Conformal Systems Support

Please bring new discussion to Github

You are not logged in.

#1 2012-08-28 13:20:18

marco
Administrator
Registered: 2010-08-20
Posts: 477

xombrero 1.3.0 released!

* [NEW] force_https setting and https command to force a given domain
  to always use HTTPS
* [NEW] Use force_https to provide a preloaded HSTS list to help avoid
  the ssl stripping attack.  Sites in this list are taken from
  Chromium's preloaded HSTS list, and additional domains added by the
  xombrero authors.
* [NEW] Added an about:runtime page and :runtime command to view and
  change runtime settings
* [NEW] Added a link to view the cached HTTPS certificate in addition
  to the new remote certificate
* [NEW] Added a new setting, gnutls_priority_string, to modify the
  GnuTLS priority string that it used by glib-networking.  This may be
  used to fix sites that break when the browser advertises newer TLS
  versions, and enable or disable specific ciphersuites.  This has no
  effect with glib-networking versions < 2.33.10.
* [NEW] Modify the about:favorites page to remove the X links to
  remove links.  A new favedit command has been added to show the Rm
  links.
* [NEW] Added a special 'unbind' keybinding action to remove any
  previously bound actions to a keybinding.
* Add a workaround to fix a GTK focus bug until it has been fixed
  upstream (see https://bugzilla.gnome.org/show_bug.cgi?id=677329)
* Each tab now owns its own session key for internal xombrero links,
  instead of a session key for the type of operation.  Session keys
  are destroyed after they are no longer needed.  This prevents rogue
  sites from even being able to correctly guess a sesion key to run an
  internal xombrero command.
* Fix several issues that were the result of our back/forward
  handling.  Reloading pages should now always work after loading a
  page from an about page (for example, about:favorites).
* Prevent the loading of unsafe uris (for example, javascript: or
  data:) when following links.  This measure is to prevent against
  bait-and-switch attacks (see http://lcamtuf.coredump.cx/switch/ for
  an example).
* Fix the following of clicking links when they attempt to open in a
  new tab (target="_blank"), whitelist mode is enabled, and the
  current site is not in the javascript whitelist.
* Make middle clicking in the command and hinting prompt paste from
  the PRIMARY clipboard
* Make the GTK3 tabs even smaller (like how they were in the GTK2
  version)
* Prevent tabs from growing to twice their height when using P
  (pasteurinew) to paste a link with a newline at the end.
* Fix the background of insensitive icons in context menues by
  coloring their backgrounds transparent.
* Modify the reminder message on about:about so it's clear the browser
  must be restarted.
* Modify the about:allthethings output to a more C-like syntax
* Remove the usage of relying on some deprecated webkitgtk signals
* Fix some build issues with FreeBSD and Linux
* Prevent spitting out warnings of deprecated gcrypt functions when
  building
* Prevent a crash when using editsrc on about:blank or any other blank
  page
* Many various code cleanups


**Upgrading Notice**

The way domains and subdomains of whitelist items are handled has been
changed.  In previous versions, whitelisting example.com would
automatically expand to .example.com (which matches example.com and
all subdomains).  This has been fixed in this version.  If your
xombrero configuration includes whitelists without a leading period,
and you intend for subdomains to also be included in the whitelist,
you will need to manually update your configuration to add the leading
periods.

Offline

Board footer

Powered by FluxBB