Tor Browser Changelog

What's new in Tor Browser 13.0.14

Apr 17, 2024

All Platforms:
Updated Tor to 0.4.8.11
Bug tor-browser#41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth
Bug tor-browser#42335: Do not localize the order of locales for app lang
Bug tor-browser#42428: Timezone offset leak via document.lastModified
Bug tor-browser#42472: Timezone may leak from XSLT Date function
Bug tor-browser#42508: Rebase Tor Browser stable onto 115.10.0esr
Windows + macOS + Linux:
Updated Firefox to 115.10.0esr
Bug tor-browser#42172: browser.startup.homepage and TOR_DEFAULT_HOMEPAGE are ignored for the new window opened by New Identity
Bug tor-browser#42236: Let users decide whether to load their home page on new identity.
Bug tor-browser#42468: App languages not sorted correctly in stable
Linux:
Bug tor-browser-build#41110: Avoid Fontconfig warning about "ambiguous path"
Android:
Updated GeckoView to 115.10.0esr
Bug tor-browser#42509: Backport Android security fixes from Firefox 125
Build System:
All Platforms:
Updated Go to 1.21.8
Bug tor-browser-build#41107: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo for new type of URL
Bug tor-browser-build#41122: Add release date to rbm.conf
Android:
Bug tor-browser-build#40992: Updated torbrowser_version number is not enough to change firefox-android versionCode number

New in Tor Browser 13.5 Alpha 6 (Mar 29, 2024)

All Platforms:
Bug tor-browser#41114: Fix no-async-promise-executor on TorConnect
Bug tor-browser#41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth
Bug tor-browser#42336: Review the relationship between TorSettings and the TorProvider
Bug tor-browser#42428: Timezone offset leak via document.lastModified
Bug tor-browser#42435: Update moat domain fronting configuration
Bug tor-browser#42437: Drop "torbrowser.version" preference
Bug tor-browser#42444: Remove the "Prioritize .onion sites when known" option
Bug tor-browser#42449: Rebase Tor Browser alpha onto Firefox 115.9.0esr
Bug tor-browser#42459: Add startpage onion service to list of search providers
Bug tor-browser#42466: Drop the "Onion Logo" from trademark statement
Bug tor-browser#42472: Timezone May leak from XSLT Date function
Bug tor-browser#42473: ESR 115.9.1 fixes
Bug tor-browser#42481: Modularize SecurityLevel
Bug tor-browser-build#41105: Bump version of snowflake to v2.9.2
Windows + macOS + Linux:
Updated Firefox to 115.9.0esr
Bug tor-browser#41916: Letterboxing preferences UI
Bug tor-browser#41918: Add option to reuse last window size when letterboxing is enabled
Bug tor-browser#42203: Fluent migration: about dialog
Bug tor-browser#42209: Fluent migration: tor circuit
Bug tor-browser#42211: Fluent migration: new identity
Bug tor-browser#42214: Fluent migration: security level
Bug tor-browser#42236: Let users decide whether to load their home page on new identity.
Bug tor-browser#42443: Shrink the window to match letterboxing size when the emtpy area is doble-clicked
Bug tor-browser#42446: Improve accessible descriptions in built-in dialog
Bug tor-browser#42458: Update the "Submit Feedback" link in "About Tor Browser"
Windows:
Bug tor-browser#42377: Hidden fonts are automatically added to the allow list
Linux:
Bug tor-browser#42438: Adapt the data import wizard to use the original $HOME on Linux
Bug tor-browser-build#41110: Avoid Fontconfig warning about "ambiguous path"
Android:
Updated GeckoView to 115.9.0esr
Bug tor-browser#41187: Improve Android's bridge settings UI
Bug tor-browser#42427: Do not ship bridges as prefences anymore
Build System:
All Platforms:
Updated Go to 1.21.8
Bug tor-browser-build#41102: src archive does not match likely due to mismatched xz-utils version
Bug tor-browser-build#41107: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo for new type of URL
Bug rbm#40073: We should remove ./ when using 7-zip for zip files
Windows + macOS + Linux:
Bug tor-browser#42305: (Semi-)Automatically merge translation resources across tor browser releases (desktop)
Bug tor-browser-build#41088: Remove use of projects/browser/run_scripts
Windows:
Bug tor-browser-build#41097: authenticode-timestamping.sh fails to run again because tmp-timestamp already exists
Android:
Bug tor-browser#40502: Do not recommend addons on Tor Browser
Bug tor-browser-build#41082: Package tor expert bundle on android as .aar that firefox-android can use in lieu of tor-android-service with geckoview bootstrap

New in Tor Browser 13.0.13 (Mar 22, 2024)

New in Tor Browser 13.0.12 (Mar 22, 2024)

New in Tor Browser 13.0.11 (Mar 7, 2024)

New in Tor Browser 13.5 Alpha 5 (Feb 29, 2024)

All Platforms:
Updated OpenSSL to 3.0.13
Updated Snowflake to 2.9.0
Bug tor-browser#42376: The placeholder of datetime inputs keeps being localized when spoof English is on
Bug tor-browser#42378: spoof english + htmlform can leak app language
Bug tor-browser#42390: Betterboxing: make the decorator border disappear when the corners are flat
Bug tor-browser#42397: Change RFP-spoofed Timezone from UTC to a real-world, less discriminable one
Bug tor-browser#42412: Rebase Tor Browser Alpha onto 115.8.0esr
Bug tor-browser-build#41079: Bump version of Snowflake to v2.9.0
Windows + macOS + Linux:
Updated Firefox to 115.8.0esr
Bug tor-browser#41814: Change "vanilla bridge:" to "Tor bridge:" in bridge cards
Bug tor-browser#42270: Implement design changes to QR code dialog
Bug tor-browser#42389: Betterboxing: gradient is never shown
Bug tor-browser#42398: Include Alpha and Nightly in MOZ_APP_DISPLAYNAME (and possibly in other places)
Bug tor-browser#42414: Show ellipsis when the tor bridge address overflows
Bug tor-browser#42415: Improve focus styling for forced focus in bridge settings
Bug tor-browser#42421: Remove bridge option should be hidden for Lox bridges
Bug tor-browser#42423: Move temporary Lox Fluent strings to new file
Bug tor-browser#42425: Improve accessibility of the bridge emoji cells
Android:
Updated GeckoView to 115.8.0esr
Bug tor-browser#42253: Remove "New private tab" action and widget
Bug tor-browser#42402: Remove Android YEC strings
Bug tor-browser#42407: TTP-03-010 WP3: Potential phishing
Bug tor-browser#42416: Backport Android security fixes from Firefox 123
macOS:
Bug tor-browser-build#40569: Create build-specific installer for macOS
Build System:
All Platforms:
Updated Go to 1.20.14 and 1.21.7
Bug tor-browser-build#41081: Update detailsURL in tools/signing/nightly/update-responses-base-config.yml
Bug tor-browser-build#41085: kick_devmole_build script prints wrong URL for Mullvad's build hashes
Bug rbm#40068: Switch from IO::CaptureOutput to Capture::Tiny
Bug rbm#40069: Make stdout and stderr utf8
Bug rbm#40071: Add an option to create zip files using 7z
Bug rbm#40072: Move capture_exec to a separate module
Windows:
Bug tor-browser-build#41076: Include the ShellLink plugin in NSIS
macOS:
Bug tor-browser-build#41084: $app_bundle is missing the final .app in projects/firefox/build
Android:
Bug tor-browser#42399: Re-enable minimization of JS for Android
Bug tor-browser-build#41080: Re-pack omni.ja with 7-zip on Android
Bug tor-browser-build#41092: Use an uncompressed omni.ja to improve final apk compression.
Bug tor-browser-build#41093: Sign unsigned APKs instead of the QA-signed ones

New in Tor Browser 13.0.10 (Feb 20, 2024)

New in Tor Browser 13.5 Alpha 4 (Feb 1, 2024)

All Platforms:
Updated zlib to 1.3.1
Updated Snowflake to 2.8.1
Bug tor-browser#42343: Consume pt_config.json in the browser
Bug tor-browser#42348: TorSettings.defaultSettings() removed but still referenced by Moat.sys.mjs
Bug tor-browser#42354: Refactor exclusions in ShouldSanitizePreference() to the pref list.
Bug tor-browser#42358: Separate the domain fronted requests from Moat
Bug tor-browser#42359: Handle firewall and proxy in TorSettings.setSettings
Bug tor-browser#42363: Tab thumbnails enhancements
Bug tor-browser#42366: Rebase Tor Browser Alpha onto Firefox 115.7.0esr
Bug tor-browser#42369: Revert YEC 2023 changes
Bug tor-browser#42374: spoof english leaks via numberingSystem: numbers (non-latn) or decimal separator (latn)
Bug tor-browser#42384: Regression: quickstart doesn't work anymore
Bug tor-browser-build#41058: Update Snowflake to 2.8.1
Bug mullvad-browser#262: Mouse-over long links causes the browser element to re-center relative to width of status tooltip
Windows + macOS + Linux:
Updated Firefox to 115.7.0esr
Bug tor-browser#41917: Make the appearance of letterboxing look more intentional
Bug tor-browser#42036: Design and build a user interface for Lox
Bug tor-browser#42338: Changing circuit programmatically in Tor Browser not working anymore!
Bug tor-browser#42387: Visual noise in 13.5a4 letterboxing
Linux:
Bug tor-browser#42293: Updater is disabled when tor-browser is run by torbrowser-launcher flatpak
Android:
Updated GeckoView to 115.7.0esr
Bug tor-browser#42252: Plumb down TorConnect commands from firefox-android to GeckoView
Bug tor-browser#42346: Crash in firefox-android originating in backported FullScreenNotificationDialog patch
Bug tor-browser#42353: Fix Android NoScript automatic updates
Bug tor-browser#42355: Fullscreen on Android doesn't hide system bars
Bug tor-browser#42367: Backport Android security fixes from Firefox 122
Bug tor-browser#42368: Tor Browser 13.5a3 crashes during start-up because of API26+ methods
Build System:
All Platforms:
Updated Go to 1.20.13 and 1.21.6
Bug tor-browser-build#41037: Set time on signing machine before starting signing
Bug tor-browser-build#41038: Add RPM dependencies to README
Bug tor-browser-build#41059: Update keyring/torbrowser.gpg with updated key
Bug tor-browser-build#41063: Run "file $keyring" in tools/keyring/list-all-keyrings
Bug tor-browser-build#41067: Use Capture::Tiny instead of IO::CaptureOutput
Bug tor-browser-build#41073: Update documention about required packages for container-less build
Bug rbm#40067: Use --no-verbose wget option when not running in a terminal
Windows + macOS + Linux:
Bug tor-browser-build#41078: pt_config.json not touch'd before adding to omni.ja, resulting in build non-determinism
Windows:
Bug tor-browser-build#40606: Use Clang to compile NSIS
Bug tor-browser-build#40900: Update NSIS to 3.09
Bug tor-browser-build#41065: Do a cleanup of the NSIS script

New in Tor Browser 13.0.9 (Jan 23, 2024)

New in Tor Browser 13.5 Alpha 3 (Dec 22, 2023)

All Platforms:
Updated Tor to 0.4.8.10
Updated NoScript to 11.4.29
Bug tor-browser#42042: view-source:http://ip-address does not work because of HTTPS Only
Bug tor-browser#42308: Update README for tor browser
Bug tor-browser#42332: Rebase Tor Browser alpha onto 115.6.0esr
Bug tor-browser#42334: Keep returning ERROR_ONION_WITH_SELF_SIGNED_CERT only for .onion sites whose cert throws ERROR_UNKNOWN_ISSUER
Bug tor-browser#42335: Do not localize the order of locales for app lang
Bug 42340: TorBridgeChanged notification sends out "[object Object]" as its data. [tor-browser]
Windows + macOS + Linux:
Updated Firefox to 115.6.0esr
Bug tor-browser#40856: Add a default for preferences in TorSettings
Bug tor-browser#42099: Blind cross-origin requests to .tor.onion domains
Bug tor-browser#42189: Assertion failure: the value of mPrivateBrowsingId in the loadContext and in the loadInfo are not the same!
Bug tor-browser#42283: Tor Browser shouldn't ship blockchair by default
Bug tor-browser#42299: After adding incorrect bridge addres on user cannot go back to the Connection page
Bug tor-browser#42303: Remove unused "help" button logic in tor dialogs
Bug tor-browser#42319: Make all the wordmark of the same size
Windows:
Bug tor-browser#42163: Make the 3rd party DLL blocklist obey portable mode
Bug tor-browser#42179: PTs on Tor Browser 13 do not work with Windows 7
Linux:
Bug tor-browser-build#41050: Improve the disk leak sanitization on start-$browser
Android:
Updated GeckoView to 115.6.0esr
Bug tor-browser#42248: Allow GeckoView to launch tor
Bug tor-browser#42249: Allow GeckoView to launch lyrebird
Bug tor-browser#42250: Allow Moat.sys.mjs to invoke lyrebird on Android
Bug tor-browser#42301: Make TorSettings interact with the old Android Settings
Bug tor-browser#42313: Enable One UI Sans KR as a possible font for Korean (MozBug 1865238)
Bug tor-browser#42323: Add a checkbox to enable the connect assist experiments on alpha
Bug tor-browser#42324: Onion Location on Android is ignored
Bug tor-browser#42339: Backport Android security fixes from Firefox 121 to 115.6 - based Tor Browser
Build System:
All Platforms:
Updated Go to 1.21.5
Bug tor-browser#42331: tb-dev fetch command is missing repository argument
Bug tor-browser-build#40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo
Bug tor-browser-build#41026: Do not use ~ when uploading the signed hashes
Bug tor-browser-build#41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
Bug tor-browser-build#41036: Remove go_vendor-lyrebird-nightly makefile target, and rename go_vendor-$project-alpha makefile targets to go_vendor-$project
Bug tor-browser-build#41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them
Bug tor-browser-build#41042: Add options to include updates in the changelog scripts
Bug tor-browser-build#41043: Create script to push build requests to Mullvad build servers
Bug tor-browser-build#41045: Dump more information about build times on Firefox
Bug tor-browser-build#41048: Drop the kcp-go project
Windows + macOS + Linux:
Bug tor-browser-build#41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt
Bug tor-browser-build#41056: Make it possible to use templates in var/torbrowser_incremental_from
Bug tor-browser-build#41057: make fetch is not fetching mullvad repo
Windows + macOS:
Bug tor-browser-build#41016: Switch from bullseye to bookworm for desktop platforms
Windows:
Bug tor-browser-build#41015: Enable std::filesystem on libc++ on Windows
Bug tor-browser-build#41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt
macOS:
Bug tor-browser-build#40990: Remove old macos signing scripts
Linux:
Bug tor-browser-build#41046: Use the final path for Linux debug symbols

New in Tor Browser 13.0.8 (Dec 21, 2023)

New in Tor Browser 13.0.6 (Dec 6, 2023)

New in Tor Browser 13.5 Alpha 2 (Nov 29, 2023)

All Platforms:
Updated tor to 0.4.8.9
Bug tor-browser#42153: Drop dom.enable_resource_timing = false preference
Bug tor-browser#42246: Migrate tor connection stuff from browser to toolkit
Bug tor-browser#42261: Update the icon of Startpage search engine
Bug tor-browser#42276: Rebase Browsers Alpha to 115.5.0esr
Bug tor-browser#42277: Enable storage.sync to fix broken webextensions
Bug tor-browser#42288: Allow language spoofing in status messages
Bug tor-browser#42302: The allowed ports string contains a typo
Windows + macOS + Linux:
Updated Firefox to 115.5.0esr
Bug tor-browser#42072: YEC 2023 Takeover for Desktop Stable
Bug tor-browser#42188: Donations are asked repeatedly when I click New identity button
Bug tor-browser#42194: Blank Net Error page on name resolution failure
Linux:
Bug tor-browser#17560: Downloaded URLs disk leak on Linux
Bug tor-browser-build#41017: Disable Nvidia shader cache
Android:
Updated GeckoView to 115.5.0esr
Bug tor-browser#41846: firefox-android esr 115 introduced new nimbus use: they need to be disabled
Bug tor-browser#42074: YEC 2023 Takeover for Android Stable
Bug tor-browser#42258: Replace the current boring "fiery android" icon we use for dev with the cool nightly icon
Bug tor-browser#42259: Remove unused firefox branding from Tor Browser for Android
Bug tor-browser#42260: Add TBB artifacts to .gitignore
Bug tor-browser#42285: Update the gitignore to use the correct paths for tor stuff
Bug tor-browser#42287: Backport security fixes (Android & wontfix) from Firefox 120 to 115.5 - based Tor Browser
Build System:
All Platforms:
Update Go to 1.21.4
Bug tor-browser-build#40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be
Bug tor-browser-build#40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink
Bug tor-browser-build#41006: Fix typo in finished-signing-clean-linux signer
Bug tor-browser-build#41023: Update lead.png symlink and blog post template in tools/signing/create-blog-post
Bug rbm#40063: RBM's chroot fails in Fedora
Bug rbm#40064: Using exec on project with no git_url/hg_url is causing warning
macOS:
Bug tor-browser-build#41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step
Bug tor-browser-build#41007: gatekeeper-bundling.sh refers to old .tar.gz archive
Bug tor-browser-build#41014: Update libdmg-hfsplus to drop the OpenSSL patch
Bug tor-browser-build#41020: Opening MacOS dmg file is causing a warning, since 13.0
Android:
Bug tor-browser-build#41024: Fix android filenames in Release Prep issue templates

New in Tor Browser 13.0.5 (Nov 26, 2023)

New in Tor Browser 13.0.4 (Nov 22, 2023)

New in Tor Browser 13.5 Alpha 1 (Nov 5, 2023)

New in Tor Browser 13.0.1 (Oct 25, 2023)

New in Tor Browser 13.0 (Oct 13, 2023)

Refreshed application icons:
Earlier this year we spent some time artworking the Mullvad Browser logo into the various assets needed to support its release – including application, installer and document icons that conform to each platform's conventions. While getting up to speed with the current requirements for each platform, we identified a number of gaps with Tor Browser too, and started working on new icons for Tor Browser in parallel.
For context, Tor Browser's current icon (sometimes referred to as the "onion logo") was selected by community poll over four years ago to succeed the older purple and green globe in Tor Browser 8.5. Given the community's involvement in its selection, its recognizability by netizens, and the simple fact that we still love the existing icon, we chose to focus on refining rather than replacing it entirely.
One of the motivations behind work like this is our philosophy that privacy-preserving products shouldn't be purely utilitarian, but can also spark joy. However there are practical benefits too: adhering to platform conventions provides better consistency, discernible application and installer icons help prevent user error, and attracting new users benefits everyone because anonymity loves company.
New homepage:
For the past year we've been working on a significant rewrite of Tor Browser's back-end, which recently provided us with the opportunity to rebuild one of the few internal pages that hasn't changed in a while: the homepage (often referred to by its internal reference, "about:tor"). Tor Browser 13.0's homepage now features the new application icons, a simplified design, and the ability to "onionize" your DuckDuckGo searches by switching to the DuckDuckGo onion site. Continuing the work that began in Tor Browser 12.5 to improve the browser's accessibility, the redesigned homepage also offers better support for users of screen readers and other assistive technology too.
Existing Tor Browser users can rejoice that the "red screen of death" – an infamous error state that the previous homepage would occasionally trip itself into – is long gone. As part of the back-end rewrite we've removed the automatic Tor network connectivity check that was a hold-over from the legacy tor-launcher, where bootstrapping was handled by an extension that ran before the browser interface appeared. As a result of the tighter tor integration and in-browser bootstrapping experience introduced in Tor Browser 10.5, the old logic behind this check would often fail and present some users with the red screen of death, even if their connection was fine.
In fact, all of the reports we've received of users hitting this screen with the default tor configuration since Tor Browser 10.5 have proven to be false positives, causing undue alarm. Although the check is arguably still useful for users running non-default configurations, neither of the main environments which do so – Tails and Whonix – use about:tor as their default new-tab or home pages. For everyone else, we've added a new banner to the redesigned homepage in place of the red screen of death to check that tor is connected and working as expected.
Bigger new windows:
The explanation for how and why Tor Browser works this way is going to get into the weeds a little, so be warned. However the main thing to take away is that new windows should be bigger by default and present themselves in a more useful landscape aspect-ratio for the majority of desktop users in Tor Browser 13.0. Now, about those weeds...
Letterboxing was introduced in Tor Browser 9.0 to allow users to resize their browser window without fear of being fingerprinted by rounding the inner content window (sometimes referred to as the "viewport") down to multiples of 200 x 100 pixels. This technique works by grouping the window sizes of most users into a series of common "buckets", protecting individual users within those buckets from being singled-out based on their window or screen size.
In order to preserve these protections when opening new windows, Tor Browser overrides platform defaults and will instead select a size that conforms to our letterboxing steps up to a maximum of 1000 x 1000 pixels. However, while that may have been fine in the past, a max width of 1000px is no longer suitable for the modern web. For example, on many newer websites the first responsive break point lies somewhere in the range of 1000 – 1200px, meaning by default Tor Browser users would receive website menus and layouts intended for tablet and mobile devices. Alternatively, on certain websites, users would receive the desktop version but with the annoyance of a horizontal scroll bar instead. This, naturally, would lead to users of these websites needing to expand each new window manually before it's usable.
In response we've bumped up the max size of new windows up to 1400 x 900 pixels and amended the letterboxing steps to match. Thanks to the increase in width, Tor Browser for desktop should no longer trigger responsive break points on larger screens and the vast majority of our desktop users will see a familiar landscape aspect-ratio more in-keeping with modern browsers. This particular size was chosen by crunching the numbers to offer greater real estate for new windows without increasing the number of buckets past the point of their usefulness. As an added bonus, we also expect that Tor Browser users will not feel the need to manually change their window size as frequently as before – thereby keeping more users aligned to the default buckets.
Technical notes:
We're pleased to report that we've made the naming scheme for all our build outputs mutually consistent. Essentially, this means that going forward the names of all our build artifacts should follow the format ${ARTIFACT}-${OS}-${ARCH}-${VERSION}.${EXT}. For example, the macOS .dmg package for 12.5 was named TorBrowser-12.5-macos_ALL.dmg, whereas for 13.0 it's named tor-browser-macos-13.0.dmg.
If you are a downstream packager or download Tor Browser artifacts using scripts or automation, you'll need to do a little more work beyond just bumping the version number to support this and future releases.
All Platforms:
Updated tor to 0.4.8.7
Updated OpenSSL to 3.0.11
Bug tor-browser-spec#40050: FF103 Audit
Bug tor-browser-spec#40051: FF104 Audit
Bug tor-browser-spec#40052: FF105 Audit
Bug tor-browser-spec#40053: FF106 Audit
Bug tor-browser-spec#40054: FF107 Audit
Bug tor-browser-spec#40055: FF108 Audit
Bug tor-browser-spec#40056: FF109 Audit
Bug tor-browser-spec#40057: FF110 Audit
Bug tor-browser-spec#40058: FF111 Audit
Bug tor-browser-spec#40059: FF112 Audit
Bug tor-browser-spec#40060: FF113 Audit
Bug tor-browser-spec#40061: FF114 Audit
Bug tor-browser-spec#40062: FF115 Audit
Bug tor-browser#26277: When "Safest" setting is enabled searching using duckduckgo should always use the Non-Javascript site for searches
Bug tor-browser#40577: Add "suggest url" in DDG onion's manifest
Bug tor-browser#40938: Migrate remaining torbutton functionality to tor-browser
Bug tor-browser#41092: Enable tracking query parameters stripping
Bug tor-browser#41327: Disable UrlbarProviderInterventions
Bug tor-browser#41399: Update Mozilla's patch for Bug 1675054 to enable brotli encoding for HTTP onions as well
Bug tor-browser#41477: Review some extensions.* preferences
Bug tor-browser#41496: Review 000-tor-browser.js and 001-base-profile.js for 115
Bug tor-browser#41576: ESR115: ensure no remote calls for weather & addon suggestions
Bug tor-browser#41605: Remove unused assets from torbutton (preferences-mobile.css)
Bug tor-browser#41675: Remove javascript.options.large_arraybuffers
Bug tor-browser#41727: WebRTC privacy-hardening settings
Bug tor-browser#41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing
Bug tor-browser#41752: Review changes done by Bug 41565
Bug tor-browser#41796: Rebase Tor Browser to Firefox 115
Bug tor-browser#41797: Lock RFP in release builds
Bug tor-browser#41934: Websocket raises DOMException on http onions in 13.0a1
Bug tor-browser#41936: Review Mozilla 1770158: Use double-conversion library instead of dtoa for string-to-double conversion
Bug tor-browser#41937: Review Mozilla 1780014: Add specific telemetry for conservative and first-try handshakes
Bug tor-browser#41938: Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket server
Bug tor-browser#41939: Review Mozilla 1728871: Support fetching data from Remote Setting
Bug tor-browser#41941: Review Mozilla 1775254: Improve Math.pow accuracy for large exponents
Bug tor-browser#41943: Lock javascript.options.spectre.disable_for_isolated_content to false
Bug tor-browser#41945: Review Mozilla 1783019: Add a cookie banner service to automatically handle website cookie banners
Bug tor-browser#41946: Review Mozilla 1782579: Add a locale parameter to the text recognition API
Bug tor-browser#41947: Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime
Bug tor-browser#41950: Review Mozilla 1788668: Add the possibility to check that the clipboard contains some pdfjs stuff
Bug tor-browser#41951: Review Mozilla 1790681: Enable separatePrivateDefault by default
Bug tor-browser#41959: Review Mozilla 1795944: Remove descriptionheightworkaround
Bug tor-browser#41960: Review Mozilla 1797896: Proxy environment variables should be upper case / case insensitive
Bug tor-browser#41961: Review Mozilla 1798868: Hide cookie banner handling UI by default
Bug tor-browser#41969: Review Mozilla 1746983: Re-enable pingsender2
Bug tor-browser#41970: Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest
Bug tor-browser#41984: Rename languageNotification.ftl to base-browser.ftl
Bug tor-browser#42013: Review Mozilla 1834374: Do not call EmptyClipboard() in nsBaseClipboard destructor
Bug tor-browser#42014: Review Mozilla 1832791: Implement a Remote Settings for the Quarantined Domains pref
Bug tor-browser#42015: Review Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtc
Bug tor-browser#42019: Empty browser's clipboard on browser shutdown
Bug tor-browser#42026: Disable cookie banner service and UI.
Bug tor-browser#42029: Defense-in-depth: disable non-proxied UDP WebRTC
Bug tor-browser#42034: aboutTBUpdate.dtd is duplicated
Bug tor-browser#42043: Disable gUM: media.devices.enumerate.legacy.enabled
Bug tor-browser#42061: Move the alpha update channel creation to a commit on its own
Bug tor-browser#42084: Race condition with language preferences may make spoof_english ineffective
Bug tor-browser#42085: NEWNYM signal missing on Whonix
Bug tor-browser#42094: Disable media.aboutwebrtc.hist.enabled as security in-depth
Bug tor-browser#42120: Use foursquare as domain front for snowflake
Bug tor-browser-build#40887: Update Webtunnel version to 38eb5505
Windows + macOS + Linux:
Updated Firefox to 115.3.1esr
Bug tor-browser#30556: Re-evaluate letterboxing dimension choices
Bug tor-browser#32328: Improve error recovery from the red screen of death
Bug tor-browser#33282: Increase the max width of new windows
Bug tor-browser#33955: Selecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications.
Bug tor-browser#40175: Connections in reader mode are not FPI
Bug tor-browser#40982: Cleanup maps in tor-circuit-display
Bug tor-browser#40983: Move not UI-related torbutton.js code to modules
Bug tor-browser#41165: Crash with debug assertions enabled
Bug tor-browser#41333: Modernize Tor Browser's new-tab page (about:tor)
Bug tor-browser#41423: about:tor semantic and accessibility problems
Bug tor-browser#41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog
Bug tor-browser#41581: ESR115: figure out extension pinning / unified Extensions
Bug tor-browser#41639: Fix the wordmark (title and background) of the "About Tor Browser" window
Bug tor-browser#41642: Do not hide new PBM in the hamburger menu if auto PBM is not enabled
Bug tor-browser#41651: Use moz-toggle in connection preferences
Bug tor-browser#41691: "Firefox Suggest" text appearing in UI
Bug tor-browser#41717: Bookmark toolbar visibility on new tabs is not honored when new tab page is not about:blank
Bug tor-browser#41739: Remove "Website appearance"
Bug tor-browser#41741: Refactor the domain isolator and new circuit
Bug tor-browser#41765: TTP-02-006 WP1: Information leaks via custom homepage (Low)
Bug tor-browser#41766: TTP-02-001 WP1: XSS in TorConnect's captive portal (Info)
Bug tor-browser#41771: Decide what to do for firefoxview
Bug tor-browser#41774: Hide the new "Switching to a new device" help menu item
Bug tor-browser#41791: Copying page contents also puts the source URL on the clipboard
Bug tor-browser#41812: Review layout for XUL elements
Bug tor-browser#41813: Look out for links missing underlines in ESR 115-based alphas
Bug tor-browser#41821: Fix the proxy type in the proxy modal of about:preferences in 13.0
Bug tor-browser#41822: The default browser button came back on 115
Bug tor-browser#41833: Reload extensions on new identity
Bug tor-browser#41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons
Bug tor-browser#41842: Remove the old removal logics from Torbutton
Bug tor-browser#41844: Stop using the control port directly
Bug tor-browser#41845: Stop forcing (bad) pref values for non-PBM users
Bug tor-browser#41852: Review the Tor Check Service UX
Bug tor-browser#41864: TOR_CONTROL_HOST and TOR_SOCKS_HOST do not work as expected when the browser launches tor
Bug tor-browser#41865: Use --text-color-deemphasized rather than --panel-description-color
Bug tor-browser#41874: Visual & A11 regressions in add-on badges
Bug tor-browser#41876: Remove Firefox View from title bar
Bug tor-browser#41877: NoScript seems to be blocking by default in the first 115-based testbuild
Bug tor-browser#41881: Developer tools/Network/New Request remembers requests
Bug tor-browser#41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning
Bug tor-browser#41904: The log textarea doesn't resize anymore
Bug tor-browser#41906: Hide about:preferences#privacy > DNS over HTTPS section
Bug tor-browser#41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping
Bug tor-browser#41912: "Use Current Bridges" is shown for users even when there aren't any current bridges
Bug tor-browser#41922: Unify the bridge line parsers
Bug tor-browser#41923: The path normalization results in warnings
Bug tor-browser#41924: Small refactors for TorProcess
Bug tor-browser#41925: Remove the torbutton startup observer
Bug tor-browser#41926: Refactor the control port client implementation
Bug tor-browser#41931: Regression: new window leaks outer window
Bug tor-browser#41935: Improve new window & letterboxing dimensions
Bug tor-browser#41940: Review Mozilla 1739348: When a filetype is set to "always ask" and the user makes a save/open choice in the dialog, we should not also open the downloads panel
Bug tor-browser#41949: Review Mozilla 1782578: Implement a context menu modal for text recognition
Bug tor-browser#41954: Inputs in the request a bridge dialog are cut-off in 13.0 alpha
Bug tor-browser#41957: Revert to Fx's default identity block style for internal pages
Bug tor-browser#41958: Console error when closing tor browser with about:preferences open
Bug tor-browser#41964: emojiAnnotations not defined in time in connection preferences
Bug tor-browser#41965: TorConnect error when opening browser tools
Bug tor-browser#41971: Update Tails URL in downloads warning
Bug tor-browser#41973: Custom wingpanels don't line up with their toolbar icons in 13.0 alpha
Bug tor-browser#41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
Bug tor-browser#41975: Downloads warning text too narrow in 13.0 alpha
Bug tor-browser#41976: Bottom padding on collapsed bridge cards has increased in 13.0 alpha
Bug tor-browser#41977: Hide the "Learn more" link in bridge cards
Bug tor-browser#41980: Circuit display headline is misaligned in 13.0 alpha
Bug tor-browser#41981: Review Mozilla 1800675: Add about:preferences entry for cookie banner handling
Bug tor-browser#41983: Review Mozilla 1770447: Create a reusable "support-link" widget
Bug tor-browser#41986: Fix the control port password handling
Bug tor-browser#41994: CSS (and other assets) of some websites blocked in 13.0 alpha
Bug tor-browser#42022: Prevent extension search engines from breaking the whole search system
Bug tor-browser#42027: Create a Base Browser version of migrateUI
Bug tor-browser#42037: Disable about:firefoxview
Bug tor-browser#42041: TBB --allow-remote mixes up with plain Firefox
Bug tor-browser#42045: Circuit panel overflows with long ipv6 addresses
Bug tor-browser#42046: Remove XUL layout hacks from base browser
Bug tor-browser#42047: Remove layout hacks from tor browser preferences
Bug tor-browser#42050: Bring back Save As... dialog as default
Bug tor-browser#42073: Add simplified onion pattern to the new homepage
Bug tor-browser#42075: Fix link spacing and underline on new homepage
Bug tor-browser#42079: TorConnect: handle switching from Bootstrapped to Configuring state
Bug tor-browser#42083: RemoteSecuritySettings.init throws error in console
Bug tor-browser#42091: Onion authorization prompt overflows
Bug tor-browser#42092: Onion services key table display problems.
Bug tor-browser#42098: Implement Windows installer icons
Bug tor-browser#42100: Connect Assist dropdown text not centered
Bug tor-browser#42102: TorProcess says the SOCKS port is not valid even though it is
Bug tor-browser#42109: Onion services keys table has empty column headers.
Bug tor-browser#42110: Add a utility module for shared UI methods needed for several tor browser components
Bug tor-browser#42126: moat and connect assist broken for people who can't reach domain front
Bug tor-browser#42129: Disable the Tor restart prompt if shouldStartAndOwnTor is false
Bug tor-browser#42131: Tor Browser 13.0a5 does not track circuits created before Tor Browser started
Bug tor-browser#42132: The new control port handling in Tor Browser 13 breaks a Tails security feature
Bug tor-browser#42138: Disable apz.overscroll.enabled pref
Bug tor-browser#42155: Drop the unused code for the old bridge removal warning
Bug tor-browser#42159: Responsive Design Mode not working correctly
Bug tor-browser#42160: Allow specifying a TOR_PROVIDER=none to configure only the proxy settings during the TorProviderBuilder initialization
Bug tor-browser#42166: New identity dialog missing accessible name
Bug tor-browser#42167: Make the preference auto-focus more reliable
Bug tor-browser-build#40821: The update details URL is wrong in alphas
Bug tor-browser-build#40893: Update (Noto) fonts for 13.0
Bug tor-browser-build#40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class
Bug tor-browser-build#40938: Copy the new tor-browser.ftl file to the appropriate directory
Windows + Android:
Bug tor-browser-build#40930: Upate zlib to 1.3 after 13.0a3
Windows:
Bug tor-browser#40737: Revert backout of Mozilla's fix for bug 1724777
Bug tor-browser#41658: Create new installer icons for Windows
Bug tor-browser#41798: Stop building private_browsing.exe on Windows
Bug tor-browser#41806: Prevent Private Browsing start menu item to be added automatically
Bug tor-browser#41942: Review Mozilla 1682520: Use the WER runtime exception module to catch early crashes
Bug tor-browser#41944: Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed.
Bug tor-browser#42008: Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is broken
Bug tor-browser#42010: Review Mozilla 1810641: Enable overscroll on Windows on all channels
Bug tor-browser#42087: Implement Windows application icons
Bug tor-browser-build#40954: Implement Windows installer icons
macOS:
Bug tor-browser#41948: Review Mozilla 1782981: Hide the text recognition context menu if the macOS version doesn't support APIs
Bug tor-browser#41955: Update macOS volume window background
Bug tor-browser#41982: Review Mozilla 1762392: Add Cocoa platform support for paste files
Bug tor-browser#42057: Disable Platform text-recognition functionality
Bug tor-browser#42078: Implement MacOS application icons
Bug tor-browser#42147: Add browser.helperApps.deleteTempFileOnExit to our profile
Linux:
Bug tor-browser#41509: After update, KDE Plasma identifies Tor Browser Nightly window group as "firefox-nightly"
Bug tor-browser#41884: Linux: set browser.tabs.searchclipboardfor.middleclick to false
Bug tor-browser#42088: Implement Linux application icons
Bug tor-browser-build#40576: Fontconfig warning: remove 'blank' configuration
Android:
Updated GeckoView to 115.3.1esr
Bug tor-browser#41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path
Bug tor-browser#41882: Update DuckDuckGo icons
Bug tor-browser#41911: Firefox-Android tor bootstrap connect button css broken
Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser
Bug tor-browser#41972: Disable Firefox onboarding in 13.0
Bug tor-browser#41990: Review Mozilla 1811531: Add 'site' query parameter to Pocket sponsored stories request
Bug tor-browser#41991: Review Mozilla 1812518: Allow a custom View for 3rd party downloads
Bug tor-browser#41993: Review Mozilla 1810761: Add API for saving a PDF
Bug tor-browser#41996: App includes com.google.android.gms.permission.AD_ID permission
Bug tor-browser#41997: com.adjust.sdk.Adjust library enables AD_ID permission even though we aren't using it
Bug tor-browser#41999: TB13.0a2 android: center text on connect button
Bug tor-browser#42001: Hide 'Open links in external app' settings option and force defaults
Bug tor-browser#42002: Review Mozilla 1809305: Allow user to copy an image to the clipboard
Bug tor-browser#42003: Review Mozilla 1819431: Reimplement default browser notification with Nimbus Messaging equivalent
Bug tor-browser#42004: Review Mozilla 1818015: Use a custom tab or the view we use for Sync onboarding for the Privacy button
Bug tor-browser#42005: Review Mozilla 1816932: Add Maps to app links common sub domains
Bug tor-browser#42006: Review Mozilla 1817726: Allow sharing current tab URL from Android's Recents (App Overview) screen.
Bug tor-browser#42007: Review Mozilla 1805450: Allow users to submit site support requests in Fenix
Bug tor-browser#42012: Review Mozilla 1810629: add an Android shortcut to go straight to the login and passwords page
Bug tor-browser#42016: Review Mozilla 1832069: Implement Google Play Referrer Library to fetch referrer URL
Bug tor-browser#42018: Rebase Firefox for Android to 115.2.1
Bug tor-browser#42023: Remove FF what's new from Android
Bug tor-browser#42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen
Bug tor-browser#42074: YEC 2023 Takeover for Android Stable
Bug tor-browser#42076: Theme is visible in options, but shouldn't be
Bug tor-browser#42089: Disable the Cookie Banner Reduction site support requests (Mozilla 1805450)
Bug tor-browser#42114: Disable Allow sharing current tab URL from Android's Recents screen in private browsing mode
Bug tor-browser#42115: Enhanced Tracking Protection can still be enabled
Bug tor-browser#42122: playstore console crashes: java.lang.NoSuchMethodError
Bug tor-browser#42133: Remove "Total Cookie Protection" popup
Bug tor-browser#42134: Remove Android icon shortcuts
Bug tor-browser#42156: Screenshot allowing still blocks homescreen (android)
Bug tor-browser#42157: Fix Help button URL
Bug tor-browser#42165: Remove "Add to shortcuts" and "Remove from shortcuts" buttons
Bug tor-browser#42158: Remove "Customize Homepage" button
Bug tor-browser-build#40740: Tor Browser for Android's snowflake ClientTransportPlugin seems to be out of date
Bug tor-browser-build#40919: Fix nimbus-fml reproducibility of 13.0a2-build1
Bug tor-browser-build#40941: Remove PT process options on Android
Build System:
All Platforms:
Updated Go to 1.21.1
Bug tor-browser#42130: Add support for specifying the branch in tb-dev rebase-on-default
Bug tor-browser-build#31588: Be smarter about vendoring for Rust projects
Bug tor-browser-build#40089: Clean up usage of get-moz-build-date script
Bug tor-browser-build#40410: Get rid of python2
Bug tor-browser-build#40487: Bump Python version
Bug tor-browser-build#40741: Update browser and tor-android-service projects to pull data from pt_config.json
Bug tor-browser-build#40802: Drop the patch for making WASI reproducible
Bug tor-browser-build#40829: Review and standardize naming scheme for browser installer/package artifacts
Bug tor-browser-build#40854: Update to OpenSSL 3.0
Bug tor-browser-build#40855: Update toolchains for Mozilla 115
Bug tor-browser-build#40868: Bump Rust to 1.69.0
Bug tor-browser-build#40880: The README doesn't include some dependencies needed for building incrementals
Bug tor-browser-build#40886: Update README with instructions for Arch linux
Bug tor-browser-build#40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates
Bug tor-browser-build#40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality
Bug tor-browser-build#40929: Update go to 1.21 series after 13.0a3
Bug tor-browser-build#40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml
Bug tor-browser-build#40935: Fix fallout from build target rename in signing scripts
Bug tor-browser-build#40948: Remove lyrebird-vendor sha256sum in nightly
Bug tor-browser-build#40957: Expired subkey warning on Tor Browser GPG verification
Bug tor-browser-build#40972: Handle Mullvad Browser in the changelog script and group entries by project
Windows + macOS + Linux:
Bug tor-browser#41967: Add a Makefile recipe to create multi-lingual dev builds
Bug tor-browser-build#40149: Remove patching of nightly update URL
Bug tor-browser-build#40615: Consider adding a readme to the fonts directory
Bug tor-browser-build#40907: Sometimes debug information are not deterministic with Clang 16.0.4
Bug tor-browser-build#40922: Use base-browser.ftl instead of languageNotification.ftl
Bug tor-browser-build#40931: Fix incrementals after tor-browser-build#40829
Bug tor-browser-build#40933: Fix generating incrementals between 12.5.x and 13.0
Bug tor-browser-build#40942: Use the branch to build Base Browser
Bug tor-browser-build#40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files
Bug tor-browser-build#40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml
Bug tor-browser-build#40956: Allow testing the updater also with release and alpha channel
Windows:
Bug tor-browser#41995: Generated headers on Windows aren't reproducible
Bug tor-browser-build#40832: Unify mingw-w64-clang 32+64 bits
Bug tor-browser-build#40940: Change position of the install|portable in the builds filenames
macOS:
Bug tor-browser#42035: Update tools/torbrowser/ scripts to support macOS dev environment
Bug tor-browser-build#40943: Update libdmg-hfsplus to include our uplifted patch
Bug tor-browser-build#40951: Firefox fails to build for macOS after tor-browser-build#40938
Linux:
Bug tor-browser#42071: tor-browser deployed format changed breaking fetch.sh
Bug tor-browser-build#40102: Move from Debian Jessie to Debian Stretch for our Linux builds
Bug tor-browser-build#40971: Stop shipping Linux i686 debug archive until we actually produce the symbols
Android:
Bug tor-browser#41899: Use LLD for Android
Bug tor-browser-build#40867: Create a RBM project for the unified Android repository
Bug tor-browser-build#40917: Remove the uniffi-rs project
Bug tor-browser-build#40918: The commit hash is still not displayed about:buildconfig on Android
Bug tor-browser-build#40920: Non-deterministic generation of baseline.profm file in Android apks
Bug tor-browser-build#40963: Tor Browesr 13.0 torbrowser-testbuild-android* targets fail to build
Bug tor-browser-build#40974: firefox-android fails to build in release

New in Tor Browser 13.0 Alpha 6 (Oct 1, 2023)

New in Tor Browser 12.5.6 (Oct 1, 2023)

New in Tor Browser 12.5.5 (Sep 27, 2023)

New in Tor Browser 13.0 Alpha 5 (Sep 25, 2023)

All Platforms:
Updated Translations
Updated OpenSSL to 3.0.11
Updated tor to 0.4.8.6
Bug tor-browser#40938: Migrate remaining torbutton functionality to tor-browser
Bug tor-browser#41327: Disable UrlbarProviderInterventions
Bug tor-browser#42026: Disable cookie banner service and UI.
Bug tor-browser#42094: Disable media.aboutwebrtc.hist.enabled as security in-depth
Bug tor-browser#42112: Rebase alpha to 115.3.0esr
Bug tor-browser#42120: Use foursquare as domain front for snowflake
Windows + macOS + Linux:
Updated Firefox to 115.3.0esr
Bug tor-browser-build#40893: Update (Noto) fonts for 13.0
Bug tor-browser#41639: Fix the wordmark (title and background) of the "About Tor Browser" window
Bug tor-browser#41822: The default browser button came back on 115
Bug tor-browser#41864: TOR_CONTROL_HOST and TOR_SOCKS_HOST do not work as expected when the browser launches tor
Bug tor-browser#41903: The info icon on the language change prompt is not shown
Bug tor-browser#41957: Revert to Fx's default identity block style for internal pages
Bug tor-browser#41958: Console error when closing tor browser with about:preferences open
Bug tor-browser#41986: Fix the control port password handling
Bug tor-browser#42037: Disable about:firefoxview
Bug tor-browser#42073: Add simplified onion pattern to the new homepage
Bug tor-browser#42079: TorConnect: handle switching from Bootstrapped to Configuring state
Bug tor-browser#42083: RemoteSecuritySettings.init throws error in console
Bug tor-browser#42091: Onion authorization prompt overflows
Bug tor-browser#42092: Onion services key table display problems.
Bug tor-browser#42102: TorProcess says the SOCKS port is not valid even though it is
Bug tor-browser#42110: Add a utility module for shared UI methods needed for several tor browser components
Windows:
Bug tor-browser#41798: Stop building private_browsing.exe on Windows
macOS:
Bug tor-browser#42078: Implement MacOS application icons
Linux:
Bug tor-browser#42088: Implement Linux application icons
Android:
Updated GeckoView to 115.3.0esr
Bug tor-browser#42089: Disable Mozilla 1805450
Bug tor-browser#42122: Fix crash due to bad android deprecation and APIs
Build System:
Windows + macOS + Linux:
Bug tor-browser-build#40956: Allow testing the updater also with release and alpha channel
Windows:
Bug tor-browser#41995: Generated headers on Windows aren't reproducible

New in Tor Browser 13.0 Alpha 4 (Sep 15, 2023)

All Platforms:
Updated Translations
Updated NoScript to 11.4.27
Updated tor to 0.4.8.5
Updated Snowflake to 2.6.1
Bug tor-browser-build#40951: Firefox fails to build for macos after #40938
Bug tor-browser#41675: ESR115: decide on large array buffers
Bug tor-browser#41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing
Bug tor-browser#41797: Lock RFP in release builds
Bug tor-browser#41934: Websocket raises DOMException on http onions in 13.0a1
Bug tor-browser#42034: aboutTBUpdate.dtd is duplicated
Bug tor-browser#42043: Disable gUM: media.devices.enumerate.legacy.enabled
Bug tor-browser#42061: Move the alpha update channel creation to a commit on its own
Bug tor-browser#42084: Race condition with language preferences may make spoof_english ineffective
Bug tor-browser#42093: Rebase alpha onto 115.2.1esr
Windows + macOS + Linux:
Updated Firefox to 115.2.1esr
Bug tor-browser-build#40149: Remove patching of nightly update URL
Bug tor-browser-build#40821: The update details URL is wrong in alphas
Bug tor-browser-build#40938: Copy the new tor-browser.ftl file to the appropriate directory
Bug tor-browser#41333: Modernize Tor Browser's new-tab page (about:tor)
Bug tor-browser#41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog
Bug tor-browser#41651: Use moz-toggle in connection preferences
Bug tor-browser#41739: Remove "Website appearance"
Bug tor-browser#41774: Hide the new "Switching to a new device" help menu item
Bug tor-browser#41821: Fix the proxy type in the proxy modal of about:preferences in 13.0
Bug tor-browser#41865: Use --text-color-deemphasized rather than --panel-description-color
Bug tor-browser#41876: Remove firefox view from title bar
Bug tor-browser#41881: Developer tools/Network/New Request remembers requests
Bug tor-browser#41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning
Bug tor-browser#41904: The log textarea doesn't resize anymore
BUg 41906: hide about:preferences#privacy > DNS over HTTPS section [tor-browser]
Bug tor-browser#41971: Update Tails URL in downloads warning
Bug tor-browser#41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
Bug tor-browser#41977: Hide the "Learn more" link in bridge cards
Bug tor-browser#41980: Circuit display headline is misaligned in 13.0 alpha
Bug tor-browser#42027: Create a Base Browser version of migrateUI
Bug tor-browser#42045: Circuit panel overflows with long ipv6 addresses
Bug tor-browser#42046: Remove XUL layout hacks from base browser
Bug tor-browser#42047: Remove layout hacks from tor browser preferences
Bug tor-browser#42050: Bring back Save As... dialog as default
Bug tor-browser#42075: Fix link spacing and underline on new homepage
Windows + Android:
Updated zlib to 1.3
Bug tor-browser-build#40930: Update zlib to 1.3 after 13.0a3
macOS:
Bug tor-browser#42057: Disable Platform text-recognition functionality
Linux:
Bug tor-browser#41509: After update, KDE Plasma identifies Tor Browser Nightly window group as "firefox-nightly"
Android:
Updated GeckoView to 115.2.1esr
Bug tor-browser-build#40941: Remove PT process options on Android
Bug tor-browser#41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path
Bug tor-browser#41879: firefox-android: Add Tor integration and UI commit is too big, needs to be split up
Bug tor-browser#41882: Update DuckDuckGo icons
Bug tor-browser#41987: Tor Browser Android Onboarding Plan
Bug tor-browser#42001: Hide 'Open links in external app' settings option and force defaults
Bug tor-browser#42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen
Bug tor-browser#42076: Theme is visable in options, but shouldn't be
Build System:
All Platforms:
Updated Go to 1.21.1
Bug tor-browser-build#40929: Update go to 1.21 series after 13.0a3
Bug tor-browser-build#40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml
Bug tor-browser-build#40935: Fix fallout from build target rename in signing scripts
Bug tor-browser-build#40948: Remove lyrebird-vendor sha256sum in nightly
Windows + macOS + Linux:
Bug tor-browser-build#40786: deploy_update_responses-*.sh requires +r permissions to run
Bug tor-browser-build#40931: Fix incrementals after tor-browser-build#40829
Bug tor-browser-build#40933: Fix generating incrementals between 12.5.x and 13.0
Bug tor-browser-build#40942: Use the branch to build Base Browser
Bug tor-browser-build#40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files
Bug tor-browser-build#40946: override_updater_url does not work for Mullvad Browser
Bug tor-browser-build#40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml
macOS:
Bug tor-browser-build#40943: Update libdmg-hfsplus to include our uplifted patch
Bug tor-browser#42035: Update tools/torbrowser/ scripts to support macOS dev environment
Linux:
Bug tor-browser#42071: tor-browser deployed format changed breaking fetch.sh

New in Tor Browser 12.5.4 (Sep 14, 2023)

New in Tor Browser 12.5.3 (Aug 30, 2023)

New in Tor Browser 13.0 Alpha 3 (Aug 25, 2023)

New in Tor Browser 13.0 Alpha 2 (Aug 14, 2023)

All Platforms:
Updated Translations
Updated NoScript to 11.4.26
Updated OpenSSL to 3.0.10
Updated tor to 0.4.8.3-rc
Bug tor-browser#41909: Rebase 13.0 alpha to 115.1.0 esr
Windows + macOS + Linux:
Updated Firefox to 115.1.0esr
Bug tor-browser#30556: Re-evaluate letterboxing dimension choices
Bug tor-browser#33282: Increase the max width of new windows
Bug tor-browser#40982: Cleanup maps in tor-circuit-display
Bug tor-browser#40983: Move not UI-related torbutton.js code to modules
Bug tor-browser#41844: Stop using the control port directly
Bug tor-browser#41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping
Bug tor-browser#41922: Unify the bridge line parsers
Bug tor-browser#41923: The path normalization results in warnings
Bug tor-browser#41924: Small refactors for TorProcess
Bug tor-browser#41925: Remove the torbutton startup process
Bug tor-browser#41926: Refactor the control port client implementation
Bug tor-browser#41964: 'emojiAnnotations' not defined in time in connection preferences
Android:
Updated GeckoView to 115.1.0esr
Bug tor-browser-build#40919: Fix nimbus-fml reproducibility of 13.0a2-build1
Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser
Bug tor-browser#41972: Disable Firefox onboarding in 13.0
Bug tor-browser#41997: Remove all use and reference to com.adjust.sdk.Adjust which now uses AD_ID
Build System:
All Platforms:
Updated Go to 1.20.7
Bug tor-browser-build#31588: Be smarter about vendoring for Rust projects
Bug tor-browser-build#40855: Update toolchains for Mozilla 115
Bug tor-browser-build#40880: The README doesn't include some dependencies needed for building incrementals
Bug tor-browser-build#40905: Go vendor archives ignore the nightly version override on testbuilds
Bug tor-browser-build#40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality
Bug tor-browser-build#40909: Add dan_b and ma1 to list of taggers in relevant projects
Bug tor-browser-build#40913: add boklm back to list of taggers in relevant projects
Windows + macOS + Linux:
Bug tor-browser-build#40615: Consider adding a readme to the fonts directory
Bug tor-browser-build#40907: Mar-tools aren't deterministic on 13.0a1
Windows:
Bug tor-browser-build#31546: Create and expose PDB files for Tor Browser debugging on Windows
Android:
Bug tor-browser-build#40867: Create a RBM project for the unified Android repository
Bug tor-browser-build#40917: Remove the uniffi-rs project
Bug tor-browser#41899: Use LLD for Android
Bug tor-browser-build#40920: Non-deterministic generation of baseline.profm file in Android apks

New in Tor Browser 12.5.2 (Aug 3, 2023)

New in Tor Browser 13.0 Alpha 1 (Jul 27, 2023)

All Platforms:
Updated Translations
Updated NoScript to 11.4.25
Updated OpenSSL to 3.0.9
Updated Go to 1.20.6
Updated tor to 0.4.8.2-alpha
Bug tor-browser#40577: Add "suggest url" in DDG onion's manifest
Bug tor-browser-build#40885: Bump version of snowflake to v2.6.0
Bug tor-browser-build#40887: Update Webtunnel version to 38eb5505
Bug tor-browser#41092: Enable tracking query parameters stripping
Bug tor-browser#41399: Update Mozilla's patch for Bug 1675054 to enable brotli encoding for HTTP onions as well
Bug tor-browser#41759: Rebase Base Browser to 115 nightly
Bug tor-browser#41796: Rebase Tor Browser to Firefox 115
Windows + macOS + Linux:
Updated Firefox to 115.0.2esr
Bug tor-browser#26277: When "Safest" setting is enabled searching using duckduckgo should always use the Non-Javascript site for searches
Bug tor-browser#33955: Selecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications.
Bug tor-browser#41741: Refactor the domain isolator and new circuit
Bug tor-browser#41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons
Bug tor-browser#41842: Remove the old removal logics from Torbutton
Bug tor-browser#41845: Stop forcing (bad) pref values for non-PBM users
Bug tor-browser#41854: Download Spam Protection cannot be overridden to allow legitimate downloads
Bug tor-browser#41874: Visual & A11 regressions in add-on badges
Build System:
All Platforms:
Bug tor-browser-build#40089: Clean up usage of get-moz-build-date script
Bug tor-browser-build#40410: Get rid of python2
Bug tor-browser-build#40487: Bump Python version
Bug tor-browser-build#40802: Drop the patch for making WASI reproducible
Bug tor-browser-build#40854: Update to OpenSSL 3.0
Bug tor-browser-build#40855: Update toolchains for Mozilla 115
Bug tor-browser-build#40868: Bump Rust to 1.69.0
Bug tor-browser-build#40886: Update README with instructions for Arch linux
Bug tor-browser-build#40889: Add mullvad sha256sums URL to tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
Bug tor-browser-build#40894: Fix format of keyring/boklm.gpg
Bug tor-browser-build#40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates
Windows:
Bug tor-browser-build#40832: Unify mingw-w64-clang 32+64 bits
Linux:
Bug tor-browser-build#40102: Move from Debian Jessie to Debian Stretch for our Linux builds

New in Tor Browser 12.5.1 (Jul 6, 2023)

New in Tor Browser 12.5 (Jun 23, 2023)

Updated circuit display:
In Tor Browser for desktop, the Tor circuit for each of your tabs can be found in the circuit display. Up until this release the circuit display lived in the site information panel – meaning you'd have to click the padlock icon (or onion icon, in the case of onion sites) to the left of the address bar to access it. Usability testing participants often struggled to find the circuit display when asked, and users generally needed to be taught where it lived.
To fix this, we've moved the circuit display behind a colorful new icon that sits beside the padlock. In addition, relays now have flags to help make their locations easier to identify at a glance; the design of onion site circuits has been made more concise; SecureDrop users who visit a human-readable onion name can now see and switch back to the underlying V3 onion address; and the panel as a whole has been rebuilt from scratch for better compatibility with screen readers.
New onion site icons:
Previously, onion sites were represented by the onion-glyph – a tiny, flat version of Tor Browser's onion logo. Now, when you visit an onion site in Tor Browser 12.5 on either desktop or Android you'll notice something new.
It's important to recognize that onion services are not exclusive to Tor Browser, and are a product in their own right. As onion service adoption has grown among civil society groups, human rights organizations, and news media outlets, so too has support for visiting onion services by third-party apps. Today, in addition to Tor Browser, you can also access onion services in compatible apps like Orbot, Onion Browser and Brave, to name a few. Given that, it no longer makes sense to continue to represent onion sites with an icon so closely associated with Tor Browser, and we're excited to introduce their new identity today.
Improved connection experience:
In Tor Browser 10.5 for desktop we retired the Tor Launcher in favor of a new interface that allows users to connect to Tor from the browser window itself. This feature unlocked the added benefit of being able to access Tor Browser's other menus while offline, including Connection settings, which offers greater functionality than the equivalent Tor Launcher settings page ever did.
Since that release, usability testing participants have sometimes had difficulty figuring out how to connect after navigating away from the Connect to Tor tab. To remedy this, we've made the Connect button accessible in the address bar of any page you visit while offline, and Tor Browser will connect automatically after you've configured a bridge in Connection settings. We've also improved the visibility of the browser's connection status, which can now be found in the top-right of the browser window, and you'll notice a new connection icon appear throughout the browser too.
Better accessibility:
As Tor Browser is based on the Extended Support Release of Firefox, we reuse as much of Firefox's front-end user experience as possible so that we can concentrate our resources on privacy and security issues. However Tor Browser also includes many custom pages and components on top of Firefox.
In parallel with longstanding efforts by Mozilla to improve Firefox's accessibility, we began an accessibility review of our own to document issues with Tor Browser for desktop's custom features. This review has now been completed, and we're beginning to deploy the first fixes in what will be a multi-release effort to improve Tor Browser's accessibility.
Since Tor Browser 11.5 we've refactored several components including bundled changelogs (about:tbupdate), the circuit display, the security level panel, miscellaneous dialogs and other parts of the browser chrome. If you use a screen reader or any other assistive technology, we'd love to get your help testing past and future fixes by volunteering as an alpha tester and feeding back to our developers on the Tor forum.
Finnish language support:
In Tor Browser 12.0 we added support for Albanian and Ukrainian. Now, thanks to the incredible work of our volunteer translators and partners at the Localization Lab, we're delighted to include Finnish (Suomi) as a language option on both desktop and Android too. If you spot an error in Finnish or any other language, you can learn more about how to contribute to the translation of Tor Browser, its documentation and our websites on our localization portal.
Full changelog:
All Platforms:
Updated Translations:
Bug tor-browser-build#40353: Re-enable rlbox
Bug tor-browser-build#40810: Add Finnish (fi) language support
Bug tor-browser#41066: Circuit Isolation should take containers into account
Bug tor-browser#41428: Check if we can create our own directories for branding
Bug tor-browser#41514: eslint broken since migrating torbutton
Bug tor-browser#41568: Disable LaterRun
Bug tor-browser#41599: about:networking#networkid should be normalized
Bug tor-browser#41624: Disable unused about: pages
Bug tor-browser#41635: Disable the Normandy component at compile time
Bug tor-browser#41636: Disable back webextension.storage.sync after ensuring NoScript settings won't be lost
Bug tor-browser#41647: Turn --enable-base-browser in --with-base-browser-version
Bug tor-browser#41662: Disable about:sync-logs
Bug tor-browser#41671: Turn media.peerconnection.ice.relay_only to true as defense in depth against WebRTC ICE leaks
Bug tor-browser#41689: Remove startup.homepage_override_url from Base Browser
Bug tor-browser#41704: Immediately return on remoteSettings.pollChanges
Bug tor-browser#41738: Replace the patch to disable live reload with its preference
Bug tor-browser#41763: TTP-02-003 WP1: Data URI allows JS execution despite safest security level (Low)
Bug tor-browser#41775: Avoid re-defining some macros in nsUpdateDriver.cpp
Bug tor-browser#41818: Remove YEC 2022 strings
Windows + macOS + Linux:
Bug mullvad-browser#165: Fix maximization warning x button and preference
Bug tor-browser#20497: Improve support for non-portable mode
Bug tor-browser#33298: HTTP onion sites do not give a popup warning when submitting form data to non-onion HTTP sites
Bug tor-browser#40144: about:privatebrowsing Firefox branding
Bug tor-browser#40347: URL bar lock icon says connection is not secure when on "view-source:.onion" URLs [tor-browser]
Bug tor-browser#40552: New texts for the add a bridge manually modal
Bug tor-browser#40701: Improve security warning when downloading a file
Bug tor-browser-build#40711: Review and expand the stakeholders we communicate major changes to
Bug tor-browser-build#40733: Use the new branding directories
Bug tor-browser-build#40745: Allow customizing MOZ_APP_BASENAME
Bug tor-browser-build#40773: Copy some documentation files only on Tor Browser
Bug tor-browser-build#40781: Move translations to new paths
Bug tor-browser#40788: Tor Browser 11.0.4-11.0.6 phoning home
Bug tor-browser-build#40808: Set update URL for nightly base-browser
Bug tor-browser-build#40811: Make testing the updater easier
Bug tor-browser-build#40817: Add basebrowser-incrementals-nightly makefile target
Bug tor-browser-build#40833: base-browser nightly is using the default channel instead of nightly
Bug tor-browser#40958: The number of relays displayed for an onion site can be misleading
Bug tor-browser#41038: Update "Click to Copy" button label in circuit display
Bug tor-browser#41080: Some users are choosing an adjacent country for circumvention settings
Bug tor-browser#41084: Reserve red as a button color for dangerous actions
Bug tor-browser#41085: Refactor the UI to remove all bridges
Bug tor-browser#41093: Users don't understand the purpose of bridge-moji
Bug tor-browser#41109: "New circuit..." button gets cut-off when onion name wraps
Bug tor-browser#41350: Move the implementation of Bug 19273 out of Torbutton
Bug tor-browser#41351: Move the crypto protection patch earlier in the patchset
Bug tor-browser#41363: Crypto warning popup is not screen reader accessible
Bug tor-browser#41448: User 'danger' style for primary button in new identity modal
Bug tor-browser#41483: Tor Browser says Firefox timed out, confusing users
Bug tor-browser#41503: Disable restart in case of reboot and restore in case of crash
Bug tor-browser#41521: Improve localization notes
Bug tor-browser#41533: Page Info window for view-source:http://...onion addresses says Connection Not Encrypted
Bug tor-browser#41540: Confusing build-id date in about:preferences in alphas
Bug tor-browser#41562: API-triggered fullscreen after F11 causes letterboxing to crop the page
Bug tor-browser#41577: Disable profile migration
Bug tor-browser#41587: Disable the updater for Base Browser
Bug tor-browser#41595: Disable pagethumbnails capturing
Bug tor-browser#41600: Some users have difficulty finding the circuit display
Bug tor-browser#41607: Update "New Circuit" icon
Bug tor-browser#41608: Improve the UX of the location bar's connection status
Bug tor-browser#41609: Move the disabling of Firefox Home (Activity Stream) to base-browser
Bug tor-browser#41613: Skip Drang & Drop filtering for DNS-safe URLs (no hostname, e.g. RFC3966 tel:)
Bug tor-browser#41617: Improve the UX of the built-in bridges dialog
Bug tor-browser#41618: Update the iconography used in the status strip in connection settings
Bug tor-browser#41623: Update connection assist's iconography
Bug tor-browser#41633: Updating from 12.0.2 to 12.0.3 resets NoScript settings
Bug tor-browser#41657: Remove --enable-tor-browser-data-outside-app-dir
Bug tor-browser#41668: Move part of the updater patches to base browser
Bug tor-browser#41686: Move the 'Bug 11641: Disable remoting by default' commit from base-browser to tor-browser
Bug tor-browser#41695: Port warning on maximized windows without letterboxing from torbutton
Bug tor-browser#41699: Tighten up the tor onion alias regular expression
Bug tor-browser#41701: Reporting an extension does not work
Bug tor-browser#41702: The connection pill needs to be centered vertically
Bug tor-browser#41709: sendCommand should not try to send a command forever
Bug tor-browser#41711: Race condition when opening a new window in New Identity
Bug tor-browser#41718: Add the external filetype warning to about:downloads
Bug tor-browser#41719: Update title and button strings in the new circuit display to sentence case
Bug tor-browser#41725: Stray connectionPane.xhtml patch
Bug tor-browser#41726: Animate the torconnect icon to transition between connected states
Bug tor-browser#41734: Add a 'Connected' flag to indicate which built-in bridge option Tor Browser is currently using
Bug tor-browser#41736: Customize the default CustomizableUI toolbar using CustomizableUI.jsm
Bug tor-browser#41749: Replace the onion-glyph with dedicated icon for onion services
Bug tor-browser#41770: Keyboard navigation broken leaving the toolbar tor circuit button
Bug tor-browser#41775: Avoid re-defining some macros in nsUpdateDriver.cpp
Bug tor-browser#41785: Network monitor in developer tools shows HTTP onion resources as insecure
Bug tor-browser#41792: Drag and Drop protection prevents dragging downloads
Bug tor-browser#41800: Add the external filetype warning to Library / Manage Bookmarks
Bug tor-browser#41801: Fix handleProcessReady in TorSettings.init
Bug tor-browser#41802: Bad regex used to extract transport from bridgeline
Bug tor-browser#41810: Add "Connect" buttons to Request Bridge and Provide Bridge modals
Bug tor-browser#41816: The top navigation in about:torconnect isn't updated correctly
Bug tor-browser#41841: Use the new onion-site.svg icon in the onion-location pill
Windows + Linux:
Bug tor-browser-build#40714: Ship NoScript in the distribution directory also for Windows and Linux
Bug tor-browser#41654: UpdateInfo jumped into Data
Windows:
Bug tor-browser-build#40772: Check and fix HiDPI issues in the NSIS installer
Bug tor-browser-build#40793: Add some metadata also to the Windows installer
Bug tor-browser-build#40801: Correct the ExecShell for system-wide installs in the NSIS script
Bug tor-browser#41459: WebRTC fails to build under mingw
Bug tor-browser#41678: WebRTC build fix patches incorrectly defining pid_t
macOS:
Bug tor-browser-build#40719: Allow non-universal macOS builds also on base-browser
Bug tor-browser#41535: Remove the old, unused and undocumented "-invisible" macOS CLI flag
Linux:
Bug tor-browser-build#40830: The fontconfig directory is missing in Base Browser
Bug tor-browser-build#40860: Improve the transition from the old fontconfig file to the new one
Bug tor-browser#41163: Many bundled fonts are blocked in Ubuntu/Fedora because of RFP
Bug tor-browser#41732: implement linux font whitelist as defense-in-depth
Android:
Bug tor-browser#41001: Remove remaining security slider code
Bug tor-browser#41185: Hide learn more about sync
Bug tor-browser#41634: Google Play incorrectly detects that libTor.so is built with OpenSSL 1.1.1b
Bug tor-browser#41667: Enable media.peerconnection.ice.obfuscate_host_addresses on Android for defense-in-depth
Bug tor-browser#41677: Remove the --disable-tor-browser-update flag on Android
Build System:
All Platforms:
Updated Go to 1.20.5
Bug tor-browser-build#40673: Avoid building each go module separately
Bug tor-browser-build#40679: Use the latest translations for nightly builds
Bug tor-browser-build#40689: Update Ubuntu version from projects/mmdebstrap-image/config to 22.04.1
Bug tor-browser-build#40717: Create a script to prepare changelogs
Bug tor-browser-build#40720: Update fetch-changelogs.py scripts to support new Build System label
Bug tor-browser-build#40750: Find why rlbox hurts reproducibility
Bug tor-browser-build#40751: make signtag-* needs to take project name into account
Bug tor-browser-build#40753: We should not copy mar tools when the updater is disabled
Bug tor-browser-build#40760: Add BSD packager contacts to release prep templates
Bug tor-browser-build#40763: Add support for signing multiple browsers in tools/signing/nightly
Bug tor-browser-build#40783: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to use $projectname prefix directory
Bug tor-browser-build#40784: Fix var_p/nightly_torbrowser_incremental_from after #40737
Bug tor-browser-build#40794: Include the build-id in firefox-l10n output name
Bug tor-browser-build#40795: Trim down tor-browser-build release prep issue templates
Bug tor-browser-build#40796: Bad UX for the changelogs script when using the issue number
Bug tor-browser-build#40805: Define the version flag for all browsers
Bug tor-browser-build#40807: Add config for signing base-browser nightly in tools/signing/nightly
Bug tor-browser-build#40812: Make var/rezip in projects/firefox/config quiet
Bug tor-browser-build#40818: Enable wasm target for rust compiler
Bug tor-browser-build#40828: Use http://archive.debian.org/debian-archive/ for jessie
Bug tor-browser-build#40837: Rebase mullvad-browser build changes onto main
Bug tor-browser-build#40870: Remove url without browser name from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
Bug tor-browser#41649: Create rebase and security backport gitlab issue templates
Bug tor-browser#41682: Add base-browser nightly mar signing key
Windows + macOS + Linux:
Bug tor-browser-build#33953: Provide a way for easily updating Go dependencies of projects
Bug tor-browser-build#40713: Use the new tor-browser l10n branch in Firefox
Bug tor-browser-build#40777: Create a Go bootstrap project
Bug tor-browser-build#40778: Disable all translations with testbuilds in Firefox
Bug tor-browser-build#40788: Remove all languages but en-US for privacy-browser build target
Bug tor-browser-build#40809: Remove --enable-tor-browser-update and --enable-verify-mar from projects/firefox/mozconfig
Bug tor-browser-build#40813: Enable var/updater_enabled for basebrowser nightly
Bug tor-browser-build#40823: Update appname_* variables in projects/release/update_responses_config.yml
Bug tor-browser-build#40826: Correctly set appname_marfile for basebrowser in tools/signing/nightly/update-responses-base-config.yml
Bug tor-browser-build#40827: MAR generation uses (mostly) hard-coded MAR update channel
Bug tor-browser-build#40841: Adapt signing scripts to new signing machines
Bug tor-browser-build#40849: Move Go dependencies to the projects dependent on them, not as a standalone projects
Bug tor-browser-build#40866: Remove Using ansible to set up a nightly build machine from README
Bug tor-browser-build#40869: obfs4 is renamed to lyrebird
Windows:
Bug tor-browser-build#29185: NSIS Installer not reproducible when icon has an alpha channel
Bug tor-browser-build#40757: Change projects/browser/windows-installer/torbrowser.nsi to a template file
Windows + macOS + Linux:
Bug tor-browser-build#40732: Review Bundle-Data and try not to ship the default profile in base browser
Linux + Android:
Bug tor-browser-build#40653: Build compiler-rt with runtimes instead of the main LLVM build
macOS:
Bug tor-browser-build#40792: signing scripts missing project name prefix to make rule
Bug tor-browser-build#40798: dmg2mar step also takes care of copying the signed+stabled dmg to the signed directory
Bug tor-browser-build#40806: Update the reference to the macOS mozconfig
Bug tor-browser-build#40824: dmg2mar script using hardcoded project names for paths
Bug tor-browser-build#40847: Build filesystem influences the DMG creation
Bug tor-browser-build#40858: Create script to assist testers self sign Mac builds to allow running on Arm processors
Bug tor-browser#41453: Rename mozconfig-macos-x86_64 to mozconfig-macos
Android:
Bug tor-browser-build#40738: Update Android git hashes templates
Bug tor-browser-build#40874: Add commit information also to GV
Bug tor-browser#41684: Android improvements for local dev builds

New in Tor Browser 12.5 Alpha 7 (Jun 10, 2023)

All Platforms:
Updated Translations
Updated NoScript to 11.4.22
Updated OpenSSL to 1.1.1u
Bug tor-browser#41795: Rebase Tor Browser and Base Browser alpha to 102.12esr
Bug tor-browser#41818: Remove YEC 2022 strings
Windows + macOS + Linux:
Updated Firefox to 102.12esr
Bug tor-browser#33298: HTTP onion sites do not give a popup warning when submitting form data to non-onion HTTP sites
Bug tor-browser#40552: New texts for the add a bridge manually modal
Bug tor-browser#41608: Improve the UX of the location bar's connection status
Bug tor-browser#41618: Update the iconography used in the status strip in connection settings
Bug tor-browser#41623: Update connection assist's iconography
Bug tor-browser#41718: Add the external filetype warning to about:downloads
Bug tor-browser#41726: Animate the torconnect icon to transition between connected states
Bug tor-browser#41734: Add a Connected flag to indicate which built-in bridge option Tor Browser is currently using
Bug tor-browser#41749: Replace the onion-glyph with dedicated icon for onion services
Bug tor-browser#41785: Network monitor in developer tools shows HTTP onion resources as insecure
Bug tor-browser#41792: Drag and Drop protection prevents dragging downloads
Bug tor-browser#41800: Add the external filetype warning to Library / Manage Bookmarks
Bug tor-browser#41801: Fix handleProcessReady in TorSettings.init
Bug tor-browser#41802: Conjure bridge cards are mislabeled as vanilla bridges in alpha
Bug tor-browser#41809: Wrong icon in the bridge QR code
Bug tor-browser#41810: Add "Connect" buttons to Request Bridge and Provide Bridge modals
Bug tor-browser#41815: wrong connect icons
Bug tor-browser#41816: The top navigation in about:torconnect isn't updated correctly
Android:
Updated GeckoView to 102.12esr
Build System:
All Platforms:
Bug tor-browser-build#40777: Create a Go bootstrap project
Bug tor-browser-build#40850: Tor Browser nightly fails to build obfs4
Bug tor-browser-build#40866: Remove Using ansible to set up a nightly build machine from README
Bug tor-browser-build#40869: obfs4 is renamed to lyrebird
Bug tor-browser-build#40870: Remove url without browser name from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
Bug tor-browser-build#40871: Update keyring/boklm.gpg for new subkeys
Windows + macOS + Linux:
Bug tor-browser-build#40864: Make a script to update the manual artifact
macOS:
Bug tor-browser-build#40847: Build filesystem influences the DMG creation
Bug tor-browser-build#40858: Create script to assist testers self sign Mac builds to allow running on Arm processors
Android:
Bug tor-browser-build#40874: Add commit information also to GV

New in Tor Browser 12.0.7 (Jun 10, 2023)

New in Tor Browser 12.5 Alpha 6 (May 25, 2023)

New in Tor Browser 12.0.6 (May 14, 2023)

New in Tor Browser 12.5 Alpha 5 (Apr 23, 2023)

All Platforms:
Updated Translations
Updated NoScript to 11.4.21
Updated Go to 11.9.8
Bug tor-browser-build#40833: base-browser nightly is using the default channel instead of nightly
Bug tor-browser#41687: Rebase Tor Browser Alpha to 102.10.0esr
Bug tor-browser#41689: Remove startup.homepage_override_url from Base Browser
Bug tor-browser#41704: Immediately return on remoteSettings.pollChanges
Windows + macOS + Linux:
Updated Firefox to 102.10esr
Bug mullvad-browser#165: Fix maximization warning x button and preference
Bug tor-browser#40501: High CPU load after tor exits unexpectedly
Bug tor-browser#40701: Improve security warning when downloading a file
Bug tor-browser#40788: Tor Browser 11.0.4-11.0.6 phoning home
Bug tor-browser-build#40811: Make testing the updater easier
Bug tor-browser-build#40831: Fix update URL for base-browser nightly
Bug tor-browser#40958: The number of relays displayed for an onion site can be misleading
Bug tor-browser#41038: Update "Click to Copy" button label in circuit display
Bug tor-browser#41109: "New circuit..." button gets cut-off when onion name wraps
Bug tor-browser#41350: Move the implementation of Bug 19273 out of Torbutton
Bug tor-browser#41521: Improve localization notes
Bug tor-browser#41533: Page Info window for view-source:http://...onion addresses says Connection Not Encrypted
Bug tor-browser#41600: Some users have difficulty finding the circuit display
Bug tor-browser#41617: Improve the UX of the built-in bridges dialog
Bug tor-browser#41668: Move part of the updater patches to base browser
Bug tor-browser#41686: Move the 'Bug 11641: Disable remoting by default' commit from base-browser to tor-browser
Bug tor-browser#41695: Port warning on maximized windows without letterboxing from torbutton
Bug tor-browser#41699: Tighten up the tor onion alias regular expression
Bug tor-browser#41701: Reporting an extension does not work
Bug tor-browser#41702: The connection pill needs to be centered vertically
Bug tor-browser#41709: sendCommand should not try to send a command forever
Bug tor-browser#41711: Race condition when opening a new window in New Identity
Bug tor-browser#41713: “Remove All Bridges” button only appears after hitting “Show All Bridges"
Bug tor-browser#41714: “Show Fewer Bridges” button missing from refactored remove all bridges UI
Bug tor-browser#41719: Update title and button strings in the new circuit display to sentence case
Bug tor-browser#41722: Regression: window maximization warning cannot be closed by the X button
Bug tor-browser#41725: Stray connectionPane.xhtml patch
Windows:
Bug tor-browser#41459: WebRTC fails to build under mingw
Bug tor-browser#41678: WebRTC build fix patches incorrectly defining pid_t
Bug tor-browser#41683: Disable the network process on Windows
Linux:
Bug tor-browser-build#40830: The fontconfig directory is missing in Base Browser
Bug tor-browser#41163: Many bundled fonts are blocked in Ubuntu/Fedora because of RFP
Android:
Updated GeckoView to 102.10esr
Bug tor-browser#41724: Backport Android-specific security fixes from Firefox 112 to ESR 102.10-based Tor Browser
Build System:
All Platforms:
Bug tor-browser-build#40828: Use http://archive.debian.org/debian-archive/ for jessie
Bug tor-browser-build#40837: Rebase mullvad-browser build changes onto main
Windows + macOS + Linux:
Bug tor-browser-build#40823: Update appname_* variables in projects/release/update_responses_config.yml
Bug tor-browser-build#40826: Correctly set appname_marfile for basebrowser in tools/signing/nightly/update-responses-base-config.yml
Bug tor-browser-build#40827: MAR generation uses (mostly) hard-coded MAR update channel
Bug tor-browser#41730: Bridge lines in tools/torbrowser/bridges.js out of date
Windows:
Bug tor-browser-build#40822: The Tor Browser installer doesn't run with mandatory ASLR on (0xc000007b)
macOS:
Bug tor-browser-build#40824: dmg2mar script using hardcoded project names for paths
Bug tor-browser-build#40844: DMG reproducibility problem on 12.0.5
Linux:
Bug tor-browser-build#40835: Update faketime URLs in projects/container-image/config
Android:
Bug tor-browser#41684: Android improvements for local dev builds

New in Tor Browser 12.0.5 (Apr 23, 2023)

New in Tor Browser 12.0.4 (Mar 19, 2023)

New in Tor Browser 12.5 Alpha 3 (Feb 20, 2023)

All Platforms:
Updated Translations
Updated OpenSSL to 1.1.1t
Updated NoScript to 11.4.16
Bug tor-browser#40763: Stop using remote localized files in CFR
Bug tor-browser#41351: Move the crypto protection patch earlier in the patchset
Bug tor-browser#41361: Integrate the Conjure PT into alpha versions of Tor Browser
Bug tor-browser#41424: Reduce disk activity by disabling some unnecessary tasks and telemetry
Bug tor-browser#41565: Gate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTING
Bug tor-browser#41568: Disable LaterRun
Bug tor-browser#41598: Prevent NoScript from being removed / disabled until core functionality has been migrated to Tor Browser
Bug tor-browser#41601: Apply Snowflake Remove HelloVerify Countermeasure
Bug tor-browser#41603: Customize the creation of MOZ_SOURCE_URL
Bug tor-browser#41624: Disable unused about: pages
Bug tor-browser#41627: Enable network.http.referer.hideOnionSource in base-browser
Bug tor-browser#41637: cherry-pick Mozilla 1814416: Generalize the app name in about:buildconfig. r=ahochheiden
Windows + macOS + Linux:
Updated Firefox to 102.8esr
Bug tor-browser#20497: Improve support for non-portable mode
Bug tor-browser-build#40745: Allow customizing MOZ_APP_BASENAME
Bug tor-browser-build#40773: Copy some documentation files only on Tor Browser
Bug tor-browser-build#40781: Move translations to new paths
Bug tor-browser#41080: Some users are choosing an adjacent country for circumvention settings
Bug tor-browser#41084: Reserve red as a button color for dangerous actions
Bug tor-browser#41540: Confusing build-id date in about:preferences in alphas
Bug tor-browser#41542: Disable the creation of a default profile
Bug tor-browser#41561: Maximize warning is broken (regression)
Bug tor-browser#41577: Disable profile migration
Bug tor-browser#41587: Disable the updater for Base Browser
Bug tor-browser#41588: Use better words for the Tor Network description in the onboarding
Bug tor-browser#41595: Disable pagethumbnails capturing
Bug tor-browser#41606: Move the changes to the hamburger menu out of the Torbutton commit
Bug tor-browser#41609: Move the disabling of Firefox Home (Activity Stream) to base-browser
Bug tor-browser#41613: Skip Drang & Drop filtering for DNS-safe URLs (no hostname, e.g. RFC3966 tel:)
Bug tor-browser#41626: Bridge-emojii tooltips not localized in ES locale
Bug tor-browser#41633: Updating from 12.0.2 to 12.0.3 resets NoScript settings
Windows:
Bug tor-browser#40717: UX: hide SSO
Bug tor-browser-build#40772: Check and fix HiDPI issues in the NSIS installer
Android:
Updated GeckoView to 102.8esr
Bug tor-browser#40283: Can't upload files with Tor browser on Android
Bug tor-browser#40536: Proxy Refused if link from other app opens Android TBB
Bug tor-browser#41185: Hide learn more about sync
Bug tor-browser#41616: Backport Android-specific security fixes from Firefox 110 to ESR 102.8-based Tor Browser
Bug tor-browser#41634: Google Play incorrectly detects that libTor.so is built with OpenSSL 1.1.1b
Build System:
All Platforms:
Updated Go to 1.19.6
Bug tor-browser-build#40723: Update upload-update_responses-to-staticiforme step for new tor-browser-update-responses repository
Bug tor-browser-build#40747: Remove empty line at the top of sha256sums-unsigned-build.txt
Bug tor-browser-build#40748: When sha256sums-unsigned-build.txt contains an empty line, tools/dmg2mar prints a warning
Bug tor-browser-build#40751: make signtag-* needs to take project name into account
Bug tor-browser-build#40753: We should not copy mar tools when the updater is disabled
Bug tor-browser-build#40760: Add BSD packager contacts to release prep templates
Bug tor-browser-build#40764: Embed repo URL and git revision in Firefox
Bug tor-browser-build#40782: Update tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-04 and tb-build-05
Bug tor-browser-build#40783: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to use $projectname prefix directory
Bug tor-browser-build#40784: Fix var_p/nightly_torbrowser_incremental_from after #40737
Windows + macOS + Linux:
Bug tor-browser-build#40778: Disable all translations with testbuilds in Firefox
Windows:
Bug tor-browser-build#29185: NSIS Installer not reproducible when icon has an alpha channel
Bug tor-browser-build#40757: Change projects/browser/windows-installer/torbrowser.nsi to a template file
macOS:
Bug tor-browser-build#40755: libdmg-hfsplus fails to build on debian stable
Linux:
Bug tor-browser-build#40731: Update namecoin patches to apply in tor-browser nightly
Android:
Bug tor-browser-build#40752: Wrong urls in download-android-*.json files

New in Tor Browser 12.0.3 (Feb 16, 2023)

New in Tor Browser 12.5 Alpha 2 (Jan 26, 2023)

All Platforms:
Updated tor to 0.4.7.13
Updated NoScript to 11.4.14
Bug tor-browser#40565: do something with security.tls.version.enable-deprecated
Bug tor-browser-build#40727: Update list of Snowflake STUN servers in default bridge line
Bug tor-browser#41066: Circuit Isolation should take containers into account
Bug tor-browser#41428: Check if we can create our own directories for branding
Bug tor-browser#41506: Remove TrustCor root certificates
Windows + macOS + Linux:
Updated Firefox to 102.7esr
Bug tor-browser#32274: Bad screen-reader UX for Security Level/Shield button
Bug tor-browser-build#40733: Use the new branding directories
Bug tor-browser#41393: about:tbupdate semantic and accessibility problems
Bug tor-browser#41539: Crypto warning weaknesses
Bug tor-browser#41549: tor freeze when receiving to many http proxy requests on socks port
Bug tor-browser#41561: Maximize warning is broken (regression)
Bug tor-browser#41562: API-triggered fullscreen after F11 causes letterboxing to crop the page
Bug tor-browser#41563: Old placeholders used in TorStrings.jsm
Bug tor-browser#41572: Check for userContextId also in the circuit display
Bug tor-browser#41577: Disable profile migration
Windows + Linux:
Bug tor-browser-build#40714: Ship NoScript in the distribution directory also for Windows and Linux
Windows:
Bug tor-browser#40717: UX: hide SSO
Bug tor-browser#41578: Disable and lock Windows SSO
macOS:
Bug tor-browser-build#28124: Show Tor Browser icon as macOS volume (dmg) icon
Bug tor-browser-build#40719: Allow non-universal macOS builds also on base-browser
Bug tor-browser#41535: Remove the old, unused and undocumented "-invisible" macOS CLI flag
Android:
Updated GeckoView to 102.7esr
Bug tor-browser#40283: Can't upload files with Tor browser on Android
Bug tor-browser#41571: Backport Android-specific Firefox 109 to ESR 102.7-based Tor Browser
Build System:
All Platforms:
Updated Go to 1.19.5
Bug tor-browser-build#40720: Update fetch-changelogs.py scripts to support new Build System label
Bug tor-browser-build#40735: Add command to list which translation components need to be updated
Bug tor-browser-build#40739: tor-expert-bundle should include ClientTransportPlugin torrc lines for each pluggable transport
Bug tor-browser#41567: Build outputs now going to obj-/dist/torbrower rather than obj-/dist/firefox
Windows + macOS + Linux:
Bug tor-browser-build#40732: Review Bundle-Data and try not to ship the default profile in base browser
macOS:
Bug tor-browser-build#40706: macos-signer-stapler should wait for user interaction before attempting stapling
Bug tor-brower-build#40744: HFS DMG are not deterministic
Android:
Bug tor-browser-build#40738: Update Android git hashes templates

New in Tor Browser 12.0.2 (Jan 19, 2023)

New in Tor Browser 12.5 Alpha 1 (Dec 22, 2022)

All Platforms:
Updated tor to 0.4.7.12
Bug tor-browser-build#40711: Review and expand the stakeholders we communicate major changes to
Bug tor-browser#41478: Drop the torbutton submodule in 12.5
Bug tor-browser#41514: eslint broken since migrating torbutton
Windows + macOS + Linux:
Updated Firefox to 102.6esr
Bug tor-browser#26504: about:preferences shows Firefox's version instead of Tor Browser's
Bug tor-browser#32308: Stop inner letterbox jiggling as border is dragged
Bug tor-browser#40347: URL bar lock icon says connection is not secure when on "view-source:[...].onion" URLs
Bug tor-browser-build#40678: Force all 11.5 users to update through 11.5.8 before 12.0
Bug tor-browser#41375: Clean unused strings
Bug tor-browser#41435: Add a Tor Browser migration function
Bug tor-browser#41448: User danger style for primary button in new identity modal
Bug tor-browser#41483: Tor Browser says Firefox timed out, confusing users
Bug tor-browser#41503: Disable restart in case of reboot and restore in case of crash
Bug tor-browser#41520: Regression: rearranging bookmarks / place items by drag & drop doesn't work anymore
Bug tor-browser#41524: about:tbupdate needs UTF-8
Bug tor-browser#41525: Drop locales from torbutton, since we will inject them in tor-browser-build
macOS + Linux:
Bug tor-browser#41519: TOR_SOCKS_IPC_PATH environment variable not honored
Windows:
Bug tor-browser-build#40708: tor.exe in tor-expert-bundle not writing stdout even when run from cmd.exe
macOS:
Bug tor-browser-build#40716: Unable to update to 12.0.1 on Apple Silicon-based Mac
Android:
Updated GeckoView to 102.6esr
Bug tor-browser#41001: Remove remaining security slider code
Build System:
All Platforms:
Updated Go to 1.19.4
Bug tor-browser-build#40645: Verify we no longer depend on any signed tags from sysrqb and gk, and remove them from torbutton.gpg
Bug tor-browser-build#40679: Use the latest translations for nightly builds
Bug tor-browser-build#40681: Run apt-get clean, after installing packages in projects/container-image/config
Bug tor-browser-build#40683: Install more packages in the default containers to reduce the number of custom containers
Bug tor-browser-build#40689: Update Ubuntu version from projects/mmdebstrap-image/config to 22.04.1
Bug tor-browser-build#40717: Create a script to prepare changelogs
Windows + macOS + Linux:
Bug tor-browser-build#40707: Update update_responses_config.yml to allow 11.5.8 to update to whatever latest is
Bug tor-browser-build#40713: Use the new tor-browser l10n branch in Firefox
Linux + Android:
Bug tor-browser-build#40653: Build compiler-rt with runtimes instead of the main LLVM build
macOS:
Bug tor-browser-build#40694: aarch64 tor-expert-bundle for macOS is not exported as part of the browser build
Bug tor-browser-build#40704: Building nightly macos incrementals fails
Linux:
Bug tor-browser-build#40693: Can't build container-image in main
Android:
Bug tor-browser-build#40702: Nightly builds fails with "error: pathspec 'tor-browser-102.5.0esr-12.0-2' did not match any file(s) known to git"

New in Tor Browser 12.0.1 (Dec 16, 2022)

New in Tor Browser 12.0 (Dec 12, 2022)

All Platforms:
Update Translations
Update tor to 0.4.7.12
Bug tor-browser#17228: Consideration for disabling/trimming referrers within TBB
Bug tor-browser#24686: In Tor Browser context, should network.http.tailing.enabled be set to false?
Bug tor-browser#27127: Audit and enable HTTP/2 push
Bug tor-browser#27258: font whitelist means we don't have to set gfx.downloadable_fonts.fallback_delay
Bug tor-browser#40057: ensure that CSS4 system colors are not a fingerprinting vector
Bug tor-browser#40058: ensure no locale leaks from new Intl APIs
Bug tor-browser#40183: Consider disabling TLS ciphersuites containing SHA-1
Bug tor-browser#40251: Clear obsolete prefs after torbutton!27
Bug tor-browser#40406: Remove Presentation API related prefs
Bug tor-browser#40491: Don't auto-pick a v2 address when it's in Onion-Location header
Bug tor-browser#40494: Update Startpage and Blockchair onion search providers
Bug tor-browser-build#40580: Add support for Ukranian (uk)
Bug tor-browser-build#40646: Don't build Español AR anymore
Bug tor-browser-build#40674: Add Secondary Snowflake Bridge
Bug tor-browser#40783: Review 000-tor-browser.js and 001-base-profile.js for 102
Bug tor-browser#41098: Compare Tor Browser's and GeckoView's profiles
Bug tor-browser#41125: Review Mozilla 1732792: retry polling requests without proxy
Bug tor-browser#41154: Review Mozilla 1765167: Deprecate Cu.import
Bug tor-browser#41164: Add some #define for the base-browser section
Bug tor-browser#41306: Typo "will not able" in "Tor unexpectedly exited" dialog
Bug tor-browser#41317: Tor Browser leaks banned ports in network.security.ports.banned
Bug tor-browser#41345: fonts: windows whitelist contains supplemental fonts
Bug tor-browser#41398: Disable Web MIDI API
Bug tor-browser#41406: Do not define --without-wasm-sandboxed-libraries if WASI_SYSROOT is defined
Bug tor-browser#41420: Remove brand.dtd customization on nightly
Bug tor-browser#41457: Remove more Mozilla permissions
Bug tor-browser#41473: Add support for Albanian (sq)
Windows + macOS + Linux:
Update Firefox to 102.5.0esr
Bug tor-browser#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release series
Bug tor-browser-build#40595: Migrate to 102 on desktop
Bug tor-browser-build#40638: Visit our website link after build-to-build upgrade in Nightly channel points to old v2 onion
Bug tor-browser-build#40648: Do not customize update.locale in multi-lingual builds
Bug tor-browser#40853: use Subprocess.jsm to launch tor
Bug tor-browser#40933: Migrate remaining tor-launcher functionality to tor-browser
Bug tor-browser#41011: The Internet and Tor status are visible when opening the settings
Bug tor-browser#41044: Content exceeding the height of the connection settings modals
Bug tor-browser#41116: Review Mozilla 1226042: add support for the new 'system-ui' generic font family
Bug tor-browser#41117: Review Mozilla 1512851: Add Share Menu to File Menu on macOS
Bug tor-browser#41283: Toolbar buttons missing their label attribute
Bug tor-browser#41284: Stray security-level- fluent ids
Bug tor-browser#41287: New identity button inactive if added after customization
Bug tor-browser#41292: moreFromMozilla pane in about:preferences in 12.0a2
Bug tor-browser#41293: Incomplete branding in German with 12.0a2
Bug tor-browser#41337: Add a title to the new identity confirmation
Bug tor-browser#41342: Update the New Identity dialog to the proton modal style
Bug tor-browser#41344: Authenticated Onion Services do not prompt for auth key in 12.0 alpha series
Bug tor-browser#41352: Update or drop the show manual logic in torbutton
Bug tor-browser#41369: Consider a different list-order for locales in language menu
Bug tor-browser#41374: Missing a few torconnect strings in the DTD
Bug tor-browser#41377: Hide Search for more languages... from Language selector in multi-locale build
Bug tor-browser#41378: Inform users when Tor Browser sets their language automatically
Bug tor-browser#41385: Bootstrap failure is logged but not raised up to about:torconnect
Bug tor-browser#41386: The new tor-launcher has a problem when another Tor is running
Bug tor-browser#41387: New identity and new circuit ended up inside history
Bug tor-browser#41400: Missing onionAuthViewKeys causes "Onion Services Keys" dialog to be empty.
Bug tor-browser#41401: Missing some mozilla icons because we still loading them from "chrome://browser/skin" rather than "chrome://global/skin/icons"
Bug tor-browser#41404: Fix blockchair-onion search extension
Bug tor-browser#41409: Circuit display is broken on Tails
Bug tor-browser#41410: Opening and closing HTTPS-Only settings make the identity panel shrink
Bug tor-browser#41412: New Identity shows "Tor Browser" instead of "Restart Tor Browser" in unstranslated locales
Bug tor-browser#41417: Prompt users to restart after changing language
Bug tor-browser#41429: TorConnect and TorSettings are initialized twice
Bug tor-browser#41435: Add a Tor Browser migration function
Bug tor-browser#41436: The new tor-launcher handles arrays in the wrong way
Bug tor-browser#41437: Use the new media query for dark theme for the "Connected" pill in bridges
Bug tor-browser#41449: Onion authentication's learn more should link to the offline manual
Bug tor-browser#41451: Still using requestedLocales in torbutton
Bug tor-browser#41455: Tor Browser dev build cannot launch tor
Bug tor-browser#41458: Prevent mach package-multi-locale from actually creating a package
Bug tor-browser#41462: Add anchors to bridge-moji and onion authentication entries
Bug tor-browser#41466: Port YEC 2022 campaign to Tor Browser 12.0 (Desktop)
Bug tor-browser#41495: Clicking on "View Logs" in the "Establishing Connection" page takes you to about:preferences#connection and not logs
Bug tor-browser#41498: The Help panel is empty in 12.0a4
Bug tor-browser#41508: Update the onboarding link for 12.0
Windows:
Bug tor-browser#41149: Review Mozilla 1762576: Firefox is not allowing Symantec DLP to inject DLL into the browser for Data Loss Prevention software
Bug tor-browser#41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
Bug tor-browser#41426: base-browser nightly fails to build for windows-i686
macOS:
Bug tor-browser#23451: Adapt font whitelist to changes on macOS (zh locales)
Bug tor-browser#41004: The Bangla font does not display correctly on MacOs
Bug tor-browser#41108: Remove privileged macOS installation from 102
Bug tor-browser#41294: Bookmarks manager broken in 12.0a2 on MacOS
Bug tor-browser#41348: cherry-pick macOS OSSpinLock replacements
Bug tor-browser#41370: Find a way to ship custom default bookmarks without changing language-packs on macOS
Bug tor-browser#41372: "Japanese" language menu item is localised in multi-locale testbuild (on mac OS)
Bug tor-browser#41379: The new tor-launcher is broken also on macOS
Linux:
Bug tor-browser#40359: Tor Browser Launcher has Wrong Icon
Bug tor-browser-build#40626: Define the replacements for generic families on Linux
Bug tor-browser#41163: Fixing loading of bundled fonts on linux
Android:
Update GeckoView to 102.5.0esr
Bug tor-browser#40014: Check which of our mobile prefs and configuration changes are still valid for GeckoView
Bug tor-browser-build#40631: Stop bundling HTTPS Everywhere on Android
Bug tor-browser#41394: Implement a setting to always prefer onion sites
Bug tor-browser#41465: Port YEC 2022 campaign to Tor Browser 12.0 (Android)
Build System:
All Platforms:
Update Go to 1.19.3
Bug tor-browser-build#23656: Use .mozconfig files in tor-browser repo for rbm builds
Bug tor-browser-build#28754: make testbuild-android-armv7 stalls during sha256sum step
Bug rbm#40049: gpg_keyring should allow for array of keyrings
Bug tor-browser-build#40397: Create a new build target to package tor daemon, pluggable transports and dependencies
Bug tor-browser-build#40407: Bump binutils version to pick up security improvements for Windows users
Bug tor-browser-build#40585: Prune the manual more
Bug tor-browser-build#40587: Migrate tor-browser-build configs from gitolite to gitlab repos
Bug tor-browser-build#40591: Rust 1.60 not working to build 102 on Debian Jessie
Bug tor-browser-build#40592: Consider re-using our LLVM/Clang to build Rust
Bug tor-browser-build#40593: Update signing scripts to take into account new project names and layout
Bug tor-browser-build#40607: Add alpha-specific release prep template
Bug tor-browser-build#40610: src-*.tar.xz tarballs are missing in https://dist.torproject.org/torbrowser/12.0a1/
Bug tor-browser-build#40612: Migrate Release Prep template to Release Prep - Stable
Bug tor-browser-build#40619: Make sure translations are taken from gitlab.tpo and not git.tpo
Bug torbrowser-build#40627: Add boklm to torbutton.gpg
Bug tor-browser-build#40634: Update the project/browser path in tools/changelog-format-blog-post and other files
Bug tor-browser-build#40636: Remove https-everywhere from projects/browser/config
Bug tor-browser-build#40639: Remove tor-launcher references
Bug tor-browser-build#40643: Update Richard's key in torbutton.gpg
Bug tor-browser-build#40645: Remove unused signing keys and create individual keyrings for Tor Project developers
Bug tor-browser-build#40655: Published tor-expert-bundle tar.gz files should not include their tor-browser-build build id
Bug tor-browser-build#40656: Improve get_last_build_version in tools/signing/nightly/sign-nightly
Bug tor-browser-build#40660: Update changelog-format-blog-post script to point gitlab rather than gitolite
Bug tor-browser-build#40662: Make base-browser nightly build from tag
Bug tor-browser-build#40663: Do not ship bookmarks in tor-browser-build anymore
Bug tor-browser-build#40667: Update Node.js to 12.22.12
Bug tor-browser-build#40669: Remove HTTPS-Everywhere keyring
Bug tor-browser-build#40671: Update langpacks URL
Bug tor-browser-build#40675: Update tb_builders list in set-config
Bug tor-browser-build#40690: Revert fix for zlib build break
Bug tor-browser#41308: Use the same branch for Desktop and GeckoView
Bug tor-browser#41321: Delete various master branches after automated build/testing scripts are updated
Bug tor-browser#41340: Opt in to some of the NIGHTLY_BUILD features
Bug tor-browser#41357: Enable browser toolbox debugging by default for dev builds
Bug tor-browser#41446: Multi-lingual alpha bundles break make fetch
Windows + macOS + Linux:
Bug tor-browser-build#40499: Update firefox to enable building from new 'base-browser' tag
Bug tor-browser-build#40500: Add base-browser package project
Bug tor-browser-build#40501: Makefile updates to support building base-browser packages
Bug tor-browser-build#40503: Update Release Prep issue template with base-browser and privacy browser changes
Bug tor-browser-build#40547: Remove container/remote_* from rbm.conf
Bug tor-browser-build#40581: Update reference to master branches
Bug tor-browser-build#40641: Fetch Firefox locales from l10n-central
Bug tor-browser-build#40678: Force all 11.5 users to update through 11.5.8 before 12.0
Bug tor-browser-build#40685: Remove targets/nightly/var/mar_locales from rbm.conf
Bug tor-browser-build#40686: Add a temporary project to fetch Fluent tranlations for base-browser
Bug tor-browser-build#40691: Update firefox config to point to base-browser branch rather than a particular tag in nightly
Bug tor-browser-build#40699: Fix input_files in projects/firefox-l10n/config
Bug tor-browser#41099: Update+comment the update channels in update_responses.config.yaml
Windows:
Bug tor-browser-buid#29318: Use Clang for everything on Windows
Bug tor-browser-build#29321: Use mingw-w64/clang toolchain to build tor
Bug tor-browser-build#29322: Use mingw-w64/clang toolchain to build OpenSSL
Bug tor-browser-build#40409: Upgrade NSIS to 3.08
Bug tor-browser-build#40666: Fix compiler depedencies for Firefox on Windows
macOS:
Bug tor-browser-build#40067: Rename "OS X" to "macOS"
Bug tor-browser-build#40158: Add support for macOS AArch64
Bug tor-browser-build#40439: Create universal x86-64/arm64 mac builds
Bug tor-browser-build#40605: Reworked the macOS toolchain creation
Bug tor-browser-build#40620: Update macosx-sdk to 11.0
Bug tor-browser-build#40687: macOS nightly builds with packaged locales fail
Bug tor-browser-build#40694: aarch64 tor-expert-bundle for macOS is not exported as part of the browser build
Linux:
Bug tor-browser-build#31321: Add cc -> gcc link to projects/gcc
Bug tor-browser-build#40621: Update namecoin patches for linted TorButton
Bug tor-browser-build#40659: Error building goservice for linux in nightly build
Bug tor-browser#41343: Add -without-wam-sandboxed-libraries to mozconfig-linux-x86_64-dev for local builds
Android:
Bug tor-browser-build#40574: Improve tools/signing/android-signing
Bug tor-browser-build#40604: Fix binutils build on android
Bug tor-browser-build#40640: Extract Gradle in the toolchain setup
Bug tor-browser#41304: Add Android-specific targets to makefiles

New in Tor Browser 12.0 Alpha 5 (Dec 2, 2022)

All Platforms:
Update Translations
Update OpenSSL to 1.1.1s
Update NoScript to 11.4.13
Update tor to 0.4.7.11
Update zlib to 1.2.13
Bug tor-browser#17228: Consideration for disabling/trimming referrers within TBB
Bug tor-browser#27258: font whitelist means we don't have to set gfx.downloadable_fonts.fallback_delay
Bug tor-browser#40183: Consider disabling TLS ciphersuites containing SHA-1
Bug tor-browser-build#40622: Update obfs4proxy to 0.0.14 in Tor Browser
Bug tor-browser-build#40674: Add Secondary Snowflake Bridge
Bug tor-browser#40783: Review 000-tor-browser.js and 001-base-profile.js for 102
Bug tor-browser#41406: Do not define --without-wasm-sandboxed-libraries if WASI_SYSROOT is defined
Bug tor-browser#41420: Remove brand.dtd customization on nightly
Bug tor-browser#41457: Remove more Mozilla permissions
Bug tor-browser#41460: Migrate new identity and security level preferences in 11.5.8
Bug tor-browser#41473: Add support for Albanian (sq)
Windows + macOS + Linux:
Update Firefox to 102.5.0esr
Bug tor-browser#31064: Letterboxing is enabled in priviledged contexts too
Bug tor-browser#31821: reapply window.open() clamping
Bug tor-browser#32411: Consider adding about:tor and others to the list of pages that do not need letterboxing
Bug tor-browser#40081: Letterboxing since 32220 affected by layout.css.devPixelsPerPx
Bug tor-browser#40767: 1px white border visible on fullscreen video playback
Bug tor-browser#41293: Incomplete branding in German with 12.0a2
Bug tor-browser#41378: Inform users when Tor Browser sets their language automatically
Bug tor-browser#41409: Circuit display is broken on Tails
Bug tor-browser#41410: Opening and closing HTTPS-Only settings make the identity panel shrink
Bug tor-browser#41412: New Identity shows "Tor Browser" instead of "Restart Tor Browser" in unstranslated locales
Bug tor-browser#41417: Prompt users to restart after changing language
Bug tor-browser#41429: TorConnect and TorSettings are initialized twice
Bug tor-browser#41433: Should letterboxing take in account optional components' heights?
Bug tor-browser#41434: Letterboxing bypass through secondary tab (popup/popunder...)
Bug tor-browser#41436: The new tor-launcher handles arrays in the wrong way
Bug tor-browser#41437: Use the new media query for dark theme for the "Connected" pill in bridges
Bug tor-browser#41449: Onion authentication's learn more should link to the offline manual
Bug tor-browser#41451: Still using requestedLocales in torbutton
Bug tor-browser#41455: Tor Browser dev build cannot launch tor
Bug tor-browser#41458: Prevent mach package-multi-locale from actually creating a package
Bug tor-browser#41462: Add anchors to bridge-moji and onion authentication entries
Bug tor-browser#41498: The Help panel is empty in 12.0a4
Windows:
Bug tor-browser#41426: base-browser nightly fails to build for windows-i686
macOS:
Bug tor-browser#23451: Adapt font whitelist to changes on macOS (zh locales)
Bug tor-browser-build#40687: macOS nightly builds with packaged locales fail
Android:
Update GeckoView to 102.5.0esr
Bug tor-browser#40014: Check which of our mobile prefs and configuration changes are still valid for GeckoView
Bug tor-browser#41471: Update targetSdkVersion to 31
Bug tor-browser#41481: Tor Browser 11.5.9 for Android crashes on launch on Android 12+ after targetSdkVersion update
Build System:
All Platforms:
Update Go to 1.19.3:
Bug tor-browser-build#40675: Update tb_builders list in set-config
Bug tor-browser-build#40667: Update Node.js to 12.22.12
Bug tor-browser-build#40690: Revert fix for zlib build break
Bug tor-browser#41446: Multi-lingual alpha bundles break make fetch
Windows + macOS + Linux:
Bug tor-browser-build#40503: Update Release Prep issue template with base-browser and privacy browser changes
Bug tor-browser-build#40641: Fetch Firefox locales from l10n-central
Bug tor-browser-build#40685: Remove targets/nightly/var/mar_locales from rbm.conf
Bug tor-browser-build#40686: Add a temporary project to fetch Fluent tranlations for base-browser
Bug tor-browser-build#40691: Update firefox config to point to base-browser branch rather than a particular tag in nightly
Bug tor-browser-build#40699: Fix input_files in projects/firefox-l10n/config
Windows:
Bug tor-browser-build#40666: Fix compiler depedencies for Firefox on Windows
macOS:
Bug tor-browser-build#40067: Rename "OS X" to "macOS"
Bug tor-browser-build#40439: Create universal x86-64/arm64 mac builds

New in Tor Browser 11.5.8 (Nov 28, 2022)

New in Tor Browser 11.5.7 (Nov 4, 2022)

New in Tor Browser 12.0 Alpha 4 (Nov 1, 2022)

All Plaforms:
Update Translations
Bug tor-browser#24686: In Tor Browser context, should network.http.tailing.enabled be set to false?
Bug tor-browser#27127: Audit and enable HTTP/2 push
Bug tor-browser#40057: ensure that CSS4 system colors are not a fingerprinting vector
Bug tor-browser#40058: ensure no locale leaks from new Intl APIs
Bug tor-browser#40251: Clear obsolete prefs after torbutton!27
Bug tor-browser#40406: Remove Presentation API related prefs
Bug tor-browser#40465: Onion Authentication fails when connecting to a subdomain
Bug tor-browser#40491: Don't auto-pick a v2 address when it's in Onion-Location header
Bug tor-browser#40494: Update Startpage and Blockchair onion search providers
Bug tor-browser-build#40629: Bump snowflake version to 9ce1de4eee4e
Bug tor-browser-build#40633: Remove Team Cymru hard-coded bridges
Bug tor-browser-build#40646: Don't build Español AR anymore
Bug tor-browser-build#40649: Update meek default bridge
Bug tor-browser-build#40654: Enable uTLS and use the full bridge line for snowflake
Bug tor-browser-build#40665: Snowflake bridge parameters are too long (535 bytes) in 11.5.5
Bug tor-browser#41098: Compare Tor Browser's and GeckoView's profiles
Bug tor-browser#41154: Review Mozilla 1765167: Deprecate Cu.import
Bug tor-browser#41164: Add some #define for the base-browser section
Bug tor-browser#41306: Typo "will not able" in "Tor unexpectedly exited" dialog
Bug tor-browser#41317: Tor Browser leaks banned ports in network.security.ports.banned
Bug tor-browser#41326: Update preference for remoteRecipes
Bug tor-browser#41345: fonts: windows whitelist contains supplemental fonts
Bug tor-browser#41398: Disable Web MIDI API
Windows + macOS + Linux:
Update Firefox to 102.4.0esr
Bug tor-browser#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release series
Bug tor-browser-build#40638: Visit our website link after build-to-build upgrade in Nightly channel points to old v2 onion
Bug tor-browser-build#40648: Do not customize update.locale in multi-lingual builds
Bug tor-browser#40853: use Subprocess.jsm to launch tor
Bug tor-browser#40933: Migrate remaining tor-launcher functionality to tor-browser
Bug tor-browser#41117: Review Mozilla 1512851: Add Share Menu to File Menu on macOS
Bug tor-browser#41323: Tor-ify notification bar gradient colors (branding)
Bug tor-browser#41337: Add a title to the new identity confirmation
Bug tor-browser#41342: Update the New Identity dialog to the proton modal style
Bug tor-browser#41344: Authenticated Onion Services do not prompt for auth key in 12.0 alpha series
Bug tor-browser#41352: Update or drop the show manual logic in torbutton
Bug tor-browser#41369: Consider a different list-order for locales in language menu
Bug tor-browser#41374: Missing a few torconnect strings in the DTD
Bug tor-browser#41377: Hide Search for more languages... from Language selector in multi-locale build
Bug tor-browser#41385: Bootstrap failure is logged but not raised up to about:torconnect
Bug tor-browser#41386: The new tor-launcher has a problem when another Tor is running
Bug tor-browser#41387: New identity and new circuit ended up inside history
Bug tor-browser#41400: Missing onionAuthViewKeys causes "Onion Services Keys" dialog to be empty.
Bug tor-browser#41401: Missing some mozilla icons because we still loading them from "chrome://browser/skin" rather than "chrome://global/skin/icons"
Bug tor-browser#41404: Fix blockchair-onion search extension
Windows:
Bug tor-browser#41149: Review Mozilla 1762576: Firefox is not allowing Symantec DLP to inject DLL into the browser for Data Loss Prevention software
Bug tor-browser#41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
macOS:
Bug tor-browser#41294: Bookmarks manager broken in 12.0a2 on MacOS
Bug tor-browser#41348: cherry-pick macOS OSSpinLock replacements
Bug tor-browser#41370: Find a way to ship custom default bookmarks without changing language-packs on macOS
Bug tor-browser#41372: "Japanese" language menu item is localised in multi-locale testbuild (on mac OS)
Bug tor-browser#41379: The new tor-launcher is broken also on macOS
Linux:
Bug tor-browser#40359: Tor Browser Launcher has Wrong Icon
Android:
Update GeckoView to 102.4.0esr
Bug tor-browser-build#40631: Stop bundling HTTPS Everywhere on Android
Bug tor-browser#41360: Backport Android-specific Firefox 106 to ESR 102.4-based Tor Browser
Bug tor-browser#41394: Implement a setting to always prefer onion sites
Build:
All Platforms:
Update Go to 1.19.2
Bug tor-browser-build#23656: Use .mozconfig files in tor-browser repo for rbm builds
Bug tor-browser-build#28754: make testbuild-android-armv7 stalls during sha256sum step
Bug tor-browser-build#40397: Create a new build target to package tor daemon, pluggable transports and dependencies
Bug tor-browser-build#40619: Make sure translations are taken from gitlab.tpo and not git.tpo
Bug torbrowser-build#40627: Add boklm to torbutton.gpg
Bug tor-browser-build#40634: Update the project/browser path in tools/changelog-format-blog-post and other files
Bug tor-browser-build#40636: Remove https-everywhere from projects/browser/config
Bug tor-browser-build#40639: Remove tor-launcher references
Bug tor-browser-build#40643: Update Richard's key in torbutton.gpg
Bug tor-browser-build#40655: Published tor-expert-bundle tar.gz files should not include their tor-browser-build build id
Bug tor-browser-build#40656: Improve get_last_build_version in tools/signing/nightly/sign-nightly
Bug tor-browser-build#40658: Create an anticensorship team keyring
Bug tor-browser-build#40660: Update changelog-format-blog-post script to point gitlab rather than gitolite
Bug tor-browser-build#40662: Make base-browser nightly build from tag
Bug tor-browser-build#40671: Update langpacks URL
Bug tor-browser#41308: Use the same branch for Desktop and GeckoView
Bug tor-browser#41340: Opt in to some of the NIGHTLY_BUILD features
Bug tor-browser#41343: Add -without-wam-sandboxed-libraries to mozconfig-linux-x86_64-dev for local builds
Bug tor-browser-build#40585: Prune the manual more
Bug tor-browser-build#40663: Do not ship bookmarks in tor-browser-build anymore
Bug tor-browser-build#40669: Remove HTTPS-Everywhere keyring
Bug tor-browser#41357: Enable browser toolbox debugging by default for dev builds
macOS:
Bug tor-browser-build#40158: Add support for macOS AArch64
Bug tor-browser-build#40464: go 1.18 fails to build on macOS
Linux:
Bug tor-browser-build#40659: Error building goservice for linux in nightly build
Android:
Bug tor-browser-build#40640: Extract Gradle in the toolchain setup

New in Tor Browser 11.5.6 (Oct 27, 2022)

New in Tor Browser 11.5.5 (Oct 26, 2022)

New in Tor Browser 11.5.4 (Oct 13, 2022)

New in Tor Browser 12.0 Alpha 3 (Sep 29, 2022)

New in Tor Browser 12.0 Alpha 2 (Sep 11, 2022)

All Platforms:
Update Firefox to 102.2.0esr
Update Tor to 0.4.7.10
Update NoScript to 11.4.10
Update Translations
Bug tor-browser#40242: Tor Browser has two default bridges that share a fingerprint, and Tor ignores one
Windows + macOS + Linux:
Update Tor-Launcher to 0.2.39
Update Manual
Bug tor-browser-build#40580: Add support for uk (ukranian) locale
Bug tor-browser-buid#40595: Migrate to 102 on desktop
Bug tor-browser#41075: The Tor Browser is showing caution sign but your document said it won't
Bug tor-browser#41089: Add tor-browser build scripts + Makefile to tor-browser
macOS:
Bug tor-browser#41108: Remove privileged macOS installation from 102
Android:
Bug fenix#40225: Bundled extensions don't get updated with Android Tor Browser updates (they stay stuck at the first installed version)
Bug tor-browser#41094: Enable HTTPS-Only Mode by default in Tor Browser Android
Bug tor-browser#41156: User-installed addons are broken on Android
Bug tor-browser#41166: Backport fix for CVE-2022-36317: Long URL would hang Firefox for Android (Bug 1759951)
Bug tor-browser#41167: Backport fix for CVE-2022-38474: Recording notification not shown when microphone was recording on Android (Bug 1719511)
Build System:
All Platforms:
Bug tor-browser-build#40407: Bump binutils version to pick up security improvements for Windows users
Bug tor-browser-build#40591: Rust 1.60 not working to build 102 on Debian Jessie
Bug tor-browser-build#40592: Consider re-using our LLVM/Clang to build Rust
Bug tor-browser-build#40593: Update signing scripts to take into account new project names and layout
Bug tor-browser-build#40607: Add alpha-specific release prep template
Bug tor-browser-build#40610: src-*.tar.xz tarballs are missing in https://dist.torproject.org/torbrowser/12.0a1/
Bug tor-browser-build#40612: Migrate Release Prep template to Release Prep - Stable
Windows + macOS + Linux:
Bug tor-browser#41099: Update+comment the update channels in update_responses.config.yaml
Windows:
Bug tor-browser-buid#29318: Use Clang for everything on Windows
Bug tor-browser-build#29321: Use mingw-w64/clang toolchain to build tor
Bug tor-browser-build#29322: Use mingw-w64/clang toolchain to build OpenSSL
Bug tor-browser-build#40409: Upgrade NSIS to 3.08
macOS:
Bug tor-browser-build#40605: Reworked the macOS toolchain creation
Bug tor-browser-build#40620: Update macosx-sdk to 11.0
Linux:
Bug tor-browser-build#31321: Add cc -> gcc link to projects/gcc
Android:
Update Go to 1.18.5
Bug tor-browser-build#40574: Improve tools/signing/android-signing
Bug tor-browser-build#40582: Prepared TBA to use Mozilla 102 components
Bug tor-browser-build#40604: Bug 40604: Fix binutils build on android

New in Tor Browser 11.5.2 (Aug 30, 2022)

New in Tor Browser 12.0 Alpha 1 (Aug 11, 2022)

Windows + OS X + Linux:
Update Firefox to 91.12.0esr
Update Tor-Launcher to 0.2.38
Update Translations
Update OpenSSL to 1.1.1q
Update Manual
Bug tor-browser#21740: Make sure Mozilla's own emoji font on Windows/Linux does not interfere with our font fingerprinting defense
Bug tor-browser#27719: Treat unsafe renegotiation as broken
Bug tor-browser-build#40584: Update tor-browser manual to latest
Bug tor-browser#40966: Investigate problems with Twemoji Mozilla
Bug tor-browser#41011: The Internet and Tor status are visible when opening the settings
Bug tor-browser#41035: OnionAliasService should use threadsafe ISupports
Bug tor-browser#41036: Add a preference to disable OnionAlias
Bug tor-browser#41037: User onboarding still points to about:preferences#tor
Bug tor-browser#41044: Content exceeding the height of the connection settings modals
Bug tor-browser#41049: QR codes in connection settings aren't recognized by some readers in dark theme
Bug tor-browser#41050: "Continue to HTTP Site" button doesn't work on IP addresses
Bug tor-browser#41053: remove HTTPS-Everywhere entry from browser.uiCustomization.state pref
Bug tor-browser#41054: Improve color contrast of purple elements in connection settings in dark theme
Bug tor-browser#41055: Icon fix from #40834 is missing in 11.5 stable
Bug tor-browser#41058: Hide currentBridges description when the section itself is hidden
Bug tor-browser#41059: Bridge cards aren't displaying, and toggle themselves off
Bug tor-browser#41067: Cherry-pick fixes for HTTPS-Only mode
Bug tor-browser#41070: Google vanished from default search options from 11.0.10 onwards
Bug tor-browser#41089: Add tor-browser build scripts + Makefile to tor-browser
Bug tor-browser#41095: "Learn more" link in onboarding slideshow still points to 11.0 release post
Windows:
Bug tor-browser#30589: Tor Browser on Windows is lacking fonts to render some kind of scripts
Bug tor-browser#41039: Set 'startHidden' flag on tor process in tor-launcher
OS X:
Bug tor-browser#41004: The Bangla font does not display correctly on MacOs
Linux:
Bug tor-browser#41043: Investigate why STIX Two becomes the default font on Linux
Build System:
Windows + OS X + Linux:
Update Go to 1.17.13
Bug tor-browser-build#40499: Update firefox to enable building from new 'base-browser' tag
Bug tor-browser-build#40500: Add base-browser package project
Bug tor-browser-build#40501: Makefile updates to support building base-browser packages
Bug tor-browser-build#40547: Remove container/remote_* from rbm.conf
Bug tor-browser-build#40581: Update reference to master branches

New in Tor Browser 11.5.1 (Aug 11, 2022)

New in Tor Browser 11.5 (Jul 25, 2022)

All Platforms:
Update OpenSSL to 1.1.1q
Windows + OS X + Linux:
Update Firefox to 91.11.0esr
Update Tor-Launcher to 0.2.37
Update Translations
Bug tor-browser#11698: Incorporate Tor Browser Manual pages into Tor Browser
Bug tor-browser#19850: Disable Plaintext HTTP Clearnet Connections
Bug tor-browser#30589: Allowed fonts to render a bunch of missing scripts
Bug tor-browser#40458: Implement about:rulesets https-everywhere replacement
Bug tor-browser-build#40527: Remove https-everywhere from tor-browser alpha desktop
Bug tor-browser#40562: Reorganize patchset
Bug tor-browser#40598: Remove legacy settings read from TorSettings module
Bug tor-browser#40645: Migrate Moat APIs to Moat.jsm module
Bug tor-browser#40684: Misc UI bug fixes
Bug tor-browser#40773: Update the about:torconnect frontend page to match additional UI flows
Bug tor-browser#40774: Update about:preferences page to match new UI designs
Bug tor-browser#40775: about:ion should not be labeled as a Tor Browser page
Bug tor-browser#40793: moved Tor configuration options from old-configure.in to moz.configure
Bug tor-browser#40825: Redirect HTTPS-Only error page when not connected
Bug tor-browser#40912: Hide screenshots menu since we don't support it
Bug tor-browser#40916: Remove the browser.download.panel.shown preference
Bug tor-browser#40923: Consume country code to improve error report
Bug tor-browser#40966: Render emojis in bridgemoji with SVG files, and added emojii descriptions
Bug tor-browser#41011: Make sure the Tor Connection status is shown only in about:preferences#connection
Bug tor-browser#41023: Update manual URLs
Bug tor-browser#41035: OnionAliasService should use threadsafe ISupports
Bug tor-browser#41036: Add a preference to disable Onion Aliases
Bug tor-browser#41037: Fixed the connection preferences on the onboarding
Bug tor-browser#41039: Set 'startHidden' flag on tor process in tor-launcher
OS X:
Bug tor-browser#40797: font-family: monospace renders incorrectly on macOS
Bug tor-browser#41004: Bundled fonts are not picked up on macOS
Linux:
Bug tor-browser#41015: Add --name parameter to correctly setup WM_CLASS when running as native Wayland client
Bug tor-browser#41043: Hardcode the UI font on Linux
Android:
Update Fenix to 99.0.0b3
Build System:
All Platforms:
Bug tor-browser-build#40288: Bump mmdebstrap version to 0.8.6
Bug tor-browser-build#40426: Update Ubuntu base image to 22.04
Bug tor-browser-build#40519: Add Alexis' latest PGP key to https-everywhere key ring
Android:
Update Go to 1.18.3
Bug tor-browser-build#40433: Bump LLVM to 13.0.1 for android builds
Bug tor-browser-build#40470: Fix zlib build issue for android
Bug tor-browser-build#40485: Resolve Android reproducibility issues
Windows + OS X + Linux:
Bug tor-browser-build#34451: Include Tor Browser Manual in packages during build
Bug tor-browser-build#40525: Update the mozconfig for tor-browser-91.9-11.5-2

New in Tor Browser 11.5 Alpha 13 (Jul 3, 2022)

New in Tor Browser 11.0.15 (Jul 3, 2022)

New in Tor Browser 11.0.14 (Jun 11, 2022)

New in Tor Browser 11.5 Alpha 12 (Jun 1, 2022)

New in Tor Browser 11.0.13 (May 24, 2022)

New in Tor Browser 11.5 Alpha 11 (May 24, 2022)

New in Tor Browser 11.0.11 (May 4, 2022)

New in Tor Browser 11.5 Alpha 9 (Apr 28, 2022)

New in Tor Browser 11.0.10 (Apr 8, 2022)

New in Tor Browser 11.5 Alpha 8 (Mar 30, 2022)

New in Tor Browser 11.0.9 (Mar 21, 2022)

New in Tor Browser 11.0.8 (Mar 21, 2022)

New in Tor Browser 11.5 Alpha 6 (Mar 13, 2022)

New in Tor Browser 11.0.7 (Mar 13, 2022)

New in Tor Browser 11.5 Alpha 4 (Feb 23, 2022)

New in Tor Browser 11.5 Alpha 2 (Jan 27, 2022)

New in Tor Browser 11.0.3 (Dec 21, 2021)

New in Tor Browser 11.5 Alpha 1 (Dec 15, 2021)

New in Tor Browser 11.0.1 (Dec 8, 2021)

New in Tor Browser 11.0 (Nov 16, 2021)

Tor Browser gets a new look:
Earlier this year, Firefox’s user interface underwent a significant redesign aimed at simplifying the browser chrome, streamlining menus and featuring an all-new tab design. Firefox ESR 91 introduces the new design to Tor Browser for the first time.
To ensure it lives up to the new experience, each piece of custom UI in Tor Browser has been modernized to match Firefox’s new look and feel. That includes everything from updating the fundamentals like color, typography and buttons to redrawing each of our icons to match the new thinner icon style.
In addition to the browser chrome itself, the connection screen, circuit display, security levels and onion site errors all received a sprucing-up too – featuring some small but welcome quality of life improvements to each.
Final deprecation of v2 onion services:
Last year we announced that v2 onion services would be deprecated in late 2021, and since its 10.5 release Tor Browser has been busy warning users who visit v2 onion sites of their upcoming retirement. At long last, that day has finally come. Since updating to Tor 0.4.6.8 v2 onion services are no longer reachable in Tor Browser, and users will receive an “Invalid Onion Site Address” error instead.
Should you receive this error when attempting to visit a previously working v2 address, there is nothing wrong with your browser – instead, the issue lies with the site itself. If you wish, you can notify the onion site’s administrator about the problem and encourage them to upgrade to a v3 onion service as soon as possible.
It’s easy to tell if you still have any old v2 addresses saved in your bookmarks that are in need of removal or updating too: although both end in .onion, the more secure v3 addresses are 56 characters long compared to v2’s modest 16 character length.
Full changelog:
Windows + OS X + Linux:
Update Firefox to 91.3.0esr
Update Tor to tor-0.4.6.8
Bug 32624: localStorage is not shared between tabs
Bug 33125: Remove xpinstall.whitelist.add* as they don't do anything anymore
Bug 34188: Cleanup extensions.* prefs
Bug 40004: Convert tl-protocol to async.
Bug 40012: Watch all requested tor events
Bug 40027: Make torbutton_send_ctrl_cmd async
Bug 40042: Add missing parameter of createTransport
Bug 40043: Delete all plugin-related protections
Bug 40045: Teach the controller about status_client
Bug 40046: Support arbitrary watch events
Bug 40047: New string for Security Level panel
Bug 40048: Protonify Circuit Display Panel
Bug 40053: investigate fingerprinting potential of extended TextMetrics interface
Bug 40083: Make sure Region.jsm fetching is disabled
Bug 40177: Clean up obsolete preferences in our 000-tor-browser.js
Bug 40220: Make sure tracker cookie purging is disabled
Bug 40342: Set `gfx.bundled-fonts.activate = 1` to preserve current bundled fonts behaviour
Bug 40463: Disable network.http.windows10-sso.enabled in FF 91
Bug 40483: Deutsche Welle v2 redirect
Bug 40534: Cannot open URLs on command line with Tor Browser 10.5
Bug 40547: UX: starting in offline mode can result in difficulty to connect later
Bug 40548: Set network.proxy.failover_direct to false in FF 91
Bug 40561: Refactor about:torconnect implementation
Bug 40567: RFPHelper is not init until after about:torconnect bootstraps
Bug 40597: Implement TorSettings module
Bug 40600: Multiple pages as home page unreliable in 11.0a4
Bug 40616: UX: multiple about:torconnect
Bug 40624: TorConnect banner always visible in about:preferences#tor even after bootstrap
Bug 40626: Update Security Level styling to match Proton UI
Bug 40628: Checkbox wrong color in about:torconnect in dark mode theme
Bug 40630: Update New Identity and New Circuit icons
Bug 40631: site identity icons are not being displayed properly
Bug 40632: Proton'ify Circuit Display Panel
Bug 40634: Style updates for Onion Error Pages
Bug 40636: Fix about:torconnect 'Connect' border radius in about:preferences#tor
Bug 40641: Update Security Level selection in about:preferences to match style as tracking protection option bubbles
Bug 40648: Replace onion pattern divs/css with tiling SVG
Bug 40653: Onion Available text not aligned correctly in toolbar in ESR91
Bug 40655: esr91 is suggesting to make Tor Browser the default browse
Bug 40657: esr91 is missing "New identity" in hamburger menu
Bug 40680: Prepare update to localized assets for YEC
Bug 40686: Update Onboarding link for 11.0
Build System:
Windows + OS X + Linux:
Update Go to 1.16.9
Bug 40048: Remove projects/clang-source
Bug 40347: Make the list of toolchain updates needed for firefox91
Bug 40363: Change bsaes git url
Bug 40366: Use bullseye to build https-everywhere
Bug 40368: Use system's python3 for https-everywhere
Windows + Linux:
Bug 40357: Update binutils to 2.35.2
Windows:
Bug 28240: switch from SJLJ exception handling to Dwarf2 in mingw for win32
Bug 40306: Update Windows toolchain to switch to mozilla91
Bug 40376: Use python3 for running pe_checksum_fix.py
OS X:
Bug 40307: Update macOS toolchain to switch to mozilla91
Linux:
Bug 40222: Bump GCC to 10.3.0 for Linux
Bug 40305: Update Linux toolchain to switch to mozilla91
Bug 40353: Temporarily disable rlbox for linux builds

New in Tor Browser 11.0 Alpha 10 (Nov 8, 2021)

New in Tor Browser 10.5.10 (Nov 3, 2021)

New in Tor Browser 11.0 Alpha 9 (Oct 18, 2021)

Windows + OS X + Linux:
Update Firefox to 91.2.0esr
Update Tor to 0.4.7.1-alpha
Bug 40004: Convert tl-protocol to async. [tor-launcher]
Bug 40012: Watch all requested tor events [tor-launcher]
Bug 40027: Make torbutton_send_ctrl_cmd async [torbutton]
Bug 40042: Add missing parameter of createTransport [torbutton]
Bug 40043: Delete all plugin-related protections [torbutton]
Bug 40045: Teach the controller about status_client [torbutton]
Bug 40046: Support arbitrary watch events [torbutton]
Bug 40047: New string for Security Level panel [torbutton]
Bug 40048: Protonify Circuit Display Panel [torbutton]
Bug 40600: Multiple pages as home page unreliable in 11.0a4 [tor-browser]
Bug 40616: UX: multiple about:torconnect [tor-browser]
Bug 40624: TorConnect banner always visible in about:preferences#tor even after bootstrap [tor-browser]
Bug 40626: Update Security Level styling to match Proton UI [tor-browser]
Bug 40628: Checkbox wrong color in about:torconnect in dark mode theme [tor-browser]
Bug 40630: Update New Identity and New Circuit icons [tor-browser]
Bug 40631: site identity icons are not being displayed properly [tor-browser]
Bug 40632: Proton'ify Circuit Display Panel [tor-browser]
Bug 40634: Style updates for Onion Error Pages [tor-browser]
Bug 40636: Fix about:torconnect 'Connect' border radius in about:preferences#tor [tor-browser]
Build System:
Windows + OS X + Linux:
Update Go to 1.16.9
Bug 40048: Remove projects/clang-source [tor-browser-build]
Bug 40347: Make the list of toolchain updates needed for firefox91 [tor-browser-build]
Bug 40363: Change bsaes git url [tor-browser-build]
Windows + Linux:
Bug 40357: Update binutils to 2.35.2 [tor-browser-build]
Windows:
Bug 28240: switch from SJLJ exception handling to Dwarf2 in mingw for win32 [tor-browser-build]
Bug 40306: Update Windows toolchain to switch to mozilla91 [tor-browser-build]
Bug 40376: Use python3 for running pe_checksum_fix.py [tor-browser-build]
OS X:
Bug 40307: Update macOS toolchain to switch to mozilla91 [tor-browser-build]
Linux:
Bug 40222: Bump GCC to 10.3.0 for Linux [tor-browser-build]
Bug 40305: Update Linux toolchain to switch to mozilla91 [tor-browser-build]
Bug 40353: Temporarily disable rlbox for linux builds [tor-browser-build]

New in Tor Browser 10.5.8 (Oct 7, 2021)

New in Tor Browser 11.0 Alpha 7 (Sep 29, 2021)

New in Tor Browser 11.0 Alpha 5 (Sep 29, 2021)

New in Tor Browser 10.5.4 (Aug 23, 2021)

New in Tor Browser 11.0 Alpha 4 (Aug 17, 2021)

New in Tor Browser 11.0 Alpha 3 (Aug 17, 2021)

New in Tor Browser 11.0 Alpha 2 (Jul 21, 2021)

New in Tor Browser 10.5.2 (Jul 14, 2021)

New in Tor Browser 10.5 (Jul 7, 2021)

All Platforms:
Update NoScript to 11.2.9
Update Tor Launcher to 0.2.30
Translations update
Bug 25483: Provide Snowflake based on Pion for Windows, macOS, and Linux
Bug 33761: Remove unnecessary snowflake dependencies
Bug 40064: Bump libevent to 2.1.12
Bug 40137: Migrate https-everywhere storage to idb
Bug 40261: Bump versions of snowflake and webrtc
Bug 40263: Update domain front for Snowflake
Bug 40302: Update version of snowflake
Bug 40030: DuckDuckGo redirect to html doesn't work
Windows + OS X + Linux:
Bug 27476: Implement about:torconnect captive portal within Tor Browser [tor-browser]
Bug 32228: Bookmark TPO support domains in Tor Browser
Bug 33803: Add a secondary nightly MAR signing key [tor-browser]
Bug 33954: Consider different approach for Bug 2176
Bug 34345: "Don't Bootstrap" Startup Mode
Bug 40011: Rename tor-browser-brand.ftl to brand.ftl
Bug 40012: Fix about:tor not loading some images in 82
Bug 40138: Move our primary nightly MAR signing key to tor-browser
Bug 40209: Implement Basic Crypto Safety
Bug 40428: Correct minor Cryptocurrency warning string typo
Bug 40429: Update Onboarding for 10.5
Bug 40455: Block or recover background requests after bootstrap
Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel
Bug 40475: Include clearing CORS preflight cache
Bug 40478: Onion alias url rewrite is broken
Bug 40484: Bootstrapping page show Quickstart text
Bug 40490: BridgeDB bridge captcha selection is broken in alpha
Bug 40495: Onion pattern is focusable by click on about:torconnect
Bug 40499: Onion Alias doesn't work with TOR_SKIP_LAUNCH
Android:
Bug 30318: Integrate snowflake into mobile Tor Browser
Bug 40206: Disable the /etc/hosts parser
Linux:
Bug 40089: Remove CentOS 6 support for Tor Browser 10.5
Build System:
All Platforms:
Update Go to 1.15.13
Bug 23631: Use rootless containers [tor-browser-build]
Bug 33693: Change snowflake and meek dummy address [tor-browser]
Bug 40016: getfpaths is not setting origin_project
Bug 40169: Update apt package cache after calling pre_pkginst, too
Bug 40194: Remove osname part in cbindgen filename
Windows + OS X + Linux:
Bug 40081: Build Mozilla code with --enable-rust-simd
Bug 40104: Use our TMPDIR when creating our .mar files
Bug 40133: Bump Rust version for ESR 78 to 1.43.0
Bug 40166: Update apt cache before calling pre_pkginst in container-image config
Android:
Bug 28672: Android reproducible build of Snowflake
Bug 40313: Use apt-get to install openjdk-8 .deb files with their dependencies
Windows:
Bug 34360: Bump binutils to 2.35.1
Bug 40131: Remove unused binutils patches
Linux:
Bug 26238: Move to Debian Jessie for our Linux builds
Bug 31729: Support Wayland
Bug 40041: Remove CentOS 6 support for 10.5 series
Bug 40103: Add i386 pkg-config path for linux-i686
Bug 40112: Strip libstdc++ we ship
Bug 40118: Add missing libdrm dev package to firefox container
Bug 40235: Bump apt for Jessie containers

New in Tor Browser 10.0.18 (Jun 25, 2021)

New in Tor Browser 10.0.17 (Jun 13, 2021)

New in Tor Browser 10.0.16 (Apr 21, 2021)

New in Tor Browser 10.0.15 (Apr 5, 2021)

New in Tor Browser 10.0.14 (Mar 26, 2021)

New in Tor Browser 10.5 Alpha 11 (Feb 25, 2021)

New in Tor Browser 10.5 Alpha 9 (Feb 25, 2021)

New in Tor Browser 10.0.12 (Feb 24, 2021)

New in Tor Browser 10.0.10 (Feb 5, 2021)

New in Tor Browser 10.0.9 (Jan 27, 2021)

New in Tor Browser 10.5 Alpha 8 (Jan 27, 2021)

New in Tor Browser 10.0.8 (Jan 14, 2021)

New in Tor Browser 10.5 Alpha 6 (Dec 20, 2020)

New in Tor Browser 10.0.6 (Dec 15, 2020)

New in Tor Browser 10.0.5 (Nov 19, 2020)

New in Tor Browser 10.5 Alpha 4 (Nov 19, 2020)

New in Tor Browser 10.5 Alpha 2 (Oct 31, 2020)

New in Tor Browser 10.0.2 (Oct 31, 2020)

New in Tor Browser 10.0.1 (Oct 14, 2020)

New in Tor Browser 10.5 Alpha 1 (Sep 27, 2020)

New in Tor Browser 10.0 (Sep 27, 2020)

Windows + OS X + Linux:
Update Firefox to 78.3.0esr
Update Tor to 0.4.4.5
Update Tor Launcher to 0.2.25
Bug 32174: Replace XUL with
Bug 33890: Rename XUL files to XHTML
Bug 33862: Fix usages of createTransport API
Bug 33906: Fix Tor-Launcher issues for Firefox 75
Bug 33998: Use CSS grid instead of XUL grid
Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
Bug 34206: Tor Launcher button labels are missing (Firefox 76)
Bug 40002: After rebasing to 80.0b2 moat is broken
Translations update
Update NoScript to 11.0.44
Bug 40093: Youtube videos on safer produce an error
Translations update
Bug 10394: Let Tor Browser update HTTPS Everywhere
Bug 11154: Disable TLS 1.0 (and 1.1) by default
Bug 16931: Sanitize the add-on blocklist update URL
Bug 17374: Disable 1024-DH Encryption by default
Bug 21601: Remove unused media.webaudio.enabled pref
Bug 30682: Disable Intermediate CA Preloading
Bug 30812: Exempt about: pages from Resist Fingerprinting
Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78
Bug 32612: Update MAR_CHANNEL_ID for the alpha
Bug 32886: Separate treatment of @media interaction features for desktop and android
Bug 33534: Review FF release notes from FF69 to latest (FF78)
Bug 33697: Use old search config based on list.json
Bug 33721: PDF Viewer is not working in the safest security level
Bug 33734: Set MOZ_NORMANDY to False
Bug 33737: Fix aboutDialog.js error for Firefox nightlies
Bug 33848: Disable Enhanced Tracking Protection
Bug 33851: Patch out Parental Controls detection and logging
Bug 33852: Clean up about:logins to not mention Sync
Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
Bug 33862: Fix usages of createTransport API
Bug 33867: Disable password manager and password generation
Bug 33890: Rename XUL files to XHTML
Bug 33892: Add brandProductName to brand.dtd and brand.properties
Bug 33962: Uplift patch for bug 5741 (dns leak protection)
Bug 34125: API change in protocolProxyService.registerChannelFilter
Bug 40001: Generate tor-browser-brand.ftl when importing translations
Bug 40002: Remove about:pioneer
Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils
Bug 40003: Adapt code for L10nRegistry API changes
Bug 40005: Initialize the identity UI before setting up the circuit display
Bug 40006: Fix new identity for 81
Bug 40007: Move SecurityPrefs initialization to the StartupObserver component
Bug 40008: Style fixes for 78
Bug 40016: Update Snowflake to discover NAT type
Bug 40017: Audit Firefox 68-78 diff for proxy issues
Bug 40022: Update new icons in Tor Browser branding
Bug 40025: Revert add-on permissions due to Mozilla's 1560059
Bug 40036: Remove product version/update channel from #13379 patch
Bug 40038: Review RemoteSettings for ESR 78
Bug 40048: Disable various ESR78 features via prefs
Bug 40059: Verify our external helper patch is still working
Bug 40066: Update existing prefs for ESR 78
Bug 40066: Remove default bridge 37.218.240.34
Bug 40073: Disable remote Public Suffix List fetching
Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere
Bug 40078: Backport patches for bug 1651680 for now
Bug 40082: Let JavaScript on safest setting handled by NoScript again
Bug 40088: Moat "Submit" button does not work
Bug 40090: Disable v3 add-on blocklist for now
Bug 40091: Load HTTPS Everywhere as a builtin addon
Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha
Bug 40106: Cannot install addons in full screen mode
Bug 40109: Playing video breaks after reloading pages
Bug 40119: Enable v3 extension blocklisting again
Windows:
Bug 33855: Don't use site's icon as window icon in Windows in private mode
Bug 40061: Omit the Windows default browser agent from the build
OS X:
Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
Build System:
Windows + OS X + Linux:
Bump Go to 1.14.7
Bug 31845: Bump GCC version to 9.3.0
Bug 34011: Bump clang to 9.0.1
Bug 34014: Enable sqlite3 support in Python
Bug 34390: Don't copy DBM libraries anymore
Bug 34391: Remove unused --enable-signmar option
Bug 40004: Adapt Rust project for Firefox 78 ESR
Bug 40005: Adapt Node project for Firefox 78 ESR
Bug 40006: Adapt cbindgen for Firefox 78 ESR
Bug 40037: Move projects over to clang-source
Bug 40026: Fix full .mar creation for esr78
Bug 40027: Fix incremental .mar creation for esr78
Bug 40028: Do not reference unset env variables
Bug 40031: Add licenses for kcp-go and smux.
Bug 40045: Fix complete .mar file creation for dmg2mar
Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1
Bug 40087: Deterministically add HTTPS Everywhere into omni.ja
Windows:
Bug 34230: Update Windows toolchain for Firefox 78 ESR
Bug 40015: Use only 64bit fxc2
Bug 40017: Enable stripping again on Windows
Bug 40052: Bump NSIS to 3.06.1
Bug 40061: Omit the Windows default browser agent from the build
Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems
Bug 40077: Don't pass --no-insert-timestamp when building Firefox
Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore
OS X:
Bug 34229: Update macOS toolchain for Firefox 78 ESR
Bug 40003: Update cctools version for Firefox 78 ESR
Bug 40018: Add libtapi project for cctools
Bug 40019: Ship our own runtime library for macOS
Linux:
Bug 34359: Adapt abicheck.cc to deal with newer GCC version
Bug 34386: Fix up clang compilation on Linux
Bug 40053: Also create the langpacks tarball for non-release builds

New in Tor Browser 10.0 Alpha 7 (Sep 17, 2020)

New in Tor Browser 10.0 Alpha 6 (Aug 27, 2020)

New in Tor Browser 10.0 Alpha 5 (Aug 21, 2020)

Windows + OS X + Linux:
Update Firefox to 78.1.0esr
Update Tor to 0.4.4.4-rc
Update Tor Launcher to 0.2.22
Bug 32174: Replace XUL with
Bug 33890: Rename XUL files to XHTML
Bug 33862: Fix usages of createTransport API
Bug 33906: Fix Tor-Launcher issues for Firefox 75
Bug 33998: Use CSS grid instead of XUL grid
Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
Bug 34206: Tor Launcher button labels are missing (Firefox 76)
Translations update
Update NoScript to 11.0.37
Bug 11154: Disable TLS 1.0 (and 1.1) by default
Bug 16931: Sanitize the add-on blocklist update URL
Bug 17374: Disable 1024-DH Encryption by default
Bug 30682: Disable Intermediate CA Preloading
Bug 30812: Exempt about: pages from Resist Fingerprinting
Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78 [tor-browser]
Bug 32612: Update MAR_CHANNEL_ID for the alpha
Bug 32886: Separate treatment of @media interaction features for desktop and android
Bug 33534: Review FF release notes from FF69 to latest (FF78)
Bug 33697: Use old search config based on list.json
Bug 33721: PDF Viewer is not working in the safest security level
Bug 33734: Set MOZ_NORMANDY to False
Bug 33737: Fix aboutDialog.js error for Firefox nightlies
Bug 33848: Disable Enhanced Tracking Protection
Bug 33851: Patch out Parental Controls detection and logging
Bug 33852: Clean up about:logins to not mention Sync
Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
Bug 33862: Fix usages of createTransport API
Bug 33867: Disable password manager and password generation
Bug 33890: Rename XUL files to XHTML
Bug 33892: Add brandProductName to brand.dtd and brand.properties
Bug 33962: Uplift patch for bug 5741 (dns leak protection)
Bug 34125: API change in protocolProxyService.registerChannelFilter
Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
Bug 40005: Initialize the identity UI before setting up the circuit display [torbutton]
Bug 40016: Update Snowflake to discover NAT type [tor-browser-build]
Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
Bug 40022: Update new icons in Tor Browser branding [tor-browser]
Bug 40025: Revert add-on permissions due to Mozilla's 1560059 [tor-browser]
Bug 40036: Remove product version/update channel from #13379 patch [tor-browser]
Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
Bug 40048: Disable various ESR78 features via prefs [tor-browser]
Bug 40059: Verify our external helper patch is still working [tor-browser]
Bug 40066: Update existing prefs for ESR 78 [tor-browser]
Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
Bug 40078: Backport patches for bug 1651680 for now [tor-browser]
Translations update
Windows:
Bug 33855: Don't use site's icon as window icon in Windows in private mode
Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
OS X:
Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
Build System:
Windows + OS X + Linux:
Bug 31845: Bump GCC version to 9.3.0
Bug 34011: Bump clang to 9.0.1
Bug 34014: Enable sqlite3 support in Python
Bug 34390: Don't copy DBM libraries anymore
Bug 34391: Remove unused --enable-signmar option
Bug 40004: Adapt Rust project for Firefox 78 ESR [tor-browser-build]
Bug 40005: Adapt Node project for Firefox 78 ESR [tor-browser-build]
Bug 40006: Adapt cbindgen for Firefox 78 ESR [tor-browser-build]
Bug 40037: Move projects over to clang-source [tor-browser-build]
Bug 40026: Fix full .mar creation for esr78 [tor-browser-build]
Bug 40027: Fix incremental .mar creation for esr78 [tor-browser-build]
Bug 40028: Do not reference unset env variables [tor-browser-build]
Windows:
Bug 34230: Update Windows toolchain for Firefox 78 ESR
Bug 40015: Use only 64bit fxc2 [tor-browser-build]
Bug 40017: Enable stripping again on Windows [tor-browser-build]
Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
OS X:
Bug 34229: Update macOS toolchain for Firefox 78 ESR
Bug 40003: Update cctools version for Firefox 78 ESR [tor-browser-build]
Bug 40018: Add libtapi project for cctools [tor-browser-build]
Bug 40019: Ship our own runtime library for macOS [tor-browser-build]
Linux:
Bug 34359: Adapt abicheck.cc to deal with newer GCC version
Bug 34386: Fix up clang compilation on Linux

New in Tor Browser 9.5.3 (Jul 29, 2020)

New in Tor Browser 10.0 Alpha 2 (Jul 1, 2020)

New in Tor Browser 9.5.1 (Jun 29, 2020)

New in Tor Browser 9.5 (Jun 4, 2020)

All Platforms:
Update Firefox to 68.9.0esr
Update HTTPS-Everywhere to 2020.5.20
Update NoScript to 11.0.26
Update Tor to 0.4.3.5
Translations update
Bug 21549: Disable wasm for now until it is properly audited
Bug 27268: Preferences clean-up in Torbutton code
Bug 28745: Remove torbutton.js unused code
Bug 28746: Remove torbutton isolation and fp prefs sync
Bug 30237: Control port module improvements for v3 client authentication
Bug 30786: Add th locale
Bug 30787: Add lt locale
Bug 30788: Add ms locale
Bug 30851: Move default preferences to 000-tor-browser.js
Bug 30888: move torbutton_util.js to modules/utils.js
Bug 31134: Govern graphite again by security settings
Bug 31395: Remove inline script in aboutTor.xhtml
Bug 31499: Update libevent to 2.1.11-stable
Bug 33877: Disable Samples and Regression tests For Libevent Build
Bug 31573: Catch SessionStore.jsm exception
Bug 32318: Backport Mozilla's fix for bug 1534339
Bug 32414: Make Services.search.addEngine obey FPI
Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
Bug 33342: Avoid disconnect search addon error after removal
Bug 33726: Fix patch for #23247: Communicating security expectations for .onion
Bug 34157: Backport fix for Mozilla Bug 1511941
Windows + OS X + Linux:
Update Tor Launcher to 0.2.21.8
Translations update
Bug 19757: Support on-disk storage of v3 client auth keys
Bug 30237: Add v3 onion services client authentication prompt
Bug 30786: Add th locale
Bug 30787: Add lt locale
Bug 30788: Add ms locale
Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
Bug 19251: Show improved error pages for onion service errors
Bug 19757: Support on-disk storage of v3 client auth keys
Bug 21952: Implement Onion-Location
Bug 27604: Fix broken Tor Browser after moving it to a different directory
Bug 28005: Implement .onion alias urlbar rewrites
Bug 30237: Improve TBB UI of hidden service client authorization
Bug 32076: Upgrade to goptlib v1.1.0
Bug 32220: Improve the letterboxing experience
Bug 32418: Allow updates to be disabled via an enterprise policy.
Bug 32470: Backport fix for bug 1590538
Bug 32645: Update URL bar onion indicators
Bug 32658: Create a new MAR signing key
Bug 32674: Point the about:tor "Get involved" link to the community portal
Bug 32767: Remove Disconnect search
Bug 33698: Update "About Tor Browser" links in Tor Browser
Bug 33707: Swap out onion icon in circuit display with new one
Bug 34032: Use Securedrop's Official https-everywhere ruleset
Bug 34196: Update site info URL with the onion name
Bug 34321: Add Learn More onboarding item
OS X:
Bug 32505: Tighten our rules in our entitlements file for macOS
Build System:
All Platforms
Go to 1.13.11
Bug 33380: Add *.json to sha256sums-unsigned-build.txt

New in Tor Browser 10.0 Alpha 1 (Jun 4, 2020)

New in Tor Browser 9.5 Alpha 13 (May 24, 2020)

New in Tor Browser 9.5 Alpha 12 (May 8, 2020)

New in Tor Browser 9.0.10 (May 5, 2020)

New in Tor Browser 9.5 Alpha 11 (Apr 10, 2020)

New in Tor Browser 9.0.9 (Apr 9, 2020)

New in Tor Browser 9.0.8 (Apr 5, 2020)

New in Tor Browser 9.5 Alpha 9 (Mar 31, 2020)

New in Tor Browser 9.0.7 (Mar 24, 2020)

New in Tor Browser 9.5 Alpha 8 (Mar 16, 2020)

New in Tor Browser 9.0.6 (Mar 13, 2020)

New in Tor Browser 9.5 Alpha 7 (Mar 11, 2020)

New in Tor Browser 9.5 Alpha 6 (Mar 3, 2020)

New in Tor Browser 9.5 Alpha 5 (Feb 17, 2020)

New in Tor Browser 9.0.5 (Feb 12, 2020)

New in Tor Browser 9.0.4 (Feb 12, 2020)

New in Tor Browser 9.5 Alpha 4 (Jan 12, 2020)

New in Tor Browser 9.0.3 (Jan 9, 2020)

New in Tor Browser 9.0.2 (Dec 8, 2019)

New in Tor Browser 9.5 Alpha 3 (Dec 4, 2019)

New in Tor Browser 9.5 Alpha 2 (Nov 12, 2019)

New in Tor Browser 9.0.1 (Nov 6, 2019)

New in Tor Browser 9.5 Alpha 1 (Oct 25, 2019)

New in Tor Browser 9.0 (Oct 25, 2019)

This release features important security updates to Firefox.
Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to 0.4.1.6 and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5 for Android).
In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you.
Goodbye, Onion Button:
We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.
Hello, New Identity Button:
Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar. You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.
Torbutton and Tor Launcher Integration:
Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page.
We redesigned the bridge and proxy configuration dialogs and include them directly into the browser's preference settings as well.
Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor.
Better Localization Support:
If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0, Tor Browser has been available in 25 languages. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 27.
We also fixed bugs in our previously shipped localized bundles (such as ar and ko).
Full changelog:
Update Firefox to 68.2.0esr
Bug 31740: Remove some unnecessary RemoteSettings instances
Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
Bug 28196: about:preferences is not properly translated anymore
Bug 19417: Disable asmjs on safer and safest security levels
Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
Bug 31935: Disable profile downgrade protection
Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
Bug 31602: Remove Pocket indicators in UI and disable it
Bug 31914: Fix eslint linter error
Bug 30429: Rebase patches for Firefox 68 ESR
Bug 31144: Review network code changes for Firefox 68 ESR
Bug 10760: Integrate Torbutton into Tor Browser directly
Bug 25856: Remove XUL overlays from Torbutton
Bug 31322: Fix about:tor assertion failure debug builds
Bug 29430: Add support for meek_lite bridges to bridgeParser
Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
Bug 30683: Prevent detection of locale via some *.properties
Bug 31298: Backport patch for #24056
Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
Bug 27601: Browser notifications are not working anymore
Bug 30845: Make sure internal extensions are enabled
Bug 28896: Enable extensions in private browsing by default
Bug 31563: Reload search extensions if extensions.enabledScopes has changed
Bug 31396: Fix communication with NoScript for security settings
Bug 31142: Fix crash of tab and messing with about:newtab
Bug 29049: Backport JS Poison Patch
Bug 25214: Canvas data extraction on locale pdf file should be allowed
Bug 30657: Locale is leaked via title of link tag on non-html page
Bug 31015: Disabling SVG hides UI icons in extensions
Bug 30681: Set security.enterprise_roots.enabled to false
Bug 30538: Unable to comment on The Independent Newspaper
Bug 31209: View PDF in Tor Browser is fuzzy
Translations update
Update Tor to 0.4.1.6
Update OpenSSL to 1.1.1d:
Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
Update Tor Launcher to 0.2.20.1:
Bug 28044: Integrate Tor Launcher into tor-browser
Bug 32154: Custom bridge field only allows one line of input
Bug 31286: New strings for about:preferences#tor
Bug 31303: Do not launch tor in browser toolbox
Bug 32112: Fix bad & escaping in translations
Bug 31491: Clean up the old meek http helper browser profiles
Bug 29197: Remove use of overlays
Bug 31300: Modify Tor Launcher so it is compatible with ESR68
Bug 31487: Modify moat client code so it is compatible with ESR68
Bug 31488: Moat: support a comma-separated list of transports
Bug 30468: Add mk locale
Bug 30469: Add ro locale
Bug 30319: Remove FTE bits
Translations update
Bug 32092: Fix Tor Browser Support link in preferences
Bug 32111: Fixed issue parsing user-provided bridge strings
Bug 31749: Fix security level panel spawning events
Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
Bug 28044: Integrate Tor Launcher into tor-browser
Bug 31059: Enable Letterboxing
Bug 30468: Add mk locale
Bug 30469: Add ro locale
Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
Bug 31251: Security Level button UI polish
Bug 31344: Register SecurityLevelPreference's 'unload' callback
Bug 31286: Provide network settings on about:preferences#tor
Bug 31886: Fix ko bundle bustage
Bug 31768: Update onboarding for Tor Browser 9
Bug 27511: Add new identity button to toolbar
Bug 31778: Support dark-theme for the Circuit Display UI
Bug 31910: Replace meek_lite with meek in circuit display
Bug 30504: Deal with New Identity related browser console errors
Bug 31929: Don't escape DTD entity in ar
Bug 31747: Some onboarding UI is always shown in English
Bug 32041: Replace = with real hamburguer icon ≡
Bug 30304: Browser locale can be obtained via DTD strings
Bug 31065: Set network.proxy.allow_hijacking_localhost to true
Bug 24653: Merge securityLevel.properties into torbutton.dtd
Bug 31164: Set up default bridge at Karlstad University
Bug 15563: Disable ServiceWorkers on all platforms
Bug 31598: Disable warning on window resize if letterboxing is enabled
Bug 31562: Fix circuit display for error pages
Bug 31575: Firefox is phoning home during start-up
Bug 31491: Clean up the old meek http helper browser profiles
Bug 26345: Hide tracking protection UI
Bug 31601: Disable recommended extensions again
Bug 30662: Don't show Firefox Home when opening new tabs
Bug 31457: Disable per-installation profiles
Bug 28822: Re-implement desktop onboarding for ESR 68
Bug 31942: Re-enable signature check for language packs
Bug 29013: Enable stack protection for Firefox on Windows
Bug 30800: ftp:// on Windows can be used to leak the system time zone
Bug 31547: Back out patch for Mozilla's bug 1574980
Bug 31141: Fix typo in font.system.whitelist
Bug 30319: Remove FTE bits
Build System:
Bug 30585: Provide standalone clang 8 project across all platforms
Bug 30376: Use Rust 1.34 for Tor Browser 9
Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
Bug 31621: Fix node bug that makes large writes to stdout fail
Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
Bug 31293: Make sure the lo interface inside the containers is up
Bug 27493: Clean up mozconfig options
Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
Bug 29307: Use Stretch for cross-compiling for Windows
Bug 29731: Remove faketime for Windows builds
Bug 30322: Windows toolchain update for Firefox 68 ESR
Bug 28716: Create mingw-w64-clang toolchain
Bug 28238: Adapt firefox and fxc2 projects for Windows builds
Bug 28716: Optionally omit timestamp in PE header
Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
Bug 9898: Provide clean fix for strcmpi issue in NSPR
Bug 29013: Enable stack protection support for Firefox on Windows
Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
Bug 31584: Clean up mingw-w64 project
Bug 31596: Bump mingw-w64 version to pick up fix for #31567
Bug 29187: Bump NSIS version to 3.04
Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
Bug 29319: Remove FTE support for Windows

New in Tor Browser 9.0 Alpha 8 (Oct 16, 2019)

New in Tor Browser 9.0 Alpha 7 (Oct 2, 2019)

New in Tor Browser 9.0 Alpha 6 (Sep 5, 2019)

All platforms:
Update Firefox to 68.1.0esr
Bug 30429: Rebase patches for Firefox 68 ESR
Bug 10760: Integrate Torbutton into Tor Browser directly
Bug 25856: Remove XUL overlays from Torbutton
Bug 31322: Fix about:tor assertion failure debug builds
Bug 31520: Remove monthly giving banner from Tor Browser
Bug 29430: Add support for meek_lite bridges to bridgeParser
Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
Bug 30683: Prevent detection of locale via some *.properties
Bug 31298: Backport patch for #24056
Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
Bug 27601: Browser notifications are not working anymore
Bug 30845: Make sure internal extensions are enabled
Bug 28896: Enable extensions in private browsing by default
Bug 31563: Reload search extensions if extensions.enabledScopes has changed
Bug 31396: Fix communication with NoScript for security settings
Bug 31142: Fix crash of tab and messing with about:newtab
Bug 29049: Backport JS Poison Patch
Bug 25214: Canvas data extraction on locale pdf file should be allowed
Bug 30657: Locale is leaked via title of link tag on non-html page
Bug 31015: Disabling SVG hides UI icons in extensions
Bug 31357: Retire Tom's default obfs4 bridge
Update NoScript to 11.0.3:
Bug 26847: NoScript pops up a full-site window for XSS warning
Bug 31287: NoScript leaks browser locale
Windows + OS X + Linux:
Update Tor to 0.4.1.5
Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
Bug 31251: Security Level button UI polish
Bug 31344: Register SecurityLevelPreference's 'unload' callback
Bug 12774: Selecting meek in the browser UI is broken
Update Tor Launcher to 0.2.19.3:
Bug 29197: Remove use of overlays
Bug 31300: Modify Tor Launcher so it is compatible with ESR68
Bug 31487: Modify moat client code so it is compatible with ESR68
Bug 31488: Moat: support a comma-separated list of transports
Translations update
Build System:
Bug 31465: Bump Go to 1.12.9
OS X:
Bug 29818: Adapt #13379 patch for 68esr
Bug 31403: Bump snowflake commit to cd650fa009
Build System:
All Platforms:
Bug 30585: Provide standalone clang 8 project across all platforms
Bug 30376: Use Rust 1.34 for Tor Browser 9
Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
Bug 9898: Provide clean fix for strcmpi issue in NSPR
OS X:
Bug 30323: MacOS toolchain update for Firefox 68 ESR
Bug 31467: Switch to clang for cctools project
Bug 31465: Adapt tor-browser-build projects for macOS notarization

New in Tor Browser 8.5.5 (Sep 4, 2019)

New in Tor Browser 8.5.4 (Jul 9, 2019)

New in Tor Browser 9.0 Alpha 4 (Jul 9, 2019)

New in Tor Browser 9.0 Alpha 3 (Jul 9, 2019)

New in Tor Browser 8.5.3 (Jun 24, 2019)

New in Tor Browser 8.5.2 (Jun 20, 2019)

New in Tor Browser 9.0 Alpha 2 (Jun 12, 2019)

New in Tor Browser 8.5.1 (Jun 4, 2019)

New in Tor Browser 9.0 Alpha 1 (May 23, 2019)

New in Tor Browser 8.5 (May 22, 2019)

All platforms:
Update Firefox to 60.7.0esr
Update HTTPS Everywhere to 2019.5.6.1
Bug 27290: Remove WebGL pref for min capability mode
Bug 29120: Enable media cache in memory
Bug 24622: Proper first-party isolation of s3.amazonaws.com
Bug 29082: Backport patches for bug 1469916
Bug 28711: Backport patches for bug 1474659
Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
Bug 29028: Auto-decline most canvas warning prompts again
Bug 27919: Backport SSL status API
Bug 27597: Fix our debug builds
Bug 28082: Add locales cs, el, hu, ka
Bug 26498: Add locale: es-AR
Bug 29916: Make sure enterprise policies are disabled
Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
Bug 29327: TypeError: hostName is null on about:tor page
Bug 30425: Revert armagadd-on-2.0 changes
Update Torbutton to 2.1.8
Bug 25013: Integrate Torbutton into tor-browser for Android
Bug 27111: Update about:tor desktop version to work on mobile
Bug 22538+22513: Fix new circuit button for error pages
Bug 25145: Update circuit display when back button is pressed
Bug 27749: Opening about:config shows circuit from previous website
Bug 30115: Map browser+domain to credentials to fix circuit display
Bug 25702: Update Tor Browser icon to follow design guidelines
Bug 21805: Add click-to-play button for WebGL
Bug 28836: Links on about:tor are not clickable
Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
Bug 29825: Intelligently add new Security Level button to taskbar
Bug 29903: No WebGL click-to-play on the standard security level
Bug 27290: Remove WebGL pref for min capability mode
Bug 25658: Replace security slider with security level UI
Bug 28628: Change onboarding Security panel to open new Security Level panel
Bug 29440: Update about:tor when Tor Browser is updated
Bug 27478: Improved Torbutton icons for dark theme
Bug 29239: Don't ship the Torbutton .xpi on mobile
Bug 27484: Improve navigation within onboarding (strings)
Bug 29768: Introduce new features to users (strings)
Bug 28093: Update donation banner style to make it fit in small screens
Bug 28543: about:tor has scroll bar between widths 900px and 1000px
Bug 28039: Enable dump() if log method is 0
Bug 27701: Don't show App Blocker dialog on Android
Bug 28187: Change tor circuit icon to torbutton.svg
Bug 29943: Use locales in AB-CD scheme to match Mozilla
Bug 26498: Add locale: es-AR
Bug 28082: Add locales cs, el, hu, ka
Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
Bug 28075: Tone down missing SOCKS credential warning
Bug 30425: Revert armagadd-on-2.0 changes
Bug 30497: Add Donate link to about:tor
Bug 30069: Use slider and about:tor localizations on mobile
Bug 21263: Remove outdated information from the README
Bug 28747: Remove NoScript (XPCOM) related unused code
Translations update
Code clean-up
Windows + OS X + Linux:
Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
Bug 28111: Use Tor Browser icon in identity box
Bug 22343: Make 'Save Page As' obey first-party isolation
Bug 29768: Introduce new features to users
Bug 27484: Improve navigation within onboarding
Bug 25658+29554: Replace security slider with security level UI
Bug 25405: Cannot use Moat if a meek bridge is configured
Bug 28885: notify users that update is downloading
Bug 29180: MAR download stalls when about dialog is opened
Bug 27485: Users are not taught how to open security-slider dialog
Bug 27486: Avoid about:blank tabs when opening onboarding pages
Bug 29440: Update about:tor when Tor Browser is updated
Bug 23359: WebExtensions icons are not shown on first start
Bug 28628: Change onboarding Security panel to open new Security Level panel
Bug 27905: Fix many occurrences of "Firefox" in about:preferences
Bug 28369: Stop shipping pingsender executable
Bug 30457: Remove defunct default bridges
Update OpenSSL to 1.0.2r
Update Tor Launcher to 0.2.18.3:
Bug 27994+25151: Use the new Tor Browser logo
Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
Bug 22402: Improve "For assistance" link
Bug 27994: Use the new Tor Browser logo
Bug 25405: Cannot use Moat if a meek bridge is configured
Bug 27392: Update Moat URLs
Bug 28082: Add locales cs, el, hu, ka
Bug 26498: Add locale es-AR
Bug 28039: Enable dump() if log method is 0
Translations update
OS X:
Bug 27623: Use MOZILLA_OFFICIAL for our builds
Build System:
All platforms:
Bug 29868: Fix installation of python-future package
Bug 25623: Disable network during build
Bug 25876: Generate source tarballs during build
Bug 28685: Set Build ID based on Tor Browser version
Bug 29194: Set DEBIAN_FRONTEND=noninteractive
Bug 29167: Upgrade go to 1.11.5
Bug 29158: Install updated apt packages (CVE-2019-3462)
Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
Bug 27061: Enable verification of langpacks checksums
OS X:
Bug 27320: Build certutil for macOS

New in Tor Browser 8.0.9 (May 8, 2019)

New in Tor Browser 8.5 Alpha 11 (Apr 17, 2019)

New in Tor Browser 8.5 Alpha 10 (Mar 25, 2019)

New in Tor Browser 8.0.8 (Mar 23, 2019)

New in Tor Browser 8.5 Alpha 9 (Mar 21, 2019)

New in Tor Browser 8.0.7 (Mar 19, 2019)

New in Tor Browser 8.5 Alpha 8 (Feb 15, 2019)

New in Tor Browser 8.0.6 (Feb 13, 2019)

New in Tor Browser 8.5 Alpha 7 (Jan 30, 2019)

New in Tor Browser 8.0.5 (Jan 29, 2019)

New in Tor Browser 8.0.4 (Jan 29, 2019)

New in Tor Browser 8.0.3 (Jan 29, 2019)

New in Tor Browser 8.5 Alpha 6 (Dec 11, 2018)

New in Tor Browser 8.5 Alpha 5 (Dec 4, 2018)

New in Tor Browser 8.5 Alpha 4 (Oct 24, 2018)

New in Tor Browser 8.5 Alpha 3 (Oct 10, 2018)

New in Tor Browser 8.0.2 (Oct 3, 2018)

New in Tor Browser 8.5 Alpha 2 (Sep 25, 2018)

New in Tor Browser 8.5 Alpha 1 (Sep 5, 2018)

New in Tor Browser 8.0 (Sep 5, 2018)

ALL PLATFORMS:
Update Firefox to 60.2.0esr
Update Tor to 0.3.3.9
Update OpenSSL to 1.0.2p
Update Libevent to 2.1.8
Update Torbutton to 2.0.6
Update HTTPS Everywhere to 2018.8.22
Update NoScript to 10.1.9.1
Update obfs4proxy to v0.0.7 (bug 25356)
Bug 27082: Enable a limited UITour for user onboarding
Bug 26961: New user onboarding
Bug 26962: New feature onboarding
Bug 27403: The onboarding bubble is not always displayed
Bug 27283: Fix first-party isolation for UI tour
Bug 27213: Update about:tbupdate to new (about:tor) layout
Bug 17252: Enable TLS session identifiers with first-party isolation
Bug 26353: Prevent speculative connects that violate first-party isolation
Bug 26670: Make canvas permission prompt respect first-party isolation
Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
Bug 26456: HTTP .onion sites inherit previous page's certificate information
Bug 26561: .onion images are not displayed
Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
Bug 26833: Backport Mozilla's bug 1473247
Bug 26628: Backport Mozilla's bug 1470156
Bug 26237: Clean up toolbar for ESR60-based Tor Browser
Bug 26519: Avoid Firefox icons in ESR60
Bug 26039: Load our preferences that modify extensions (fixup)
Bug 26515: Update Tor Browser blog post URLs
Bug 26216: Fix broken MAR file generation
Bug 26409: Remove spoofed locale implementation
Bug 25543: Rebase Tor Browser patches for ESR60
Bug 23247: Show security state of .onions
Bug 26039: Load our preferences that modify extensions
Bug 17965: Isolate HPKP and HSTS to URL bar domain
Bug 21787: Spoof en-US for date picker
Bug 21607: Disable WebVR for now until it is properly audited
Bug 21549: Disable wasm for now until it is properly audited
Bug 26614: Disable Web Authentication API until it is properly audited
Bug 27281: Enable Reader View mode again
Bug 26114: Don't expose navigator.mozAddonManager to websites
Bug 21850: Update about:tbupdate handling for e10s
Bug 26048: Fix potentially confusing "restart to update" message
Bug 27221: Purge startup cache if Tor Browser version changed
Bug 26049: Reduce delay for showing update prompt to 1 hour
Bug 26365: Add potential AltSvc support
Bug 9145: Fix broken hardware acceleration on Windows and enable it
Bug 26045: Add new MAR signing keys
Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
Bug 19910: Rip out optimistic data socks handshake variant (#3875)
Bug 22564: Hide Firefox Sync
Bug 25090: Disable updater telemetry
Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
Bug 13575: Disable randomised Firefox HTTP cache decay user tests
Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
Bug 24995: Include git hash in tor --version
Bug 27268+27257+27262+26603 : Preferences clean-up
Bug 26073: Migrate general.useragent.locale to intl.locale.requested
Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
Bug 12927: Include Hebrew translation into Tor Browser
Bug 21245: Add danish (da) translation
Update Tor Launcher to 0.2.16.3:
Bug 23136: Moat integration (fetch bridges for the user)
Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
Bug 26985: Help button icons missing
Bug 25509: Improve the proxy help text
Bug 26466: Remove sv-SE from tracking for releases
Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
Translations update
Update meek to 0.31:
Bug 26477: Make meek extension compatible with ESR 60
Bug 14952+24553: Enable HTTP2 and AltSvc:
Bug 25735: Tor Browser stalls while loading Facebook login page
OS X:
Bug 24136: After loading file:// URLs clicking on links is broken on OS X
Bug 24243: Tor Browser only renders HTML for local pages via file://
Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
BUILD SYSTEM:
All Platforms:
Bug 26362+26410: Use old MAR format for first ESR60-based stable
Bug 27020: RBM build fails with runc version 1.0.1
Bug 26949: Use GitHub repository for STIX
Bug 26773: Add --verbose to the ./mach build flag for firefox
Bug 26319: Don't package up Tor Browser in the `mach package` step
Bug 27178: Add support for xz compression in mar files
Clean up
OS X:
Bug 24632: Update macOS toolchain for ESR 60
Bug 9711: Build our own cctools for macOS cross-compilation
Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
Bug 26003: Clean up our mozconfig-osx-x86_64 file
Bug 26195: Use new cctools in our macosx-toolchain project
Bug 25975: Get a rust cross-compiler for macOS
Bug 26475: Disable Stylo to make macOS build reproducible
Bug 26489: Fix .app directory name in tools/dmg2mar

New in Tor Browser 8.0 Alpha 10 (Aug 20, 2018)

ALL PLATFORMS:
Update Tor to 0.3.4.6-rc
Update NoScript to 10.1.8.16
Bug 27082: Enable a limited UITour for user onboarding
Bug 26961: New user onboarding
Bug 17252: Enable TLS session identifiers with first-party isolation
Bug 26353: Prevent speculative connects that violate first-party isolation
Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
Bug 26456: HTTP .onion sites inherit previous page's certificate information
Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
Bug 26833: Backport Mozilla's bug 1473247
Bug 26628: Backport Mozilla's bug 1470156
Bug 26237: Clean up toolbar for ESR60-based Tor Browser
Bug 26519: Avoid Firefox icons in ESR60
Bug 26039: Load our preferences that modify extensions (fixup)
Bug 26515: Update Tor Browser blog post URLs
Bug 27129: Add locales ca, ga, id, is, nb
Bug 26216: Fix broken MAR file generation
Bug 26409: Remove spoofed locale implementation
Bug 26603: Remove obsolete HTTP pipelining preferences
Update Torbutton to 2.0.2:
Bug 26960: Implement new about:tor start page
Bug 26961: Implement new user onboarding
Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
Bug 26590: Use new svg.disabled pref in security slider
Bug 26655: Adjust color and size of onion button
Bug 26500: Reposition circuit display relay icon for RTL locales
Bug 26409: Remove spoofed locale implementation
Bug 26189: Remove content-policy.js
Bug 27129: Add locales ca, ga, id, is, nb
Translations update
Update Tor Launcher to 0.2.16.2:
Bug 26985: Help button icons missing
Bug 25509: Improve the proxy help text
Bug 27129: Add locales ca, ga, id, is, nb
Translations update
Update meek to 0.31:
Bug 26477: Make meek extension compatible with ESR 60
Bug 14952: Enable HTTP2 and AltSvc:
Bug 25735: Tor Browser stalls while loading Facebook login page
OS X:
Bug 26795: Bump snowflake to 6077141f4a for bug 25600
BUILD SYSTEM:
All:
Bug 26410: Stop using old MAR format in the alpha series
Bug 27020: RBM build fails with runc version 1.0.1
Bug 26949: Use GitHub repository for STIX
Bug 26773: Add --verbose to the ./mach build flag for firefox
Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
Bug 26319: Don't package up Tor Browser in the `mach package` step
OS X:
Bug 26489: Fix .app directory name in tools/dmg2mar

New in Tor Browser 8.0 Alpha 9 (Jun 28, 2018)

All platforms:
Update Firefox to 60.1.0esr
Update Tor to 0.3.4.2-alpha
Update Libevent to 2.1.8
Update Binutils to 2.26.1
Update HTTPS Everywhere to 2018.6.13
Update NoScript to 10.1.8.2
Bug 25543: Rebase Tor Browser patches for ESR60
Bug 23247: Show security state of .onions
Bug 26039: Load our preferences that modify extensions
Bug 17965: Isolate HPKP and HSTS to URL bar domain
Bug 26365: Add potential AltSvc support
Bug 26045: Add new MAR signing keys
Bug 22564: Hide Firefox Sync
Bug 25090: Disable updater telemetry
Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
Bug 26073: Migrate general.useragent.locale to intl.locale.requested
Bug 20628: Make Tor Browser available in da, he, sv-SE, and zh-TW
Bug 12927: Include Hebrew translation into Tor Browser
Bug 21245: Add danish (da) translation
Update Torbutton to 2.0.1:
Bug 26100: Adapt Torbutton to Firefox 60 ESR
Bug 26430: New Torbutton icon
Bug 24309: Move circuit display to the identity popup
Bug 26128: Adapt security slider to the WebExtensions version of NoScript
Bug 23247: Show security state of .onions
Bug 26129: Show our about:tor page on startup
Bug 26235: Hide new unusable items from help menu
Bug 26058: Remove workaround for hiding 'sign in to sync' button
Bug 20628: Add locales da, he, sv, and zh-TW
Translations update
Update Tor Launcher to 0.2.16.1:
Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
Bug 20890: Increase control port connection timeout
Bug 20628: Add more locales to Tor Browser
Translations update
OS X:
Bug 24052: Backport fix for bug 1412081 for better file:// handling
Bug 24136: After loading file:// URLs clicking on links is broken on OS X
Bug 24243: Tor Browser only renders HTML for local pages via file://
Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
Bug 24632: Disable snowflake for now until its build is fixed
Bug 26438: Remove broken seatbelt profiles
Build System:
All:
Bug 26362: Use old MAR format for first ESR60-based alpha
Clean up
OS X:
Bug 24632: Update macOS toolchain for ESR 60
Bug 9711: Build our own cctools for macOS cross-compilation
Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
Bug 26003: Clean up our mozconfig-osx-x86_64 file
Bug 26195: Use new cctools in our macosx-toolchain project
Bug 25975: Get a rust cross-compiler for macOS
Bug 26475: Disable Stylo to make macOS build reproducible

New in Tor Browser 7.5.6 (Jun 26, 2018)

New in Tor Browser 7.5.5 / 8.0 Alpha 8 (Jun 10, 2018)

New in Tor Browser 8.0 Alpha 7 (May 9, 2018)

New in Tor Browser 7.5.4 (May 9, 2018)

New in Tor Browser 8.0 Alpha 6 (Apr 19, 2018)

New in Tor Browser 8.0 Alpha 5 (Mar 26, 2018)

New in Tor Browser 7.5.3 (Mar 26, 2018)

New in Tor Browser 8.0 Alpha 4 (Mar 18, 2018)

New in Tor Browser 7.5.2 (Mar 17, 2018)

New in Tor Browser 8.0 Alpha 3 (Mar 15, 2018)

New in Tor Browser 7.5.1 (Mar 15, 2018)

New in Tor Browser 8.0 Alpha 2 (Feb 23, 2018)

New in Tor Browser 8.0 Alpha 1 (Jan 23, 2018)

New in Tor Browser 7.5 (Jan 23, 2018)

New in Tor Browser 7.5 Alpha 10 (Dec 19, 2017)

New in Tor Browser 7.5 Alpha 9 (Dec 10, 2017)

New in Tor Browser 7.0.11 (Dec 8, 2017)

New in Tor Browser 7.5 Alpha 8 (Nov 16, 2017)

New in Tor Browser 7.0.10 (Nov 15, 2017)

New in Tor Browser 7.5 Alpha 7 (Nov 4, 2017)

New in Tor Browser 7.0.9 (Nov 4, 2017)

New in Tor Browser 7.0.8 (Oct 25, 2017)

New in Tor Browser 7.5 Alpha 6 (Oct 21, 2017)

New in Tor Browser 7.0.7 (Oct 19, 2017)

New in Tor Browser 7.5 Alpha 5 (Sep 29, 2017)

New in Tor Browser 7.0.6 (Sep 26, 2017)

New in Tor Browser 7.0.5 (Sep 4, 2017)

New in Tor Browser 7.0.4 (Aug 8, 2017)

New in Tor Browser 7.5 Alpha 4 (Aug 8, 2017)

New in Tor Browser 7.5 Alpha 2 (Jul 8, 2017)

New in Tor Browser 7.0.2 (Jul 4, 2017)

New in Tor Browser 7.5 Alpha 1 (Jun 14, 2017)

ALL PLATFORMS:
Update Firefox to 52.2.0esr
Update Tor to 0.3.1.3-alpha
Update HTTPS-Everywhere to 5.2.18
Update NoScript to 5.0.5
Update sandboxed-tor-browser to 0.0.7
Bug 22362: NoScript's XSS filter freezes the browser
Bug 21766: Fix crash when the external application helper dialog is invoked
Bug 21886: Download is stalled in non-e10s mode
Bug 22333: Disable WebGL2 API for now
Bug 21861: Disable additional mDNS code to avoid proxy bypasses
Bug 21684: Don't expose navigator.AddonManager to content
Bug 21431: Clean-up system extensions shipped in Firefox 52
Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
Bug 16285: Don't ship ClearKey EME system and update EME preferences
Bug 21972: about:support is partially broken
Bug 21323: Enable Mixed Content Blocking
Bug 22415: Fix format error in our pipeline patch
Bug 21862: Rip out potentially unsafe Rust code
Bug 16485: Improve about:cache page
Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
Bug 22458: Fix broken `about:cache` page on higher security levels
Bug 18531: Uncaught exception when opening ip-check.info
Bug 18574: Uncaught exception when clicking items in Library
Bug 22327: Isolate Page Info media previews to first party domain
Bug 22452: Isolate tab list menuitem favicons to first party domain
Bug 15555: View-source requests are not isolated by first party domain
Bug 5293: Neuter fingerprinting with Battery API
Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
Bug 22468: Add default obfs4 bridges frosty and dragon
Update Torbutton to 1.9.7.4:
Bug 22542: Security Settings window too small on macOS 10.12
Bug 22104: Adjust our content policy whitelist for ff52-esr
Bug 22457: Allow resources loaded by view-source://
Bug 21627: Ignore HTTP 304 responses when checking redirects
Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
Translations update
Update Tor Launcher to 0.2.12.2:
Bug 22283: Linux 7.0a4 is broken after update due to unix: lines in torrc
Translations update
OS X:
Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0

New in Tor Browser 7.0.1 (Jun 13, 2017)

New in Tor Browser 7.0 (Jun 6, 2017)

ALL PLATFORMS:
Update Firefox to 52.1.2esr
Update Tor to 0.3.0.7
Update HTTPS-Everywhere to 5.2.17
Update NoScript to 5.0.5
Update Go to 1.8.3 (bug 22398)
Bug 21962: Fix crash on about:addons page
Bug 21766: Fix crash when the external application helper dialog is invoked
Bug 21886: Download is stalled in non-e10s mode
Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
Bug 21569: Add first-party domain to Permissions key
Bug 22165: Don't allow collection of local IP addresses
Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
Bug 13612: Disable Social API
Bug 10283: Disable SpeechSynthesis API
Bug 22333: Disable WebGL2 API for now
Bug 21861: Disable additional mDNS code to avoid proxy bypasses
Bug 21684: Don't expose navigator.AddonManager to content
Bug 21431: Clean-up system extensions shipped in Firefox 52
Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
Bug 16285: Don't ship ClearKey EME system and update EME preferences
Bug 21675: Spoof window.navigator.hardwareConcurrency
Bug 21792: Suppress MediaError.message
Bug 16337: Round times exposed by Animation API to nearest 100ms
Bug 21972: about:support is partially broken
Bug 21726: Keep Graphite support disabled
Bug 21323: Enable Mixed Content Blocking
Bug 21685: Disable remote new tab pages
Bug 21790: Disable captive portal detection
Bug 21686: Disable Microsoft Family Safety support
Bug 22073: Make sure Mozilla's experiments are disabled
Bug 21683: Disable newly added Safebrowsing capabilities
Bug 22071: Disable Kinto-based blocklist update mechanism
Bug 22415: Fix format error in our pipeline patch
Bug 22072: Hide TLS error reporting checkbox
Bug 20761: Don't ignore additional SocksPorts
Bug 21862: Rip out potentially unsafe Rust code
Bug 16485: Improve about:cache page
Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
Bug 21340: Identify and backport new patches from Firefox
Bug 22153: Fix broken feeds on higher security levels
Bug 22025: Fix broken certificate error pages on higher security levels
Bug 21887: Fix broken error pages on higher security levels
Bug 22458: Fix broken `about:cache` page on higher security levels
Bug 21876: Enable e10s by default on all supported platforms
Bug 21876: Always use esr policies for e10s
Bug 20905: Fix resizing issues after moving to a direct Firefox patch
Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
Bug 21885: SVG is not disabled in Tor Browser based on ESR52
Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
Bug 18531: Uncaught exception when opening ip-check.info
Bug 18574: Uncaught exception when clicking items in Library
Bug 22327: Isolate Page Info media previews to first party domain
Bug 22452: Isolate tab list menuitem favicons to first party domain
Bug 15555: View-source requests are not isolated by first party domain
Bug 3246: Double-key cookies
Bug 8842: Fix XML parsing error
Bug 5293: Neuter fingerprinting with Battery API
Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
Bug 19645: TBB zooms text when resizing browser window
Bug 19192: Untrust Blue Coat CA
Bug 19955: Avoid confusing warning that favicon load request got cancelled
Bug 20005: Backport fixes for memory leaks investigation
Bug 20755: ltn.com.tw is broken in Tor Browser
Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
Bug 20680: Rebase Tor Browser patches to 52 ESR
Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
Bug 22468: Add default obfs4 bridges frosty and dragon
Update Torbutton to 1.9.7.3:
Bug 22104: Adjust our content policy whitelist for ff52-esr
Bug 22457: Allow resources loaded by view-source://
Bug 21627: Ignore HTTP 304 responses when checking redirects
Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
Bug 21865: Update our JIT preferences in the security slider
Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
Bug 21745: Fix handling of catch-all circuit
Bug 21547: Fix circuit display under e10s
Bug 21268: e10s compatibility for New Identity
Bug 21267: Remove window resize implementation for now
Bug 21201: Make Torbutton multiprocess compatible
Translations update
Update Tor Launcher to 0.2.12.2:
Bug 22283: Linux 7.0a4 broken after update due to unix: lines in torrc
Bug 20761: Don't ignore additional SocksPorts
Bug 21920: Don't show locale selection dialog
Bug 21546: Mark Tor Launcher as multiprocess compatible
Bug 21264: Add a README file
Translations update
OS X:
Bug 21940: Don't allow privilege escalation during update
Bug 22044: Fix broken default search engine on macOS
Bug 21879: Use our default bookmarks on OSX
Bug 21779: Non-admin users can't access Tor Browser on macOS
Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
Bug 21931: Backport OSX SetupMacCommandLine updater fixes
Bug 15910: Don't download GMPs via the local fallback
BUILD SYSTEM - OS X:
Bug 21328: Updating to clang 3.8.0
Bug 21754: Remove old GCC toolchain and macOS SDK
Bug 19783: Remove unused macOS helper scripts
Bug 10369: Don't use old GCC toolchain anymore for utils
Bug 21753: Replace our old GCC toolchain in PT descriptor
Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
Bug 22328: Remove clang PIE wrappers

New in Tor Browser 7.0 Alpha 4 (May 16, 2017)

New in Tor Browser 7.0 Alpha 3 (Apr 20, 2017)

ALL PLATFORMS:
Update Firefox to 52.1.0esr
Tor to 0.3.0.5-rc
Update HTTPS-Everywhere to 5.2.14
Update NoScript to 5.0.2
Update Go to 1.7.5 (bug 21709)
Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
Bug 21887: Fix broken error pages on higher security levels
Bug 21876: Enable e10s by default on all supported platforms
Bug 21876: Always use esr policies for e10s
Bug 20905: Fix resizing issues after moving to a direct Firefox patch
Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
Bug 21885: SVG is not disabled in Tor Browser based on ESR52
Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
Bug 3246: Double-key cookies
Bug 8842: Fix XML parsing error
Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
Bug 19192: Untrust Blue Coat CA
Bug 19955: Avoid confusing warning that favicon load request got cancelled
Bug 20005: Backport fixes for memory leaks investigation
Bug 20755: ltn.com.tw is broken in Tor Browser
Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
Bug 20680: Rebase Tor Browser patches to 52 ESR
Bug 21917: Add new obfs4 bridges
Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
Update sandboxed-tor-browser to 0.0.5:
Bug 21764: Use bubblewrap's `--die-with-parent` when supported
Fix e10s Web Content crash on systems with grsec kernels
Bug 21928: Force a reinstall if an existing hardened bundle is present
Bug 21929: Remove hardened/ASAN related code
Bug 21927: Remove the ability to install/update the hardened bundle
Bug 21244: Update the MAR signing key for 7.0
Bug 21536: Remove asn's scramblesuit bridge from Tor Browser
Add `prlimit64` to the firefox system call whitelist
Fix compilation with Go 1.8
Use Config.Clone() to clone TLS configs when available
Update Torbutton to 1.9.7.2:
Bug 21865: Update our JIT preferences in the security slider
Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
Bug 21745: Fix handling of catch-all circuit
Bug 21547: Fix circuit display under e10s
Bug 21268: e10s compatibility for New Identity
Bug 21267: Remove window resize implementation for now
Bug 21201: Make Torbutton multiprocess compatible
Translations update
Update Tor Launcher to 0.2.12:
Bug 21920: Don't show locale selection dialog
Bug 21546: Mark Tor Launcher as multiprocess compatible
Bug 21264: Add a README file
Translations update
OS X:
Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
Bug 21931: Backport OSX SetupMacCommandLine updater fixes
BUILD SYSTEM:
Bug 21328: Updating to clang 3.8.0
Bug 21754: Remove old GCC toolchain and macOS SDK
Bug 19783: Remove unused macOS helper scripts
Bug 10369: Don't use old GCC toolchain anymore for utils
Bug 21753: Replace our old GCC toolchain in PT descriptor
Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+

New in Tor Browser 6.5.2 (Apr 19, 2017)

New in Tor Browser 7.0 Alpha 2 (Mar 7, 2017)

New in Tor Browser 6.5.1 (Mar 7, 2017)

New in Tor Browser 7.0 Alpha 1 (Jan 25, 2017)

New in Tor Browser 6.5 (Jan 24, 2017)

ALL PLATFORMS:
Update Firefox to 45.7.0esr
Tor to 0.2.9.9
OpenSSL to 1.0.2j
Update HTTPS-Everywhere to 5.2.9
Update NoScript to 2.9.5.3
Bug 16622: Spoof timezone with Firefox patch
Bug 17334: Spoof referrer when leaving a .onion domain
Bug 19273: Write C++ patch for external app launch handling
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
Bug 12523: Mark JIT pages as non-writable
Bug 20123: Always block remote jar files
Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
Bug 19164: Remove support for SHA-1 HPKP pins
Bug 19186: KeyboardEvents are only rounding to 100ms
Bug 16998: Isolate preconnect requests to URL bar domain
Bug 19478: Prevent millisecond resolution leaks in File API
Bug 20471: Allow javascript: links from HTTPS first party pages
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
Bug 20709: Fix wrong update URL in alpha bundles
Bug 19481: Point the update URL to aus1.torproject.org
Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
Bug 20442: Backport fix for local path disclosure after drag and drop
Bug 20160: Backport fix for broken MP3-playback
Bug 20043: Isolate SharedWorker script requests to first party
Bug 18923: Add script to run all Tor Browser regression tests
Bug 20651: DuckDuckGo does not work with JavaScript disabled
Bug 19336+19835: Enhance about:tbupdate page
Update Torbutton to 1.9.6.12:
Bug 16622: Timezone spoofing moved to tor-browser.git
Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
Bug 20701: Allow the directory listing stylesheet in the content policy
Bug 19837: Whitelist internal URLs that Firefox requires for media
Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
Bug 19273: Improve external app launch handling and associated warnings
Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
Bug 17767: Make "JavaScript disabled" more visible in Security Slider
Bug 20556: Use pt-BR strings from now on
Bug 20614: Add links to Tor Browser User Manual
Bug 20414: Fix non-rendering arrow on OS X
Bug 20728: Fix bad preferences.xul dimensions
Bug 19898: Use DuckDuckGo on about:tor
Bug 21091: Hide the update check menu entry when running under the sandbox
Bug 19459: Move resizing code to tor-browser.git
Bug 20264: Change security slider to 3 options
Bug 20347: Enhance security slider's custom mode
Bug 20123: Disable remote jar on all security levels
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 17546: Add tooltips to explain our privacy checkboxes
Bug 17904: Allow security settings dialog to resize
Bug 18093: Remove 'Restore Defaults' button
Bug 20373: Prevent redundant dialogs opening
Bug 20318: Remove helpdesk link from about:tor
Bug 21243: Add links for pt, es, and fr Tor Browser manuals
Bug 20753: Remove obsolete StartPage locale strings
Bug 21131: Remove 2016 donation banner
Bug 18980: Remove obsolete toolbar button code
Bug 18238: Remove unused Torbutton code and strings
Bug 20388+20399+20394: Code clean-up
Translation updates
Update Tor Launcher to 0.2.10.3:
Bug 19568: Set CurProcD for Thunderbird/Instantbird
Bug 19432: Remove special handling for Instantbird/Thunderbird
Translation updates
OS X:
Bug 20590: Badly resized window due to security slider notification bar on OS X
Bug 20439: Make the build PIE on OSX
BUILD SYSTEM:
All platforms:
Bug 20927: Upgrade Go to 1.7.4
Bug 20583: Make the downloads.json file reproducible
Bug 20133: Don't apply OpenSSL patch anymore
Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
Bug 18291: Remove some uses of libfaketime
Bug 18845: Make zip and tar helpers generate reproducible archives
OS X:
Bug 20258: Make OS X Tor archive reproducible again
Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
Bug 19856: Make OS X builds reproducible (getting libfaketime back)
Bug 19410: Fix incremental updates by taking signatures into account
Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

New in Tor Browser 6.5 Alpha 6 (Dec 14, 2016)

New in Tor Browser 6.0.8 (Dec 13, 2016)

New in Tor Browser 6.5 Alpha 5 (Dec 2, 2016)

New in Tor Browser 6.0.7 (Dec 1, 2016)

New in Tor Browser 6.5 Alpha 4 (Nov 16, 2016)

ALL PLATFORMS:
Update Firefox to 45.5.0esr
Update Tor to 0.2.9.5-alpha
Update OpenSSL to 1.0.2j
Update HTTPS-Everywhere to 5.2.7
Bug 20304: Support spaces and other special characters for SOCKS socket
Bug 20490: Fix assertion failure due to fix for #20304
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
Bug 20442: Backport fix for local path disclosure after drag and drop
Bug 20160: Backport fix for broken MP3-playback
Bug 20043: Isolate SharedWorker script requests to first party
Bug 20123: Always block remote jar files
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 19838: Add dgoulet's bridge and add another one commented out
Bug 19481: Point the update URL to aus1.torproject.org
Bug 20296: Rotate ports again for default obfs4 bridges
Bug 20651: DuckDuckGo does not work with JavaScript disabled
Bug 20399+15852: Code clean-up
Update meek to 0.25:
Bug 19646: Wrong location for meek browser profile on OS X
Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
Update Torbutton to 1.9.6.7:
Bug 20414: Add donation banner on about:tor for 2016 campaign
Bug 20111: use Unix domain sockets for SOCKS port by default
Bug 19459: Move resizing code to tor-browser.git
Bug 20264: Change security slider to 3 options
Bug 20347: Enhance security slider's custom mode
Bug 20123: Disable remote jar on all security levels
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 17546: Add tooltips to explain our privacy checkboxes
Bug 17904: Allow security settings dialog to resize
Bug 18093: Remove 'Restore Defaults' button
Bug 20373: Prevent redundant dialogs opening
Bug 20388+20399+20394: Code clean-up
Translation updates
Update Tor Launcher to 0.2.10.2:
Bug 20111: use Unix domain sockets for SOCKS port by default
Bug 20185: Avoid using Unix domain socket paths that are too long
Bug 20429: Do not open progress window if tor doesn't get started
Bug 19646: Wrong location for meek browser profile on OS X
Translation updates
OS X:
Bug 20204: Windows don't drag on macOS Sierra anymore
Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
Bug 20590: Badly resized window due to security slider notification bar on OS X
Bug 20439: Make the build PIE on OSX
BUILD SYSTEM:
All platforms:
Bug 20023: Upgrade Go to 1.7.3
Bug 20583: Make the downloads.json file reproducible
OS X:
Bug 20258: Make OS X Tor archive reproducible again
Bug 20184: Make OS X builds reproducible again
Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

New in Tor Browser 6.0.6 (Nov 15, 2016)

New in Tor Browser 6.5 Alpha 3 (Sep 20, 2016)

New in Tor Browser 6.0.5 (Sep 16, 2016)

New in Tor Browser 6.0.4 (Aug 16, 2016)

New in Tor Browser 6.5 Alpha 2 (Aug 3, 2016)

New in Tor Browser 6.0.2 (Jun 20, 2016)

New in Tor Browser 6.5 Alpha 1 (Jun 8, 2016)

ALL PLATFORMS:
Update Firefox to 45.2.0esr
Update Tor to 0.2.8.3-alpha
Update HTTPS-Everywhere to 5.1.9
Bug 19121: The update.xml hash should get checked during update
Bug 12523: Mark JIT pages as non-writable
Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
Bug 19164: Remove support for SHA-1 HPKP pins
Bug 19186: KeyboardEvents are only rounding to 100ms
Bug 18884: Don't build the loop extension
Bug 19187: Backport fix for crash related to popup menus
Bug 19212: Fix crash related to network panel in developer tools
Bug 18703: Fix circuit isolation issues on Page Info dialog
bug 19115: Tor Browser should not fall back to Bing as its search engine
Bug 18915+19065: Use our search plugins in localized builds
Bug 19176: Zip our language packs deterministically
Bug 18811: Fix first-party isolation for blobs URLs in Workers
Bug 18950: Disable or audit Reader View
Bug 18886: Remove Pocket
Bug 18619: Tor Browser reports "InvalidStateError" in browser console
Bug 18945: Disable monitoring the connected state of Tor Browser users
Bug 18855: Don't show error after add-on directory clean-up
Bug 18885: Disable the option of logging TLS/SSL key material
Bug 18770: SVGs should not show up on Page Info dialog when disabled
Bug 18958: Spoof screen.orientation values
Bug 19047: Disable Heartbeat prompts
Bug 18914: Use English-only label in tags
Bug 18996: Investigate server logging in esr45-based Tor Browser
Bug 17790: Add unit tests for keyboard fingerprinting defenses
Bug 18995: Regression test to ensure CacheStorage is disabled
Bug 18912: Add automated tests for updater cert pinning
Bug 16728: Add test cases for favicon isolation
Bug 18976: Remove some FTE bridges
Update meek to 0.22 (tag 0.22-18371-3):
Bug 18904: Mac OS: meek-http-helper profile not updated
Update Torbutton to 1.9.6:
Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
Bug 18905: Hide unusable items from help menu
Bug 17599: Provide shortcuts for New Identity and New Circuit
Bug 18980: Remove obsolete toolbar button code
Bug 18238: Remove unused Torbutton code and strings
Translation updates
Code clean-up
Update Tor Launcher to 0.2.9.3:
Bug 18947: Tor Browser is not starting on OS X if put into /Applications
OS X:
Bug 18951: HTTPS-E is missing after update
Bug 18904: meek-http-helper profile not updated
Bug 18928: Upgrade is not smooth (requires another restart)
BUILD SYSTEM:
All Platforms:
Bug 18333: Upgrade Go to 1.6.2
Bug 18919: Remove unused keys and unused dependencies
Bug 18291: Remove some uses of libfaketime
Bug 18845: Make zip and tar helpers generate reproducible archives

New in Tor Browser 6.0.1 (Jun 7, 2016)

New in Tor Browser 6.0 (May 30, 2016)

ALL PLATFORMS:
Update Firefox to 45.1.1esr
Update OpenSSL to 1.0.1t
Update HTTPS-Everywhere to 5.1.9
Update Torbutton to 1.9.5.4:
Bug 18466: Make Torbutton compatible with Firefox ESR 45
Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
Bug 18905: Hide unusable items from help menu
Bug 16017: Allow users to more easily set a non-tor SSH proxy
Bug 17599: Provide shortcuts for New Identity and New Circuit
Translation updates
Code clean-up
Update Tor Launcher to 0.2.9.3:
Bug 13252: Do not store data in the application bundle
Bug 18947: Tor Browser is not starting on OS X if put into /Applications
Bug 11773: Setup wizard UI flow improvements
Translation updates
Update meek to 0.22 (tag 0.22-18371-3):
Bug 18371: Symlinks are incompatible with Gatekeeper signing
Bug 18904: Mac OS: meek-http-helper profile not updated
Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
Bug 18900: Fix broken updater on Linux
Bug 19121: The update.xml hash should get checked during update
Bug 18042: Disable SHA1 certificate support
Bug 18821: Disable libmdns support for desktop and mobile
Bug 18848: Disable additional welcome URL shown on first start
Bug 14970: Exempt our extensions from signing requirement
Bug 16328: Disable MediaDevices.enumerateDevices
Bug 16673: Disable HTTP Alternative-Services
Bug 17167: Disable Mozilla's tracking protection
Bug 18603: Disable performance-based WebGL fingerprinting option
Bug 18738: Disable Selfsupport and Unified Telemetry
Bug 18799: Disable Network Tickler
Bug 18800: Remove DNS lookup in lockfile code
Bug 18801: Disable dom.push preferences
Bug 18802: Remove the JS-based Flash VM (Shumway)
Bug 18863: Disable MozTCPSocket explicitly
Bug 15640: Place Canvas MediaStream behind site permission
Bug 16326: Verify cache isolation for Request and Fetch APIs
Bug 18741: Fix OCSP and favicon isolation for ESR 45
Bug 16998: Disable for now
Bug 18898: Exempt the meek extension from the signing requirement as well
Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
Bug 18890: Test importScripts() for cache and network isolation
Bug 18886: Hide pocket menu items when Pocket is disabled
Bug 18703: Fix circuit isolation issues on Page Info dialog
bug 19115: Tor Browser should not fall back to Bing as its search engine
Bug 18915+19065: Use our search plugins in localized builds
Bug 19176: Zip our language packs deterministically
Bug 18811: Fix first-party isolation for blobs URLs in Workers
Bug 18950: Disable or audit Reader View
Bug 18886: Remove Pocket
Bug 18619: Tor Browser reports "InvalidStateError" in browser console
Bug 18945: Disable monitoring the connected state of Tor Browser users
Bug 18855: Don't show error after add-on directory clean-up
Bug 18885: Disable the option of logging TLS/SSL key material
Bug 18770: SVGs should not show up on Page Info dialog when disabled
Bug 18958: Spoof screen.orientation values
Bug 19047: Disable Heartbeat prompts
Bug 18914: Use English-only label in tags
Bug 18996: Investigate server logging in esr45-based Tor Browser
Bug 17790: Add unit tests for keyboard fingerprinting defenses
Bug 18995: Regression test to ensure CacheStorage is disabled
Bug 18912: Add automated tests for updater cert pinning
Bug 16728: Add test cases for favicon isolation
Bug 18976: Remove some FTE bridges
OS X:
Bug 6540: Support OS X Gatekeeper
Bug 13252: Tor Browser should not store data in the application bundle
Bug 18951: HTTPS-E is missing after update
Bug 18904: meek-http-helper profile not updated
Bug 18928: Upgrade is not smooth (requires another restart)
BUILD SYSTEM:
All Platforms:
Bug 18127: Add LXC support for building with Debian guest VMs
Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
Bug 18919: Remove unused keys and unused dependencies
OS X:
Bug 18331: Update toolchain for Firefox 45 ESR
Bug 18690: Switch to Debian Wheezy guest VMs

New in Tor Browser 6.0 Alpha 5 (Apr 28, 2016)

ALL PLATFORMS:
Update Firefox to 45.1.0esr
Update Tor to 0.2.8.2-alpha
Update HTTPS-Everywhere to 5.1.6
Update NoScript to 2.9.0.11
Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
Bug 18900: Fix broken updater on Linux
Bug 18042: Disable SHA1 certificate support
Bug 18821: Disable libmdns support for desktop and mobile
Bug 18848: Disable additional welcome URL shown on first start
Bug 14970: Exempt our extensions from signing requirement
Bug 16328: Disable MediaDevices.enumerateDevices
Bug 16673: Disable HTTP Alternative-Services
Bug 17167: Disable Mozilla's tracking protection
Bug 18603: Disable performance-based WebGL fingerprinting option
Bug 18738: Disable Selfsupport and Unified Telemetry
Bug 18799: Disable Network Tickler
Bug 18800: Remove DNS lookup in lockfile code
Bug 18801: Disable dom.push preferences
Bug 18802: Remove the JS-based Flash VM (Shumway)
Bug 18863: Disable MozTCPSocket explicitly
Bug 15640: Place Canvas MediaStream behind site permission
Bug 16326: Verify cache isolation for Request and Fetch APIs
Bug 18741: Fix OCSP and favicon isolation for ESR 45
Bug 16998: Disable for now
Bug 18898: Exempt the meek extension from the signing requirement as well
Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
Bug 18890: Test importScripts() for cache and network isolation
Bug 18726: Add new default obfs4 bridge (GreenBelt)
Update Torbutton to 1.9.5.3:
Bug 18466: Make Torbutton compatible with Firefox ESR 45
Translation updates
Update Tor Launcher to 0.2.9.1:
Bug 13252: Do not store data in the application bundle
Bug 10534: Don't advertise the help desk directly anymore
Translation updates
Update meek to 0.22 (tag 0.22-18371-2):
Bug 18371: Symlinks are incompatible with Gatekeeper signing
OS X:
Bug 6540: Support OS X Gatekeeper
Bug 13252: Tor Browser should not store data in the application bundle
BUILD SYSTEM:
Bug 18127: Add LXC support for building with Debian guest VMs
Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
Bug 18331: Update toolchain for Firefox 45 ESR
Bug 18690: Switch to Debian Wheezy guest VMs

New in Tor Browser 5.5.5 (Apr 26, 2016)

New in Tor Browser 5.5.4 (Mar 17, 2016)

New in Tor Browser 6.0 Alpha 4 (Mar 17, 2016)

New in Tor Browser 6.0 Alpha 3 (Mar 8, 2016)

New in Tor Browser 5.5.3 (Mar 8, 2016)

New in Tor Browser 6.0 Alpha 2 (Feb 15, 2016)

New in Tor Browser 5.5.2 (Feb 12, 2016)

New in Tor Browser 5.5.1 (Feb 5, 2016)

New in Tor Browser 6.0 Alpha 1 (Jan 27, 2016)

New in Tor Browser 5.5 (Jan 27, 2016)

New in Tor Browser 5.5 Alpha 6 (Jan 7, 2016)

New in Tor Browser 5.0.7 (Jan 6, 2016)

New in Tor Browser 5.5 Alpha 5 (Dec 18, 2015)

New in Tor Browser 5.0.6 (Dec 18, 2015)

New in Tor Browser 5.0.5 (Dec 16, 2015)

New in Tor Browser 5.0.4 (Nov 4, 2015)

New in Tor Browser 5.5 Alpha 4 (Nov 4, 2015)

New in Tor Browser 5.5 Alpha 3 (Sep 23, 2015)

New in Tor Browser 5.0.3 (Sep 23, 2015)

New in Tor Browser 5.5 Alpha 2 (Aug 28, 2015)

New in Tor Browser 5.0.2 (Aug 28, 2015)

New in Tor Browser 5.0.1 (Aug 18, 2015)

New in Tor Browser 5.5 Alpha 1 (Aug 12, 2015)

New in Tor Browser 5.0 (Aug 11, 2015)

ALL PLATFORMS:
Update Firefox to 38.2.0esr
Update OpenSSL to 1.0.1p
Update HTTPS-Everywhere to 5.0.7
Update NoScript to 2.6.9.34
Update meek to 0.20
Bug 16730: Prevent NoScript from updating the default whitelist
Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
Bug 16884: Prefer IPv6 when supported by the current Tor exit
Bug 16488: Remove "Sign in to Sync" from the browser menu
Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
Bug 15703: Isolate mediasource URIs and media streams to first party
Bug 16429+16416: Isolate blob URIs to first party
Bug 16632: Turn on the background updater and restart prompting
Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
Bug 16523: Fix in-browser JavaScript debugger
Bug 16236: Windows updater: avoid writing to the registry
Bug 16625: Fully disable network connection prediction
Bug 16495: Fix SVG crash when security level is set to "High"
Bug 13247: Fix meek profile error after bowser restarts
Bug 16005: Relax WebGL minimal mode
Bug 16300: Isolate Broadcast Channels to first party
Bug 16439: Remove Roku screencasting code
Bug 16285: Disabling EME bits
Bug 16206: Enforce certificate pinning
Bug 15910: Disable Gecko Media Plugins for now
Bug 13670: Isolate OCSP requests by first party domain
Bug 16448: Isolate favicon requests by first party
Bug 7561: Disable FTP request caching
Bug 6503: Fix single-word URL bar searching
Bug 15526: ES6 page crashes Tor Browser
Bug 16254: Disable GeoIP-based search results.
Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
Bug 13024: Disable DOM Resource Timing API
Bug 16340: Disable User Timing API
Bug 14952: Disable HTTP/2
Bug 1517: Reduce precision of time for Javascript
Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
Bug 16311: Fix navigation timing in ESR 38
Update Tor to 0.2.6.10 with patches:
Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name checks.
Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
Bug 15482: Don't allow circuits to change while a site is in use
Update Torbutton to 1.9.3.2
Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
Bug 16730: Reset NoScript whitelist on upgrade
Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
Bug 16268: Show Tor Browser logo on About page
Bug 16639: Check for Updates menu item can cause update download failure
Bug 15781: Remove the sessionstore filter
Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
Bug 16200: Update Cache API usage and prefs for FF38
Bug 16357: Use Mozilla API to wipe permissions db
Bug 14429: Make sure the automatic resizing is disabled
Translation updates
Update Tor Launcher to 0.2.7.7
Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
Bug 15145: Visually distinguish "proxy" and "bridge" screens.
Translation updates
MAC OS X:
Use OSX 10.7 SDK
Bug 16253: Tor Browser menu on OS X is broken with ESR 38
Bug 15773: Enable ICU on OS X
BUILD SYSTEM:
Bug 16351: Upgrade our toolchain to use GCC 5.1
Bug 15772 and child tickets: Update build system for Firefox 38
Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt

New in Tor Browser 5.0 Alpha 4 (Aug 4, 2015)

New in Tor Browser 5.0 Alpha 3 (Jul 7, 2015)

New in Tor Browser 4.5.3 (Jul 3, 2015)

New in Tor Browser 5.0 Alpha 2 (Jun 16, 2015)

New in Tor Browser 4.5.2 (Jun 16, 2015)

New in Tor Browser 5.0 Alpha 1 (May 13, 2015)

New in Tor Browser 4.5.1 (May 13, 2015)

New in Tor Browser 4.5 (Apr 28, 2015)

New in Tor Browser 4.0.8 (Apr 10, 2015)

New in Tor Browser 4.0.7 (Apr 9, 2015)

New in Tor Browser 4.0.6 (Apr 1, 2015)

New in Tor Browser 4.5 Alpha 5 (Apr 1, 2015)

ALL PLATFORMS:
Update Firefox to 31.6.0esr
Update OpenSSL to 1.0.1m
Update Tor to 0.2.6.6
Update NoScript to 2.6.9.19
Update HTTPS-Everywhere to 5.0
Update meek to 0.16
Update Tor Launcher to 0.2.7.3:
Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
Update Torbutton to 1.9.1.0:
Bug 9387: "Security Slider 1.0"
Include descriptions and tooltip hints for security levels
Notify users that the security slider exists
Flip slider so that "low" is on the bottom
Make use of new SVG and MathML prefs
Bug 13766: Set a 10 minute circuit lifespan for non-content requests
Bug 15460: Ensure FTP urls use content-window circuit isolation
Bug 13650: Clip initial window height to 1000px
Bug 14429: Ensure windows can only be resized to 200x100px multiples
Bug 15334: Display Cookie Protections menu if disk records are enabled
Bug 14324: Show HS circuit in Tor circuit display
Bug 15086: Handle RTL text in Tor circuit display
Bug 15085: Fix about:tor RTL text alignment problems
Bug 10216: Add a pref to disable the local tor control port test
Bug 14937: Show meek and flashproxy bridges in tor circuit display
Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
Bug 13019: Change locale hiding pref to boolean
Bug 7255: Warn users about maximizing windows
Bug 14631: Improve profile access error msgs (strings).
Pluggable Transport Dependency Updates:
Bug 15448: Use golang 1.4.2 for meek and obs4proxy
Bug 15265: Switch go.net repo to golang.org/x/net
Bug 14937: Hard-code meek and flashproxy node fingerprints
Bug 13019: Prevent Javascript from leaking system locale
Bug 10280: Improved fix to prevent loading plugins into address space
Bug 15406: Only include addons in incremental updates if they actually update
Bug 15029: Don't prompt to include missing plugins
Bug 12827: Create preference to disable SVG images (for security slider)
Bug 13548: Create preference to disable MathML (for security slider)
Bug 14631: Improve startup error messages for filesystem permissions issues
Bug 15482: Don't allow circuits to change while a site is in use

New in Tor Browser 4.0.5 (Mar 24, 2015)

New in Tor Browser 4.5 Alpha 4 (Feb 26, 2015)

ALL PLATFORMS:
Update Firefox to 31.5.0esr
Update Tor to 0.2.6.3-alpha
Update OpenSSL to 1.0.1l
Update NoScript to 2.6.9.15
Bug 14203: Prevent meek from displaying an extra update notification
Bug 14849: Remove new NoScript menu option to make permissions permanent
Bug 14851: Set NoScript pref to disable permanent permissions
Bug 14490: Make Disconnect the default omnibox search engine
Bug 11236: Fix omnibox order for non-English builds: Also remove Amazon, eBay and bing; add Youtube and Twitter
Bug 10280: Don't load any plugins into the address space.
Bug 14392: Make about:tor hide itself from the URL bar
Bug 12430: Provide a preference to disable remote jar: urls
Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
Bug 5698: Fix branding in "About Torbrowser" window
Update obfs4proxy to 0.0.4:
Use obfs4proxy for ScrambleSuit bridges
Update Torbutton to 1.9.0.0:
Bug 13882: Fix display of bridges after bridge settings have been changed
Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
Bug 10280: Strings and pref for preventing plugin initialization.
Bug 14866: Show correct circuit when more than one exists for a given domain
Bug 9442: Add New Circuit button to Torbutton menu
Bug 9906: Warn users before closing all windows and performing new identity.
Bug 8400: Prompt for restart if disk records are enabled/disabled.
Bug 14630: Hide Torbutton's proxy settings tab.
Bug 14632: Disable Cookie Manager until we get it working.
Bug 11175: Remove "About Torbutton" from onion menu.
Bug 13900: Remove remaining SafeCache code in favor of C++ patch
Bug 14490: Use Disconnect search in about:tor search box
Bug 14392: Don't steal input focus in about:tor search box
Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
Bug 13406: Stop directing users to download-easy.html.en on update
Bug 9387: Handle "custom" mode better in Security Slider
Bug 12430: Bind jar: pref to Security Slider
Bug 14448: Restore Torbutton menu operation on non-English localizations
Translation updates
Update Tor Launcher to 0.2.7.2:
Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
Bug 14336: Fix navigation button display issues on some wizard panes
Translation updates

New in Tor Browser 4.0.4 (Feb 26, 2015)

New in Tor Browser 4.5 Alpha 3 (Jan 19, 2015)

New in Tor Browser 4.0.3 (Jan 14, 2015)

New in Tor Browser 4.5 Alpha 2 (Dec 5, 2014)

New in Tor Browser 4.0.2 (Dec 3, 2014)

New in Tor Browser 4.5 Alpha 1 (Nov 25, 2014)

New in Tor Browser 4.0.1 (Nov 1, 2014)

New in Tor Browser 4.0 (Oct 16, 2014)

New in Tor Browser 4.0 Alpha 3 (Sep 26, 2014)

New in Tor Browser 3.6.6 (Sep 26, 2014)

New in Tor Browser 4.0 Alpha 2 (Sep 3, 2014)

New in Tor Browser 3.6.5 (Sep 3, 2014)

New in Tor Browser 4.0 Alpha 1 (Aug 11, 2014)

New in Tor Browser 3.6.4 (Aug 11, 2014)

New in Tor Browser 3.6.3 (Jul 26, 2014)

New in Tor Browser 3.6.2 (Jun 11, 2014)

New in Tor Browser 3.6.1 (May 8, 2014)

New in Tor Browser 3.6 (Apr 30, 2014)

New in Tor Browser 3.6 Beta 2 (Apr 12, 2014)

New in Tor Browser 3.5.4 (Apr 9, 2014)

New in Tor Browser 3.5.3 (Mar 20, 2014)

New in Tor Browser 3.6 Beta 1 (Mar 19, 2014)

New in Tor Browser 3.5.2.1 (Feb 17, 2014)

New in Tor Browser 3.5.2 (Feb 11, 2014)

New in Tor Browser 3.5.1 (Jan 25, 2014)

New in Tor Browser 3.5 (Dec 18, 2013)

New in Tor Browser 2.4.18 RC 1 (Dec 13, 2013)

New in Tor Browser 3.5 RC 1 (Dec 13, 2013)

New in Tor Browser 3.0 RC 1 (Nov 22, 2013)

New in Tor Browser 2.3.25-15 (Nov 19, 2013)

New in Tor Browser 3.0 Beta 1 (Nov 6, 2013)

New in Tor Browser 2.3.25-14 / 2.4.17 RC 1 (Nov 2, 2013)

New in Tor Browser 3.0 Alpha 4 (Sep 30, 2013)

New in Tor Browser 2.3.25-13 / 2.4.17 Beta 2 (Sep 21, 2013)

New in Tor Browser 2.4.17 Beta 1 (Sep 9, 2013)

New in Tor Browser 2.3.25-12 (Aug 13, 2013)

New in Tor Browser 2.4.16 Beta 1 (Aug 13, 2013)

New in Tor Browser 2.3.25-11 (Aug 9, 2013)

New in Tor Browser 2.4.15 Beta 1 (Jul 9, 2013)

New in Tor Browser 2.3.25-10 (Jun 27, 2013)

New in Tor Browser 2.4.12 Alpha 2 (May 14, 2013)

New in Tor Browser 2.3.25-8 (May 14, 2013)

New in Tor Browser 2.3.25-7 (May 14, 2013)

New in Tor Browser 2.4.12 Alpha 1 (Apr 30, 2013)

New in Tor Browser 2.4.11 Alpha 2 (Apr 5, 2013)

New in Tor Browser 2.3.25-6 (Apr 5, 2013)

New in Tor Browser 2.3.25-5 (Mar 14, 2013)

New in Tor Browser 2.3.25-4 (Feb 22, 2013)

Update Firefox to 17.0.3esr
Downgrade OpenSSL to 1.0.0k
Update libpng to 1.5.14
Update NoScript to 2.6.5.7
FIREFOX PATCH CHANGES:
Exempt remote @font-face fonts from font limits (and prefer them) (closes: #8270):
Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
they should not count towards our CSS font count limits. Moreover,
if a CSS font-family rule lists any remote fonts, those fonts are
preferred over the local fonts, so we do not reduce the font count
for that rule.
This vastly improves rendering and typography for many websites.
Disable WebRTC in Firefox build options. (closes: #8178):
WebRTC isn't slated to be enabled until Firefox 18, but the code
was getting compiled in already and is capable of creating UDP Sockets
and bypassing Tor. We disable it from build as a safety measure.
Move prefs.js into omni.ja and extension-overrides. (closes: #3944):
This causes our browser pref changes to appear as defaults. It also
means that future updates of TBB should preserve user pref settings.
Fix a use-after-free that caused crashing on MacOS (closes: #8234)
Eliminate several redundant, useless, and deprecated Firefox pref settings
Report Firefox 17.0 as the Tor Browser user agent
Use Firefox's click-to-play barrier for plugins instead of NoScript
Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms:
This fixes a SOCKS race condition with our SOCKS autoport configuration
and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
settings per URL now, which resulted in a proxy error for
check.torproject.org if we lost the race.
TORBUTTON WAS UPDATED TO 1.5.0. THE FOLLOWING ISSUES WERE FIXED:
Remove old toggle observers and related code (closes: #5279)
Simplify Security Preference UI and associated pref updates (closes: #3100)
Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
Leave most preferences under Tor Browser's control (closes: #3944)
Disable toggle-on-startup and crash detection logic (closes: #7974)
Disable/remove toggle-mode code and related observers (closes: #5379)
Add menu hint to Torbutton icon (closes: #6431)
Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
Perform version check every time there's a new tab. (closes: #6096)
Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
misc: Allow WebGL and DOM storage.
misc: Disable independent Torbutton updates
misc: Change the recommended SOCKSPort to 9150 (to match TBB)
THE FOLLOWING FIREFOX PATCH CHANGES ARE ALSO INCLUDED IN THIS RELEASE:
Isolate image cache to url bar domain (closes: #5742 and #6539)
Enable DOM storage and isolate it to url bar domain (closes: #6564)
Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
Misc preference changes:
Disable DOM performance timers (dom.enable_performance) (closes: #6204)
Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)

New in Tor Browser 2.4.10 Alpha 2 (Feb 22, 2013)

Update Firefox to 17.0.3esr
Downgrade OpenSSL to 1.0.0k
Update libpng to 1.5.14
Update NoScript to 2.6.5.7
FIREFOX PATCH CHANGES:
Exempt remote @font-face fonts from font limits (and prefer them) (closes: #8270):
Remote fonts (aka "User Fonts") are not a fingerprinting threat, so they should not count towards our CSS font count limits. Moreover, if a CSS font-family rule lists any remote fonts, those fonts are preferred over the local fonts, so we do not reduce the font count for that rule.
This vastly improves rendering and typography for many websites.
Disable WebRTC in Firefox build options (closes: 8178):
WebRTC isn't slated to be enabled until Firefox 18, but the code was getting compiled in already and is capable of creating UDP Sockets and bypassing Tor. We disable it from build as a safety measure.
Move prefs.js into omni.ja and extension-overrides (closes: 3944):
This causes our browser pref changes to appear as defaults. It also means that future updates of TBB should preserve user pref settings.
Fix a use-after-free that caused crashing on MacOS (closes: 8234)
Eliminate several redundant, useless, and deprecated Firefox pref settings
Report Firefox 17.0 as the Tor Browser user agent
Use Firefox's click-to-play barrier for plugins instead of NoScript
Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms:
This fixes a SOCKS race condition with our SOCKS autoport configuration and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy settings per URL now, which resulted in a proxy error for check.torproject.org if we lost the race.
TORBUTTON WAS UPDATED TO 1.5.0. THE FOLLOWING ISSUES WERE FIXED:
Remove old toggle observers and related code (closes: #5279)
Simplify Security Preference UI and associated pref updates (closes: #3100)
Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
Leave most preferences under Tor Browser's control (closes: #3944)
Disable toggle-on-startup and crash detection logic (closes: #7974)
Disable/remove toggle-mode code and related observers (closes: #5379)
Add menu hint to Torbutton icon (closes: #6431)
Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
Perform version check every time there's a new tab. (closes: #6096)
Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
misc: Allow WebGL and DOM storage.
misc: Disable independent Torbutton updates
misc: Change the recommended SOCKSPort to 9150 (to match TBB)

New in Tor Browser 2.4.10 Alpha 1 (Feb 8, 2013)

New in Tor Browser 2.3.25-3 (Feb 8, 2013)

New in Tor Browser 2.4.9 Alpha 1 (Jan 29, 2013)

New in Tor Browser 2.4.7 Alpha 1 (Jan 7, 2013)

New in Tor Browser 2.3.25-2 (Jan 7, 2013)

New in Tor Browser 2.4.6 Alpha 2 (Dec 4, 2012)

New in Tor Browser 2.3.25-1 (Dec 4, 2012)

New in Tor Browser 2.2.39-5 (Oct 30, 2012)

New in Tor Browser 2.3.24 Alpha 1 (Oct 30, 2012)

New in Tor Browser 2.2.39-4 (Oct 23, 2012)

New in Tor Browser 2.3.23 Alpha 1 (Oct 23, 2012)

New in Tor Browser 2.2.39-3 (Oct 15, 2012)

New in Tor Browser 2.2.39-2 (Oct 15, 2012)

New in Tor Browser 2.3.22 Alpha 1 (Sep 13, 2012)

New in Tor Browser 2.2.39-1 (Sep 12, 2012)

New in Tor Browser 2.3.20 Alpha 1 (Aug 20, 2012)

New in Tor Browser 2.2.38-1 (Aug 20, 2012)

New in Tor Browser 2.3.19 Alpha 1 (Jul 30, 2012)

New in Tor Browser 2.2.37-2 (Jul 30, 2012)

New in Tor Browser 2.2.37-1 (Jun 12, 2012)

New in Tor Browser 2.2.36-1 (Jun 5, 2012)

New in Tor Browser 2.2.35-12 (May 14, 2012)

New in Tor Browser 2.2.35-11 (May 4, 2012)

New in Tor Browser 2.2.35-10 (May 1, 2012)

New in Tor Browser 2.2.35-9.1 (Apr 30, 2012)

New in Tor Browser 2.2.35-8 (Mar 19, 2012)

New in Tor Browser 2.2.35-7.1 (Feb 20, 2012)

New in Tor Browser 2.2.35-6 (Feb 15, 2012)

New in Tor Browser 2.2.35-5 Beta (Feb 15, 2012)

New in Tor Browser 2.2.35-1 Beta (Dec 17, 2011)

New in Tor Browser 2.2.34-1 Beta (Nov 3, 2011)