What's new in xombrero 1.6.3
Jul 12, 2013
- Perform bounds checking for ints and use correct types for float config inputs.
- Remove all float equality comparisons.
- Verify a DOM node is a valid HTML document in focus code (webkitgtk 2.0.0+ only).
- Fix order of fetching remote cert to prevent incorrect warning.
- Add signal handler to deny all HTML5 geolocation requests.
- Fix shlib hooking on Windows to allow persistent cookies.
- Sync hsts-preload with Chromium.
- Fix memory leak when adding to the force_https whitelist.
- Mention plwl about page in manpage.
- Remove unused directories from Makefiles.
New in xombrero 1.6.1 (Jun 27, 2013)
- Switch link hinting to be case insensitive
- Support :favadd [title] to set a custom title for favorites
- Close tab when press and releasing X, not just a press down
- Fix several memory issues found by clang's static analyzer
- Sync hsts-preload with Chromium
- Cleanup manpage to be more consistent
New in xombrero 1.6.0 (Jun 13, 2013)
- Added new config option, js_auto_open_windows, to control whether Javascript is able to open new tabs (popup windows). Defaults to 1.
- Allow saving cert directly from :cert show page.
- Add support for libsoup's new proxy resolver (supports socks directly, requires libsoup 2.42.2+).
- Fixed HTTPS cert fetching to not send an additional GET request with arguments.
- Plugged many memory leaks and fixed various other memory issues.
- Added IPv6 unicast address to list of addresses excluded from proxy.
- Removed mentions of xombrero from example Google search strings.
- Synced preloaded HSTS with chromium.
New in xombrero 1.5.0 (Jun 13, 2013)
- Fixed a privacy leak caused by using a separate gnutls tls connection to grab remote HTTPS certificates which ignored http_proxy
- Disabled/removed threading since gnutls sideband thread is no longer necessary
- Added command to increment/decrement page numbers in URLs
- Added enable_cache setting to enable/disable cache (disabled by default)
- Plugged some memory leaks
- Fixed some warnings and bugs caused by GTK 3.8
- Various Makefile fixes for all platforms
- Fixed typo in manpage
New in xombrero 1.4.0 (Jun 13, 2013)
- Add regex support to whitelists
- Implement header changes
- Actually track the header files
- Make all new tabs open in new windows in tabless mode
- Use DDG's default site (js) in example config
- Fix for FS273
- Fix for FS387
- Sync preloaded HSTS with chromium
- Install xombrero.desktop. Fixes FS384.
- Initialize cookie whitelist. Fixes FS388.
- Kill whitespace in aliases. Fixes FS240.
- Add a button to the toolbar to toggle the proxy
- add tor icon toggle for proxy
- fix icon apearing when http_proxy is set
New in xombrero 1.3.0 Beta (Aug 30, 2012)
- [NEW] force_https setting and https command to force a given domain to always use HTTPS
- [NEW] Use force_https to provide a preloaded HSTS list to help avoid the ssl stripping attack. Sites in this list are taken from Chromium's preloaded HSTS list, and additional domains added by the xombrero authors.
- [NEW] Added an about:runtime page and :runtime command to view and change runtime settings
- [NEW] Added a link to view the cached HTTPS certificate in addition to the new remote certificate
- [NEW] Added a new setting, gnutls_priority_string, to modify the GnuTLS priority string that it used by glib-networking. This may be used to fix sites that break when the browser advertises newer TLS versions, and enable or disable specific ciphersuites. This has no effect with glib-networking versions < 2.33.10.
- [NEW] Modify the about:favorites page to remove the X links to remove links. A new favedit command has been added to show the Rm links.
- [NEW] Added a special 'unbind' keybinding action to remove any previously bound actions to a keybinding.
- Add a workaround to fix a GTK focus bug until it has been fixed upstream (see [url]https://bugzilla.gnome.org/show_bug.cgi?id=677329)[/url]
- Each tab now owns its own session key for internal xombrero links, instead of a session key for the type of operation. Session keys are destroyed after they are no longer needed. This prevents rogue sites from even being able to correctly guess a sesion key to run an internal xombrero command.
- Fix several issues that were the result of our back/forward handling. Reloading pages should now always work after loading a page from an about page (for example, about:favorites).
- Prevent the loading of unsafe uris (for example, javascript: or data:) when following links. This measure is to prevent against bait-and-switch attacks (see [url]http://lcamtuf.coredump.cx/switch/[/url] for an example).
- Fix the following of clicking links when they attempt to open in a new tab (target="_blank"), whitelist mode is enabled, and the current site is not in the javascript whitelist.
- Make middle clicking in the command and hinting prompt paste from the PRIMARY clipboard
- Make the GTK3 tabs even smaller (like how they were in the GTK2 version)
- Prevent tabs from growing to twice their height when using P (pasteurinew) to paste a link with a newline at the end.
- Fix the background of insensitive icons in context menues by coloring their backgrounds transparent.
- Modify the reminder message on about:about so it's clear the browser must be restarted.
- Modify the about:allthethings output to a more C-like syntax
- Remove the usage of relying on some deprecated webkitgtk signals
- Fix some build issues with FreeBSD and Linux
- Prevent spitting out warnings of deprecated gcrypt functions when building
- Prevent a crash when using editsrc on about:blank or any other blank page Many various code cleanups