Moved to stable
- [Linaro] Default off per webmaster request
- [Applicom] Default off per webmaster request
New in HTTPS Everywhere 3.2.4 (Jul 11, 2013)
- Google Chrome (2013.7.10):
- In Chrome version, fixed css, "What is this?" link in popup, and added favicons to popup
- Includes all fixes from 3.2.4
- Firefox (3.2.4):
- [Yandex] remove maps from exclusions
- [Amazon Web Services] Add exclusion
- [Hotmail / Live] Add exclusion
- [Mozilla] Point labs to mozillalabs.org
- [Yandex] Exclude ll
- [Brightcove] Add exclusion
- [NYTimes] Add exclusion, disabled
- [News Corporation] Exclude 2013 images
- [imgbox] Fix typo
New in HTTPS Everywhere 3.2.3 (Jul 1, 2013)
- Issues resolved:
- Firefox 22 breaks our ruleset preferences window
- Google Art project does not load with HTTPS everywhere chrome extension
- Amazon AWS breaks Epicmafia
- Resources fail to load on AboutAds.info
- TorrentFreak.com rule doesn't redirect to HTTPS
- BBC (mixed content) ruleset prevents iPlayer Radio playback
- Error compiling xpi rulesets (for Firefox) in OSX
- padlet.com/create blanked out because of cloudfront
- Microsoft health pages 404
- Hype Machine doesn't support SSL, so rule breaks the site
New in HTTPS Everywhere 4.0 Dev 8 (Jun 13, 2013)
- Google Chrome (2013.6.4):
- The "factors of 12" chromium beta
- Disable Myspace by default due to mixed content
- Various ruleset fixes:
- https://eff.org/r.5bSj
- https://trac.torproject.org/projects/tor/ticket/8584
- https://trac.torproject.org/projects/tor/ticket/8571
- Firefox (4.0 Dev 8):
- Fix broken ruleset dialog in Firefox 22+ https://trac.torproject.org/projects/tor/ticket/8997
- The toolbar button chnages to indicate active rulesets: https://trac.torproject.org/projects/tor/ticket/4886
- Ship 31 new rulesets
- New translations: Japanese and Sinhala
- Updated translations: Hungarian, Lithuanian, Slovenian
- Ruleset fixes from 3.2.2: https://eff.org/r.5bSj
- Observatory cert whitelist update
New in HTTPS Everywhere 3.2.2 (May 23, 2013)
- Quick turn-around release to unbreak support.apple.com
- Fixes for a number of other ruleset bugs: https://eff.org/r.5bSj
- Incremental observatory cert whitelist update
New in HTTPS Everywhere 4.0 Dev 7 (May 23, 2013)
- Implement XHR outstanding request limits to work around TCP connection exhaustion if the SSL Observatory server is slow or down: https://trac.torproject.org/projects/tor/ticket/8670; https://bugzilla.mozilla.org/show_bug.cgi?id=856748
- Add a note hinting users how to toggle rulesets (thanks to Pavel Kazakov) https://trac.torproject.org/projects/tor/ticket/4967
- Ship all fixes from 3.2: https://eff.org/r.b9Qc
- Other known ruleset fixes: EA, Yandex https://trac.torproject.org/projects/tor/ticket/8571
- Ship 1308 new rulesets
- Numerous new and updated translations
New in HTTPS Everywhere 2012.4.30 (May 2, 2013)
- Google Chrome (2012.4.30):
- The "May day somewhere" chromium beta
- Ship all ruleset bugfixes from the Firefox 3.2 release: https://eff.org/r.b9Qc
- Flag/disable mixed content rulesets: Apple Support, BBC, Dell support, FBI, Wordpress, Zend https://eff.org/r.1bQt
- Disable VistaX64 https://trac.torproject.org/projects/tor/ticket/8801
New in HTTPS Everywhere 3.2 (Apr 27, 2013)
- Firefox (3.2):
- Related trac bugs for this release: https://eff.org/r.b9Qc
- New: MoinMoin
- Fixes: Adobe, Bahn.de, Cloudfront, Dell, Droplr, FBI, Google Maps, Joomla, Juno Download, Lenovo, New York Times, SEC, Soundcloud, Tweakers.net, Univ Strasbourg, Vkontakte, Zend
- Disable broken: AirAsia, Netvibes, Newgrounds, Pirate Bay, Russia Today, SVT, Wolfram Alpha
- Maybe fixed: Quantcast/Tumblr: https://trac.torproject.org/projects/tor/ticket/8406 (maybe fixed)
- Sync languages and translations from the master branch.
- New languages: Finnish, Norwegian (Bokmål), Slovak, Bulgarian.
- All HTTPS Everywhere users will be now prompted about using the SSL Observatory.
- Google Chrome (2012.3.7)
- The "cookies uncrumbled" chromium beta
- Ship all ruleset bugfixes from Firefox 3.1.4
- Stop securing HTTP (non-S) cookies in weird cases. https://trac.torproject.org/projects/tor/ticket/7492
New in HTTPS Everywhere 4.0 Dev 6 (Mar 8, 2013)
- Fix the implementation of safeToSecureCookie:
- Get https://trac.torproject.org/projects/tor/ticket/7491 right(er)
- Fix https://trac.torproject.org/projects/tor/ticket/7855
- Ship all ruleset fixes from 3.1.2 and 3.1.3:
- Except Etsy, where we're trying to fix rather than disable the ruleset https://trac.torproject.org/projects/tor/ticket/7774
- Internet Freedom Day development release
- Fix a ruleset processing bug, which would prevent from matching x.y.z.com
- Ship 354 new rulesets
- Update cert whitelist
- Update translations: Korean, Polish, French
New in HTTPS Everywhere 4.0 Dev 5 (Jan 20, 2013)
- Internet Freedom Day development release
- Fix a ruleset processing bug, which would prevent from matching x.y.z.com
- Ship all ruleset fixes from 3.1.2 and 3.1.3
- Except Etsy, where we're trying to fix rather than disable the ruleset
- https://trac.torproject.org/projects/tor/ticket/7774
- Ship 354 new rulesets
- Update cert whitelist
- Update translations: Korean, Polish, French
- Fix the implementation of safeToSecureCookie:
- Get https://trac.torproject.org/projects/tor/ticket/7491 right(er)
- Fix https://trac.torproject.org/projects/tor/ticket/7855
New in HTTPS Everywhere 3.1.3 (Jan 20, 2013)
- Internet Freedom Day stable bugfix release
- Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, Google Maps, UserEchohttps://trac.torproject.org/projects/tor/ticket/7931
- https://trac.torproject.org/projects/tor/ticket/7888
- https://trac.torproject.org/projects/tor/ticket/7594
- https://trac.torproject.org/projects/tor/ticket/7539
- https://trac.torproject.org/projects/tor/ticket/7698
- Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest:
- https://trac.torproject.org/projects/tor/ticket/7336
- https://trac.torproject.org/projects/tor/ticket/7825
- https://trac.torproject.org/projects/tor/ticket/7774
- https://trac.torproject.org/projects/tor/ticket/7695
- https://trac.torproject.org/projects/tor/ticket/7777
- https://trac.torproject.org/projects/tor/ticket/7865
- Update cert whitelist
New in HTTPS Everywhere 3.1.2 (Jan 4, 2013)
- Fixes for: AmazonAWS/Datawrapper, Cachefly, Cloudfront/C-SPAN, Hetzner.de
- KeyDrive/Snapnames, QT, openDesktop, OpenTTD, WhiskeyMedia
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html
- https://trac.torproject.org/projects/tor/ticket/7608
- https://trac.torproject.org/projects/tor/ticket/7567
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html
- https://trac.torproject.org/projects/tor/ticket/7560
- https://trac.torproject.org/projects/tor/ticket/7796
- Disable broken: FlossManuals, Pastebin, Poste.it, Ustream, TED, AusGamers:
- https://trac.torproject.org/projects/tor/ticket/7731
- https://trac.torproject.org/projects/tor/ticket/7850
- https://trac.torproject.org/projects/tor/ticket/7840
- https://trac.torproject.org/projects/tor/ticket/7548
- Increase Observatory deployment (65%->85%)
- Update cert whitelist
New in HTTPS Everywhere 4.0 Dev 4 (Dec 21, 2012)
- Chrome (2012.12.17):
- The "overdue bugfixes" chromium beta
- Ship all ruleset bugfixes from Firefox 3.1 and 3.0.4
- Additional fixes for: AmazonAWS/Datawrapper, Cachefly, Cloudfront/C-SPAN, Hetzner.de, KeyDrive/Snapnames, QT
- Additionally disable: Automattic
New in HTTPS Everywhere 4.0 Dev 4 (Dec 21, 2012)
- Fix nasty bug that prevented Firefox downloads from Mozilla's CDN https://trac.torproject.org/projects/tor/ticket/7717
- Fix download from qt-project.org
- Ship 72 new rulesets
- Include all rulset fixes from 3.1
New in HTTPS Everywhere 3.1 (Dec 21, 2012)
- Hacky solution to a very nasty bug in which directives would cause cookies to be flagged as secure even if they were set from HTTP origins.
- https://trac.torproject.org/projects/tor/ticket/7491
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-November/001397.html
- Fixes: Akamai, Biomed central, BYU, Cachefly / Topix, DuckDuckGo, Focus.de, Fortum, Mashable, Mail.ru, MayFirst/People Link, MIT, Rackspace, Salsa Labs, SurveyMonkey, Tumblr
- Disable: Adtech.de, AllthingsD American Public Media, Dafont, MediaFire, Verizon, vk.com, Wired, Conde Nast
- Observatory-only translations into Hebrew and Croatian
- Offer the SSL Observatory popup to a larger cohort of users
New in HTTPS Everywhere 4.0 Dev 3 (Dec 12, 2012)
- Hacky solution to a very nasty bug in which directives would cause cookies to be flagged as secure even if they were set from HTTP origins.
- https://trac.torproject.org/projects/tor/ticket/7491
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-November/001397.html
- Ship 245 new rulesets
- Fixes include: Internet Archive, Rackspace
- Disable broken: American Public Media, Verizon, Nieuwsblad.be, MyOpenID
- (Plus fixes and rulesets disabled between 4.0dev2 and 3.0.4)
- Observatory-only translations: Croation, Hebrew
New in HTTPS Everywhere 4.0 Dev 2 (Nov 27, 2012)
- Ship 67 new rulesets
- Fix broken logouts from non-US Google accounts:
- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001347.html
- Other fixes:
- Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer,
- Optical Society, IMDB, Facebook, EzineArticles, Broadband Reports, Apache,
- Akamai (exclude Zynga content to prevent breakage of some Zynga games),
- Costco, Atlassian, Akamai/MTV3 Katsomo
- Disable broken/buggy:
- HP, Bytename, NIFTY, Microchip, NttDocomo
- Updated translations:
- Greek, Russian, Latvian
- New translation:
- Turkish
New in HTTPS Everywhere 3.0.4 (Nov 27, 2012)
- Fixes:
- ACLU, Amazon, Barnes & Noble, CharityNavigator, Cloudfront/Turntable.fm,
- Coursera, itella.fi, posti.fi, Uservoice
- https://trac.torproject.org/projects/tor/ticket/7336
- https://trac.torproject.org/projects/tor/ticket/7273
- https://trac.torproject.org/projects/tor/ticket/7227
- Disable broken:
- Asterisk, Boston Globe (separated out from NYTimes.com), Extabit, Gawker,
- Google Services (Followers widget), NPR, SF.se, SonyMusic, Statcounter, WebType
- https://trac.torproject.org/projects/tor/ticket/7270
- https://trac.torproject.org/projects/tor/ticket/7243
- https://trac.torproject.org/projects/tor/ticket/7361
- https://trac.torproject.org/projects/tor/ticket/7120
- https://trac.torproject.org/projects/tor/ticket/7278
- https://trac.torproject.org/projects/tor/ticket/7363
- https://trac.torproject.org/projects/tor/ticket/7294
- No longer cacert: lawblog.de
- Offer the SSL Observatory popup to a larger cohort of users
- Update translations: Spanish, Russian, Turkish, Swedish
- chrome-2012.10.31
- The "ghosts and goblins" chromium alpha
- Work around a nasty bug that was affecting some high-volume Live Youtube streams
- (but not other live YouTube streams)
- https://trac.torproject.org/projects/tor/ticket/7127
- Other Fixes:
- AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, MySQL, NPR, PBS,
- Phronoix Media/Openbenchmarking, SSRN, Spoki
- https://trac.torproject.org/projects/tor/ticket/7219
- https://trac.torproject.org/projects/tor/ticket/7180
- https://trac.torproject.org/projects/tor/ticket/7135
- https://trac.torproject.org/projects/tor/ticket/7206
- https://trac.torproject.org/projects/tor/ticket/7198
- Disable broken/buggy:
- CBS/Last.fm, Citibank Australia, Bytename, HP, NIFTY, Microchip, MyOpenID, NttDocomo
- https://trac.torproject.org/projects/tor/ticket/6587
- https://trac.torproject.org/projects/tor/ticket/7226
- https://trac.torproject.org/projects/tor/ticket/7111
- https://trac.torproject.org/projects/tor/ticket/7161
- https://trac.torproject.org/projects/tor/ticket/7114
- https://trac.torproject.org/projects/tor/ticket/7138
- https://trac.torproject.org/projects/tor/ticket/7107
New in HTTPS Everywhere 1.0.1 (Aug 17, 2011)
- Disable some rulesets with partial compatibility issues: Reddit, StumbleUpon, Heroku
- Small Yandex fix
- Fix/improvement for Google Instant outside the US
New in HTTPS Everywhere 1.0.0 (Aug 8, 2011)
- Release 1.0 into the stable branch!
- Improve toolbar UI for error pages somewhat (it still isn't perfect)
- Bugfixes: Microsoft, Dropbox, Netflix, MySQL
- Disable a couple of broken rules
New in HTTPS Everywhere 1.0.0 dev5 (Aug 1, 2011)
- Ship rulesets as a single "default.rulesets" file, shrinking the .xpi from
- Fix an ephemeral bug where disabled-by-default rules would be briefly enabled when first installed
- Wikipedia shows up in the toolbar/context menu
- Fixes to netflix & netzpolitik
- Toolbar/context menu can be opened with left or right click
New in HTTPS Everywhere 1.0.0 dev3 (Jul 5, 2011)
- Do not show a bizarre popup when people click the HTTPS toolbar button on error pages
- Fixed a GoogleServices bug that broke logout from non-US Google accounts.
New in HTTPS Everywhere 0.9.9 dev5 (Jun 9, 2011)
- Compatible with Firefox 4.0.1+
- New ruleset management UI (thanks to katmagic and Stefan Tomanek)
- Ship 136 new rulesets
- Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious
- Improvements: Bit.ly, Yahoo, Nokia
- Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!)
New in HTTPS Everywhere 0.9.9 dev4 (Mar 19, 2011)
- Ship 117 new rulesets
- Fixes: MySQL, GroupOn, country-specific Google news sites,
- Improvements: mail.com, WordPress
- Leave WashingtonPost ruleset on in the hope that it gets fixed soon :/
- Disable broken rules: HTC, I2P .
New in HTTPS Everywhere 0.9.9 dev3 (Feb 7, 2011)
- In the settings dialogue, offer "Reset defaults" instead of "Enable all"
- Merge fixes from NoScript that avoid some torbutton bugs
- Ship 56 new rulesets
- Numerous tweaks + fixes, including NYTimes and AddThis
New in HTTPS Everywhere 0.9.9 dev2 (Dec 21, 2010)
- Prevent the preferences window from swallowing the screen on OS X
- Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS)
- Attempt to do the same for for CAcert
- Fixes to: Reddit, Drupal.org
- Disable some problematic rulesets: Cisco, Opera
- Enable: Reddit
- Ship another 62 rulesets
New in HTTPS Everywhere 0.9.9 dev1 (Nov 30, 2010)
- The efficient ruleset checking implementation should now hopefully be...
- efficient
- Ship all the rulesets (!!!)
- Except the ones that cause cert warnings, which are there but off by default
- Build scripts attempt to validate rulesets before making a .xpi
New in HTTPS Everywhere 0.9.0 Beta (Nov 24, 2010)
- This is our "Firesheep" release. It has numerous anti-firesheep improvements!
- Split the stricter parts of the Facebook rule into a "Facebook+" rule.
- It's what's required to protect Facebook from Firesheep and similar cookie theft attacks, but it may break apps, because apps.facebook.com currently has the wrong cert.
- Allow rulesets to specify that the secure flag should be set on some cookies even if the site operator failed to do so
- Ship rules for:
- Amazon S3 (AWS)
- Github
- Bit.ly
- Dropbox
- Evernote
- Cisco
- Extensive improvements (including secure cookies) in the Twitter and Facebook rules
- Support for full Live / Hotmail encryption
- Significant performance optimisation decreases CPU load
- Fixes:
- Rearrange our Channel Replacement code!
- Add scrollbars if there are a lot of rules present in the Preferences dialog dialog (may still be somewhat buggy...)
- Optimise GoogleServices.xml and support Google code search
- Patch for future compatibility with Request Policy:
- Support for the Firefox 4 API
- The Amazon rule was causing a lot of glitches; it is now off by default
- Control log verbosity with an about:config variable
- Numerous minor rule improvements
New in HTTPS Everywhere 0.3.0/ 0.2.2 (Nov 15, 2010)
- This is our draft "Firesheep" release. It has numerous anti-firesheep improvements!
- Allow rulesets to specify that the secure flag should be set on some cookies even if the site operator failed to do so
- Ship rules for:
- Amazon S3 (AWS)
- Github
- Extensive improvements (including secure cookies) in the Twitter and Facebook rules
- Support for full Live / Hotmail encryption
- Rearrange our Channel Replacement code!
- Fixes https://trac.torproject.org/projects/tor/ticket/1684
- https://bugzilla.mozilla.org/show_bug.cgi?id=548102
New in HTTPS Everywhere 0.2.3 Dev.1/ 0.2.2 (Oct 26, 2010)
- Support for the Firefox 4 API
- The Amazon rule was causing a lot of glitches; it is now off by default
- Control log verbosity with an about:config variable
- Numerous minor rule adjustments
New in HTTPS Everywhere 0.2.2 (Jul 15, 2010)
- Cleanup and refactor the URI replacement and rewriting code. Should hopefully fix https://trac.torproject.org/projects/tor/ticket/1649
- Add a Google APIs rule
- Remove some Extremely Nasty code that would delete malformed rulesets.
- Add code.google.com to Google Services
- The client=firefox* workaround is no longer necessary once we're sending non-US users to encrypted.google.com rather than www.google.com
- Better coverage for GMX, Google services, Twitter
- Scroogle homepage in HTTPS
- Add rules for Mail.com login