* [NEW] force_https setting and https command to force a given domain
to always use HTTPS
* [NEW] Use force_https to provide a preloaded HSTS list to help avoid
the ssl stripping attack. Sites in this list are taken from
Chromium's preloaded HSTS list, and additional domains added by the
* [NEW] Added an about:runtime page and :runtime command to view and
change runtime settings
* [NEW] Added a link to view the cached HTTPS certificate in addition
to the new remote certificate
* [NEW] Added a new setting, gnutls_priority_string, to modify the
GnuTLS priority string that it used by glib-networking. This may be
used to fix sites that break when the browser advertises newer TLS
versions, and enable or disable specific ciphersuites. This has no
effect with glib-networking versions < 2.33.10.
* [NEW] Modify the about:favorites page to remove the X links to
remove links. A new favedit command has been added to show the Rm
* [NEW] Added a special 'unbind' keybinding action to remove any
previously bound actions to a keybinding.
* Add a workaround to fix a GTK focus bug until it has been fixed
upstream (see https://bugzilla.gnome.org/show_bug.cgi?id=677329)
* Each tab now owns its own session key for internal xombrero links,
instead of a session key for the type of operation. Session keys
are destroyed after they are no longer needed. This prevents rogue
sites from even being able to correctly guess a sesion key to run an
internal xombrero command.
* Fix several issues that were the result of our back/forward
handling. Reloading pages should now always work after loading a
page from an about page (for example, about:favorites).
data:) when following links. This measure is to prevent against
bait-and-switch attacks (see http://lcamtuf.coredump.cx/switch/ for
* Fix the following of clicking links when they attempt to open in a
new tab (target="_blank"), whitelist mode is enabled, and the
* Make middle clicking in the command and hinting prompt paste from
the PRIMARY clipboard
* Make the GTK3 tabs even smaller (like how they were in the GTK2
* Prevent tabs from growing to twice their height when using P
(pasteurinew) to paste a link with a newline at the end.
* Fix the background of insensitive icons in context menues by
coloring their backgrounds transparent.
* Modify the reminder message on about:about so it's clear the browser
must be restarted.
* Modify the about:allthethings output to a more C-like syntax
* Remove the usage of relying on some deprecated webkitgtk signals
* Fix some build issues with FreeBSD and Linux
* Prevent spitting out warnings of deprecated gcrypt functions when
* Prevent a crash when using editsrc on about:blank or any other blank
* Many various code cleanups
The way domains and subdomains of whitelist items are handled has been
changed. In previous versions, whitelisting example.com would
automatically expand to .example.com (which matches example.com and
all subdomains). This has been fixed in this version. If your
xombrero configuration includes whitelists without a leading period,
and you intend for subdomains to also be included in the whitelist,
you will need to manually update your configuration to add the leading