xombrero Changelog

What's new in xombrero 1.6.3

Jul 12, 2013
  • Perform bounds checking for ints and use correct types for float config inputs.
  • Remove all float equality comparisons.
  • Verify a DOM node is a valid HTML document in focus code (webkitgtk 2.0.0+ only).
  • Fix order of fetching remote cert to prevent incorrect warning.
  • Add signal handler to deny all HTML5 geolocation requests.
  • Fix shlib hooking on Windows to allow persistent cookies.
  • Sync hsts-preload with Chromium.
  • Fix memory leak when adding to the force_https whitelist.
  • Mention plwl about page in manpage.
  • Remove unused directories from Makefiles.

New in xombrero 1.6.1 (Jun 27, 2013)

  • Switch link hinting to be case insensitive
  • Support :favadd [title] to set a custom title for favorites
  • Close tab when press and releasing X, not just a press down
  • Fix several memory issues found by clang's static analyzer
  • Sync hsts-preload with Chromium
  • Cleanup manpage to be more consistent

New in xombrero 1.6.0 (Jun 13, 2013)

  • Added new config option, js_auto_open_windows, to control whether Javascript is able to open new tabs (popup windows). Defaults to 1.
  • Allow saving cert directly from :cert show page.
  • Add support for libsoup's new proxy resolver (supports socks directly, requires libsoup 2.42.2+).
  • Fixed HTTPS cert fetching to not send an additional GET request with arguments.
  • Plugged many memory leaks and fixed various other memory issues.
  • Added IPv6 unicast address to list of addresses excluded from proxy.
  • Removed mentions of xombrero from example Google search strings.
  • Synced preloaded HSTS with chromium.

New in xombrero 1.5.0 (Jun 13, 2013)

  • Fixed a privacy leak caused by using a separate gnutls tls connection to grab remote HTTPS certificates which ignored http_proxy
  • Disabled/removed threading since gnutls sideband thread is no longer necessary
  • Added command to increment/decrement page numbers in URLs
  • Added enable_cache setting to enable/disable cache (disabled by default)
  • Plugged some memory leaks
  • Fixed some warnings and bugs caused by GTK 3.8
  • Various Makefile fixes for all platforms
  • Fixed typo in manpage

New in xombrero 1.4.0 (Jun 13, 2013)

  • Add regex support to whitelists
  • Implement header changes
  • Actually track the header files
  • Make all new tabs open in new windows in tabless mode
  • Use DDG's default site (js) in example config
  • Fix for FS273
  • Fix for FS387
  • Sync preloaded HSTS with chromium
  • Install xombrero.desktop. Fixes FS384.
  • Initialize cookie whitelist. Fixes FS388.
  • Kill whitespace in aliases. Fixes FS240.
  • Add a button to the toolbar to toggle the proxy
  • add tor icon toggle for proxy
  • fix icon apearing when http_proxy is set

New in xombrero 1.3.0 Beta (Aug 30, 2012)

  • [NEW] force_https setting and https command to force a given domain to always use HTTPS
  • [NEW] Use force_https to provide a preloaded HSTS list to help avoid the ssl stripping attack. Sites in this list are taken from Chromium's preloaded HSTS list, and additional domains added by the xombrero authors.
  • [NEW] Added an about:runtime page and :runtime command to view and change runtime settings
  • [NEW] Added a link to view the cached HTTPS certificate in addition to the new remote certificate
  • [NEW] Added a new setting, gnutls_priority_string, to modify the GnuTLS priority string that it used by glib-networking. This may be used to fix sites that break when the browser advertises newer TLS versions, and enable or disable specific ciphersuites. This has no effect with glib-networking versions < 2.33.10.
  • [NEW] Modify the about:favorites page to remove the X links to remove links. A new favedit command has been added to show the Rm links.
  • [NEW] Added a special 'unbind' keybinding action to remove any previously bound actions to a keybinding.
  • Add a workaround to fix a GTK focus bug until it has been fixed upstream (see [url]https://bugzilla.gnome.org/show_bug.cgi?id=677329)[/url]
  • Each tab now owns its own session key for internal xombrero links, instead of a session key for the type of operation. Session keys are destroyed after they are no longer needed. This prevents rogue sites from even being able to correctly guess a sesion key to run an internal xombrero command.
  • Fix several issues that were the result of our back/forward handling. Reloading pages should now always work after loading a page from an about page (for example, about:favorites).
  • Prevent the loading of unsafe uris (for example, javascript: or data:) when following links. This measure is to prevent against bait-and-switch attacks (see [url]http://lcamtuf.coredump.cx/switch/[/url] for an example).
  • Fix the following of clicking links when they attempt to open in a new tab (target="_blank"), whitelist mode is enabled, and the current site is not in the javascript whitelist.
  • Make middle clicking in the command and hinting prompt paste from the PRIMARY clipboard
  • Make the GTK3 tabs even smaller (like how they were in the GTK2 version)
  • Prevent tabs from growing to twice their height when using P (pasteurinew) to paste a link with a newline at the end.
  • Fix the background of insensitive icons in context menues by coloring their backgrounds transparent.
  • Modify the reminder message on about:about so it's clear the browser must be restarted.
  • Modify the about:allthethings output to a more C-like syntax
  • Remove the usage of relying on some deprecated webkitgtk signals
  • Fix some build issues with FreeBSD and Linux
  • Prevent spitting out warnings of deprecated gcrypt functions when building
  • Prevent a crash when using editsrc on about:blank or any other blank page Many various code cleanups