What's new in HTTPS Everywhere for Firefox 2022.5.24
Oct 17, 2023
- Improved EASE mode prompt
- Add background tab on install or update to educate users on HTTPS only mode features in their browsers
- Updated dependencies
New in HTTPS Everywhere for Firefox 2021.7.13 (Jul 14, 2021)
- Amend Incognito Key for Chrome and Firefox #20092
- Fix unexpected arithmetic operations on strings #20043
- Remove Top Alexa Labeller #20083
- Update deprecated log function #20101
- Patch Chrome Test Failure #20102
New in HTTPS Everywhere for Firefox 2021.4.15 (Apr 15, 2021)
- Add DuckDuckGo Smarter Encryption update channel
- Bloom filter for rulesets
- Firefox Fenix option page updates for Android users
- Move to Python 3 from Python 3.6
- Fix undefined type access
- Fix empty default types
New in HTTPS Everywhere for Firefox 2021.1.27 (Jan 28, 2021)
- EASE Mode UI Changes
- NPM Dependency updates
- Geckodriver pull update
- Chromedriver pull update
- Integrate CSS Grid for Options Page and EASE UI
- Put Options in new tab
New in HTTPS Everywhere for Firefox 2020.8.13 (Aug 19, 2020)
- Fix port based whitelsiting issue #19291
- Update documentation
- Update dependencies (NPM and Chromedriver)
- Minor code fixes in JS
New in HTTPS Everywhere for Firefox 2020.5.19 (May 20, 2020)
- Reverting Onboarding page for the time being
- Patch for whitelisting rules and EASE mode issue
- Double rule load patch in update channels
- Fix minor JS and UX issues
New in HTTPS Everywhere for Firefox 2020.3.16 (Mar 27, 2020)
- EASE HTTP Once CSS fix
- Allow users to whitelist hosts from the option page
- EASE mode fixes for locale issue
- Fetch Test Prep, TLS 1.2 update
- Fetch Test Prep, Updated check rules script
- Fix options page appearance on Firefox when dark mode is on
- Dark mode adjustments
New in HTTPS Everywhere for Firefox 2019.11.7 (Nov 12, 2019)
- EASE HTTP Once Exception
- Add Private network IPs to exclusion for HTTPSE
- Revert icons back to previous state
- Optimizations to url handling and hsts prune
New in HTTPS Everywhere for Firefox 2019.6.27 (Jul 5, 2019)
- Making stylistic changes for mobile friendliness in Fennec
- Inclusion and use of the lib-wasm submodule, lowering memory overhead
- Refactor secure cookie logic
- Code cleanup
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2019.6.4 (Jul 5, 2019)
- Fix bug where link HTML is replaced in cancel page, instead of text
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2019.5.13 (Jul 5, 2019)
- UI nd functionality patches for stable rules
- Translations string fixes
- Minor npm updates for HSTS pruning
New in HTTPS Everywhere for Firefox 2019.5.6 (Jul 5, 2019)
- UI tweaks for spacing and font sizes
- Fix reload bug
- Patch for offline release channel
New in HTTPS Everywhere for Firefox 2019.5.2 (Jul 5, 2019)
- UI changes in extension menu (#17854)
- EASE interstitial UI tweaks (#17347)
- Remove support for wildcard in the middle (#12319)
- Update default timestamp for deterministic builds (#17623)
- Refactor and enhance trivialize-cookie-rules.js (#17438)
- Run HSTS-prune and fix impacted rulesets (#17338)
- Update HSTS preload max age (#17564)
- Fix DeprecationWarning in HTTPS Everywhere Checker (#17596 )
- Fix Chromium local store exception (#17557)
- Remove middle wildcard support in rules.js (#17715)
New in HTTPS Everywhere for Firefox 2019.1.31 (Feb 1, 2019)
- Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
- EASE mode patches for interstitial page and reload to trigger for EASE mode
- ES Lint clean up
- Disable test for Chrome (will work in patch while disabled)
- Deprecate I.P.s in rulesets (Special case for DNS I.P.s)
New in HTTPS Everywhere for Firefox 2019.1.7 (Jan 8, 2019)
- Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
- Amend check_rules.py fetch test to disable rules only if all rules are problematic, and comment rules out if other rules are functional in the set
- HSTS Prune and updates
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.9.19 (Sep 20, 2018)
- Ensure the 'Block all unencrypted requests' interstitial page catches more HTTPS misconfigurations (#16418)
- Allow users to disable HTTPS Everywhere on specific sites. Add additional UX controls in the options page for this. (#10041)
- Adding 'scope' to update channels, which defines regex limiting the URLs an update channel is allowed to operate on (#16430)
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.8.22 (Aug 23, 2018)
- Adding a warning to pages which 'Block all unencrypted requests' is unable to upgrade
- Adding a UX that enables users to add, delete, and edit update channels
- Reduces memory overhead by optimizing exclusion regex
- Block insecure FTP connections when 'Block all unencrypted requests' is checked
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.6.21 (Jun 22, 2018)
- Fix: URLs with a hostname of '.' cause endless loop to be triggered
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.6.13 (Jun 14, 2018)
- Improve popup page performance and slightly reduce memory usage
- Measure and slightly improve memory usage for rulesets
- Fix CORS issues in Firefox. This bug was previously breaking embedded videos or css on many websites. Chrome browser was not affected by this bug
- Add "Reset to Defaults" option to reset the default ruleset states
- Add "Show Devtools tab" option to hide CDT tab
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.4.11 (Apr 12, 2018)
- Reduce out-of-band ruleset update TTL from 48 to 24 hours
- Bundled ruleset updates
New in HTTPS Everywhere for Firefox 2018.4.3 (Apr 4, 2018)
- Applies the out-of-band ruleset updates, sourced from https://www.https-rulesets.org/. Clients perform a periodic check for new rulesets to download, which are verified with the Web Crypto API using a pinned key, then applied.
- Ruleset updates
New in HTTPS Everywhere for Firefox 2018.3.13 (Mar 14, 2018)
- The unused `cacert` platform was removed from rulesets for simplicity
- * Organizing the add-on files into a clean directory structure
- * Ruleset updates
New in HTTPS Everywhere for Firefox 2018.2.26 (Feb 27, 2018)
- Many/most mixed content blocking issues are solved when enabling the "Block all unencrypted requests" option thanks to the injection of the upgrade-insecure-requests header. This means this option can be more easily used for daily browsing with less site breakage.
- Rulesets are alphabetically sorted in HTTPS Everywhere popup, with the first-party site (if covered) at the top.
- Fixes an obscure Android bug where rulesets don't appear in popup for the first window that is opened after restart.
- Many ruleset bugs have been solved (some dating 3 years back!)
New in HTTPS Everywhere for Firefox 2018.1.29 (Jan 30, 2018)
New in HTTPS Everywhere for Firefox 2018.1.11 (Jan 12, 2018)
New in HTTPS Everywhere for Firefox 2017.12.6 (Dec 7, 2017)
- Remove unnecessary files from release
- Ruleset updates
New in HTTPS Everywhere for Firefox 2017.11.21 (Nov 22, 2017)
New in HTTPS Everywhere for Firefox 2017.10.30 (Oct 31, 2017)
- Introduce migrations, migrate settings from localStorage to storage api
- Firefox: full WebExtensions version
New in HTTPS Everywhere for Firefox 2017.10.24 (Oct 25, 2017)
- Significant code refactor
- Fixes for Fennec
New in HTTPS Everywhere for Firefox 2017.10.4 (Oct 5, 2017)
- Markup and small UI changes
- Modularize JS, clean up control flow
- Ruleset updates
New in HTTPS Everywhere for Firefox 2017.9.12 (Sep 14, 2017)
- Decrease memory footprint by using JSON in default.rulesets
- Markup changes
- Ruleset updates
New in HTTPS Everywhere for Firefox 2017.8.31 (Sep 1, 2017)
- Add counter badge to indicate how many rulesets are active
- Use Map instead of Object for targets (improves lookups)
- Fix race condition with persistent storage
- Ruleset updates
New in HTTPS Everywhere for Firefox 2017.8.19 (Aug 28, 2017)
- Fix wildcard matching
- Remove usage of HTML string assignment
- Ruleset updates
New in HTTPS Everywhere for Firefox 5.2.21 (Jul 26, 2017)
New in HTTPS Everywhere for Firefox 5.2.20 (Jul 6, 2017)
New in HTTPS Everywhere for Firefox 5.2.19 (Jun 21, 2017)
New in HTTPS Everywhere for Firefox 5.2.18 (Jun 6, 2017)
- FF: Suppress request to check.torproject.org if SSL Observatory is disabled
- Chrome: Adding "View All Rules" link to Atlas
- Chrome: Allow removal of user-added, custom rulesets
- Ruleset updates
New in HTTPS Everywhere for Firefox 5.2.17 (May 24, 2017)
New in HTTPS Everywhere for Firefox 5.2.15 (Apr 20, 2017)
New in HTTPS Everywhere for Firefox 5.2.14 (Apr 9, 2017)
New in HTTPS Everywhere for Firefox 5.2.13 (Mar 20, 2017)
New in HTTPS Everywhere for Firefox 5.2.12 (Mar 13, 2017)
- Excepting loopback hostnames from 'HTTPS Nowhere' functionality
- Ruleset updates
New in HTTPS Everywhere for Firefox 5.2.11 (Mar 6, 2017)
New in HTTPS Everywhere for Firefox 5.2.10 (Feb 23, 2017)
- Removing targets which are HSTS preloaded in all supported browsers
- Ruleset updates
New in HTTPS Everywhere for Firefox 5.2.10 / 2017.1.25 (Jan 30, 2017)
- Removing targets which are HSTS preloaded in all supported browsers
- Ruleset updates
New in HTTPS Everywhere for Firefox 5.2.9 / 2016.12.19 (Jan 17, 2017)
- Ruleset updates
- In HTTP Nowhere mode, attempt HTTPS before block
New in HTTPS Everywhere for Firefox 5.2.7 / 2016.11.8 (Nov 11, 2016)
New in HTTPS Everywhere for Firefox 5.2.6 / 2016.10.20 (Oct 24, 2016)
- Ruleset fixes
- Fix for domain isolation in Tor Browser with SSL Observatory
New in HTTPS Everywhere for Firefox 5.1.2 (Dec 17, 2015)
New in HTTPS Everywhere for Firefox 5.1.1 (Sep 1, 2015)
- Ruleset fixes
- Clean up some unused code that was causing review problems on AMO.
New in HTTPS Everywhere for Firefox 5.1.0 (Sep 1, 2015)
- Signed by AMO so it won't get a warning in Firefox
New in HTTPS Everywhere for Firefox 5.0.9 (Sep 1, 2015)
- Fixed missing translations from 5.0.8
New in HTTPS Everywhere for Firefox 5.0.8 (Aug 14, 2015)
- Ruleset fixes
- Restore checkbox icons on Firefox
- Add a link to the HTTPS Everywhere Atlas
New in HTTPS Everywhere for Firefox 5.0.7 (Aug 14, 2015)
- Ruleset fixes, in particular disable broken Netflix rule
- Fix "Add a rule" functionality in Chrome.
New in HTTPS Everywhere for Firefox 5.0.6 (Jul 14, 2015)
- EFF 25th birthday edition
- Ruleset fixes
- Move "Enable / Disable rules" options into menu
New in HTTPS Everywhere for Firefox 5.0.5 (May 29, 2015)
- Ruleset fixes
- Fix ordering of locales to default to English again.
New in HTTPS Everywhere for Firefox 5.0.2 (Apr 9, 2015)
New in HTTPS Everywhere for Firefox 5.0.1 (Apr 9, 2015)
- Disabled some broken rulesets.
- Fixed and updated many rulesets.
- Better null checking in Firefox.
- Add "Block All HTTP Requests" in Chrome.
New in HTTPS Everywhere for Firefox 5.0 Development 4 (Apr 9, 2015)
New in HTTPS Everywhere for Firefox 5.0 Development 3 (Mar 11, 2015)
- Added automated ruleset testing.
- Disabled many rules that failed ruleset tests.
- Fix cookie securing so it works for wildcard cookies even when a wildcard target host is not present.
- User rule creation in Chromium is only offered on HTTPS.
- Enabling and disabling user rules on Chromium works.
- Candidate for 5.0 series stable release.
New in HTTPS Everywhere for Firefox 5.0 Development 2 (Dec 23, 2014)
- Merged mobile support from 4.0 branch.
- New translations imported: Catalan, Chinese (Taiwan), Croatian (Croatia), Estonian, Faroese, French (Canada), Khmer, Malay (Malaysia), Portuguese (Brazil), Romanian, Serbian, Sinhala (Sri Lanka), Slovak (Slovakia), Slovenian (Slovenia), Thai, Ukrainian
- Various ruleset fixes.
- Candidate for a 5.0 series stable release.
New in HTTPS Everywhere for Firefox 5.0 Development 1 (Dec 2, 2014)
- Support for multi-process Firefox (aka electrolysis or e10s).
- Merge latest rulesets.
- chrome-2014.11.25 (2014-11-25):
- Merge rulesets from Firefox release 4.0.2.
New in HTTPS Everywhere for Firefox 4.0.2 (Oct 16, 2014)
- Disable SSL 3 to Prevent POODLE attack
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal
New in HTTPS Everywhere for Firefox 4.0.1 (Sep 12, 2014)
- Significant new coverage: Reddit, Quora
- Fixes include: Frontier Networks, Hotmail / Live, Microsoft, Mozilla, Ohio State, Rackspace, SJ.se, Timbo.se
- Enhancements to MCB detection and subsequent ruleset fixes
- chrome-2014.8.22:
- Rulesets from 4.0.0
- German translation
New in HTTPS Everywhere for Firefox 4.0.0 (Aug 5, 2014)
- Ruleset fixes to wikimedia, stanford-university, joyent.
- Merge Android Firefox branch, so Android now has the same release cycle as the stable HTTPS Everywhere branch for Firefox.
New in HTTPS Everywhere for Firefox 5.0 Development 0 (Jul 30, 2014)
- Various rules for new gaming sites
- Add exception for flashproxy
- Updates to joyent, moevideo, FreeDesktop, Gfycat, Bytemark, tchibo, Kantonalbank rules, godaddy, Bing, Pcwelt.de, Gamestar.de, o2-online, heise.de, mozdev.org, Wikimedia, Spotify, Stanford-University, various Swiss websites, SourceForge, utwente.nl, teamfortress.com, Fastly, mozilla.org, AmazonAws, Technology Review, jitsi, googlecode.com, CDT, and other rules.
- Add Denh.am, justeatuk, owncloud, seanmckaybeck.com, strimoid.pl, elkosmasgr, mantisbt, IAPC, ReadTheDocs, tox.im, and other rules.
- Initialize Convergence's NSS.js with nss library path
- Add filter for OCSP and other requests that should be unrewritten
- Add testing framework and a few basic extension tests
- Fix Chrome redirect loop detection
- Fix loading of user rules
- Fix SSL Obs. preferences XML parsing bug.
- Add experimental "HTTP Nowhere" mode (blocks all HTTP requests)
New in HTTPS Everywhere for Firefox 3.5.3 (Jul 3, 2014)
- Ruleset fixes to Mozilla, PCWorld, MacWorld, Google Books, 4chan blog, BuzzFeed, BBC, googlecode, TechDirt, Wikia, Technology Review, Google Translate, CDT, Science Direct, Sourceforge
- Fix rulesets.sqlite path, allowing global installation
- Revert components/ssl-observatory.js to 3.4.5, possibly fixing crash bug
- Update observatory whitelist
New in HTTPS Everywhere for Firefox 3.5.1 (Jul 3, 2014)
- Re-enable ability to see all rulesets in enable/disable dialog.
- Added more Debian coverage.
- Fixes to Doubleclick, Guardian, Heroku, Home Depot, HypeMachine, IMDB, Justin.tv, Kikatek, Mozilla, MyFitnessPal, Pinterest, XKCD, Reuters, Technet, Tumblr, Wordpress, Yandex, Youtube, Flickr.
- Fix Australis icon positioning
- Ruleset fixes (same as 3.5.1)
- Make Chrome build script compatible with Chrome release scripts.
- Fix disappearing icon
- Fix XKCD images
- Revert back to chrome-2014.1.3 because of bug in Chrome release script.
- Add SV localization
- Add persistent user-generated rules
- Use onBeforeRedirect for redirect loop detection
- Remove unneeded onBeforeSendHeaders listener
- Fix host-only cookie bug
- Split incognito mode
- Cleanup pageAction icon code
- Add and modify some rulesets (same as 3.5)
New in HTTPS Everywhere for Firefox 4.0 Development 17 (May 24, 2014)
- Re-enable ability to see all rulesets in enable/disable dialog.
- Fix allowing global installation
- Better observatory whitelisting
- Add option for SSL obs. revoked cert warnings
- Numerous ruleset updates
New in HTTPS Everywhere for Firefox 4.0 Development 16 (Apr 15, 2014)
- Restore code that loads custom rule files
- Use loadContext interface to get windows associated with requests
- Reduce annoying logging messages
- Report cert warning pages to SSL Observatory
- Remove SSL Observatory observers when disabled
- Don't set LOAD_REPLACE flag
- Add script to merge rulesets in Alexa Top 1M
- 8 new rules
- 59 modified rules
New in HTTPS Everywhere for Firefox 3.5 (Apr 15, 2014)
- Merge all non-ruleset changes from 4.0development.16
- Merge all new/modified rulesets from 4.0development.16 that are in the Alexa Top 1000 using utils/alexa-ruleset-checker.py.
New in HTTPS Everywhere for Firefox 3.4.5 (Jan 24, 2014)
- Updated license
- Updated README.md
- Updated contributors list
- Fix a performance bug when re-enabling HTTPS-Everywhere from its menu
- Observatory cert whitelist update
- Updated rules: Atlassian, Brightcove, MIT, Pidgin, Microsoft, Whonix
- Skanetrafiken, Stack-Exchange, Stack-Exchange-mixedcontent
New in HTTPS Everywhere for Firefox 3.4.3 (Jan 24, 2014)
- Fixes: Cloudfront / Amazon MP3 player, Cornell/Arxiv, FlickR,
- AmazonAWS/spiegel.tv
- Disable broken: Barns and Noble, Behance, Boards.ie, Elsevier, Kohls,
- OpenDNS, Spin.de, Svenskakyrkan
- Deprecate the ContentPolicy API, fixing a crash bug
- lurking since Firefox 20:
- Fix really silly Observatory UI bug that would leave the Observatory off
- for non-Tor users after they turned it on
- Update Observatory blacklist
- Bump maxVersion from Firefox 25 to 28.
New in HTTPS Everywhere for Firefox 4.0 Development 14 (Jan 24, 2014)
- Deprecate the ContentPolicy API, fixing a crash bug
- lurking since Firefox 20:
- Fix really silly Observatory UI bug that would leave the Observatory off
- for non-Tor users after they turned it on
- Ship 438 new rulesets
- Update Observatory blacklist
New in HTTPS Everywhere for Firefox 4.0 Development 13 (Jan 24, 2014)
- HTTPS Everywhere builds are now deterministic!
- Numerous new and updated rules
New in HTTPS Everywhere for Firefox 3.4.2 (Jan 24, 2014)
- HTTPS Everywhere builds are now deterministic
- Global memory leak bug fixes
- Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov
- Bing, Cengage
- New rules from dev: IPTorrents.com, TvTorrents
New in HTTPS Everywhere for Firefox 3.4.1 (Jan 24, 2014)
- Fix typo resulting in variable leak in get_prefs()
New in HTTPS Everywhere for Firefox 3.4 (Jan 24, 2014)
- Do not upgrade stable users to the development branch!
- The previous release moved extension code from the development branch into
- the stable branch, and changed many stable rules
New in HTTPS Everywhere for Firefox 4.0 Development 10 (Jan 24, 2014)
- Numerous rules added, modified, and deleted
- Added utils/find_rules.py, python script by Osama Khalid to apply HTTPS
- Everywhere rules to URLs
- Updated readme to include more dependencies
New in HTTPS Everywhere for Firefox 3.3.2 (Jan 24, 2014)
- We merged in a bunch of non-ruleset changes from 4.0development.9:
- Notable changes from this merge include a rewriting of fetch-source.js,
- improvements to the CSS such that the icon changes color when disabled
- and shows the number of applied rules when active, fixing bugs in
- HTTPSRules.js and ApplicableList.js that led to undefined functions,
- and rewriting makexpi.sh to accept a --fast flag.)
- The tickets described below were fixed by the merge from 4.0development.9
- Add a script find_rules.py by Osama Khalid to utils/. It applies HTTPS
- Everywhere rules to URLs.
- Add merge-rulesets.py from master to utils/.
- Removed default parameters for a js function that caused breakage
- in older versions of FF.
- Changed mixed content blocking in FF to be based on the user's active
- content blocking preferences rather than if the FF version is >=23.0.
- [Zurcher_Katonalbank] Add rule
- [LegitScript] www now supports SSL
- [DebianOwnCA] Debian self-signed cert rules
- [Debian] Update rule for non-self-signed domains
- [UKLocalGov] Add havering.gov.uk
- [aeriagames] Use CDN with valid cert
- [spu.ac.th] Disable (https site not found)
- Added rules from mishari for Loxinfo, SPU, Silkspan, Settrade,
- Powerbuy, opengarden.com, Naiin, MyHappyOffice, Mirakar,
- MarketingOops, Makewebeasy, m2fjob, LandandHouse, Jaymart,
- Etravelway, Craigslist, Blognone, TrueCorp, dealfish, 3bbwifi,
- thepiratebay, and priceza.
- [Ubuntu] Add rule for ubuntuforums.org
- [EuroBillTracker.xml] Add EuroBillTracker rule
- [wikidot] Exclusion for iframes
- [StockCharts] Add reason for disabling
- [9gag] Disable rule for breaking AJAX.
- [MayFirstPeopleLink] Updated rule
- [Derpiboo.ru] Add rule
- [Fedora Project] Split start
- [Lurkmore.to] Add rule
- [2ch.so] Add rule
- [FSF] Added the status and u subdomains
- [Reddit] Exclude blog
- [Desk.com] Fix
- [Cheezburger] Fix
- Updated debian dependencies in readme
- [Adtech.de] Add exclusion
New in HTTPS Everywhere for Firefox 3.3.1 (Jan 24, 2014)
- [Wikimedia] removed mixedcontent
New in HTTPS Everywhere for Firefox 3.3 (Jan 24, 2014)
- This major release fixed the following mixed content blocker (MCB)
- related bugs in time for Firefox 23
- In effect, this update disables rulesets that cause mixed content errors
- by default, and adds platform="mixedcontent" to 950 new rules. This is
- necessary to prevent a massive amount of websites from breaking by default
- for our users when Firefox 23 comes out.
- Internet Archive] Moved to stable
- [Linaro] Default off per webmaster request
- [Applicom] Default off per webmaster request
New in HTTPS Everywhere for Firefox 3.2.4 (Jan 24, 2014)
- [Yandex] remove maps from exclusions
- [Amazon Web Services] Add exclusion
- [Hotmail / Live] Add exclusion
- [Mozilla] Point labs to mozillalabs.org
- [Yandex] Exclude ll
- [Brightcove] Add exclusion
- [NYTimes] Add exclusion, disabled
- [News Corporation] Exclude 2013 images
- [imgbox] Fix typo
New in HTTPS Everywhere for Firefox 4.0 Development 8 (Jan 24, 2014)
- Fix broken ruleset dialog in Firefox 22+
- The toolbar button chnages to indicate active rulesets:
- Ship 31 new rulesets
- New translations: Japanese and Sinhala
- Updated translations: Hungarian, Lithuanian, Slovenian
- Ruleset fixes from 3.2.2
- Observatory cert whitelist update
New in HTTPS Everywhere for Firefox 3.2.2 (Jan 24, 2014)
- Quick turn-around release to unbreak support.apple.com
- Fixes for a number of other ruleset bugs:
- Incremental observatory cert whitelist update
New in HTTPS Everywhere for Firefox 3.2.1 (Jan 24, 2014)
- Implement XHR outstanding request limits to work around TCP connection
- exhaustion if the SSL Observatory server is slow or down:
- Overdue update to the Observatory cert whitelist
- Other known ruleset fixes: EA, Yandex, Apple
New in HTTPS Everywhere for Firefox 4.0 Development 7 (Jan 24, 2014)
- Implement XHR outstanding request limits to work around TCP connection
- exhaustion if the SSL Observatory server is slow or down:
- Add a note hinting users how to toggle rulesets
- Ship all fixes from 3.2
- Other known ruleset fixes: EA, Yandex
- Ship 1308 new rulesets!
- Numerous new and updated translations
New in HTTPS Everywhere for Firefox 3.2 (May 2, 2013)
- New: MoinMoin
- Fixes: Adobe, Bahn.de, Cloudfront, Dell, Droplr, FBI, Google Maps, Joomla, Juno Download, Lenovo, New York Times, SEC, Soundcloud, Tweakers.net, Univ Strasbourg, Vkontakte, Zend
- Disable broken: AirAsia, Netvibes, Newgrounds, Pirate Bay, Russia Today, SVT, Wolfram Alpha
- Maybe fixed: Quantcast/Tumblr
- Sync languages and translations from the master branch.
- New languages: Finnish, Norwegian (Bokmål), Slovak, Bulgarian.
- All HTTPS Everywhere users will be now prompted about using the SSL Observatory.
New in HTTPS Everywhere for Firefox 3.1.4 (Mar 14, 2013)
- Fixes:
- AmazonAWS/Atomsforpeace.info, Disqus, Eventbrite, ImageShack.us, MySQL, NuGet, NYTimes, Ooyala, Opera, Scientific American, SourceForge, University of Southampton, UserVoice, WebType, Zendesk
- Disable broken:
- American Public Media (for real this time), Asymmetric Publications, Salsa Labs, Vimeo
- Update cert whitelist
New in HTTPS Everywhere for Firefox 3.1.3 (Mar 4, 2013)
- Internet Freedom Day stable bugfix release
- Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, Google Maps, UserEcho
- Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest
- Update cert whitelist
New in HTTPS Everywhere for Firefox 3.1.2 (Mar 4, 2013)
- Release 3.1.2, since 3.1.1 was accidentally mis-tagged
- Fixes for: AmazonAWS/Datawrapper, Cachefly, Cloudfront/C-SPAN, Hetzner.de KeyDrive/Snapnames, QT, openDesktop, OpenTTD, WhiskeyMedia
- Disable broken: FlossManuals, Pastebin, Poste.it, Ustream, TED, AusGamers
- Increase Observatory deployment (65%->85%)
- Update cert whitelist
New in HTTPS Everywhere for Firefox 1.0.1 (Sep 5, 2011)
- Disable some rulesets with partial compatibility issues: Reddit, StumbleUpon, Heroku
- Small Yandex fix
- Fix/improvement for Google Instant outside the US
New in HTTPS Everywhere for Firefox 1.0.0 (Aug 5, 2011)
- Improve toolbar UI for error pages somewhat (it still isn't perfect)
- Bugfixes: Microsoft, Dropbox, Netflix, MySQL
- Disable a couple of broken rules
New in HTTPS Everywhere for Firefox 1.0.0development.5 (Aug 5, 2011)
- Ship rulesets as a single "default.rulesets" file, shrinking the .xpi from
- 370 kB to ~120kB and speeding Firefox startup
- Fix an ephemeral bug where disabled-by-default rules would be briefly
- enabled when first installed
- Wikipedia shows up in the toolbar/context menu
- Fixes to netflix & netzpolitik
- Toolbar/context menu can be opened with left or right click
New in HTTPS Everywhere for Firefox 1.0.0development.4 (Aug 5, 2011)
- Fix a bug with Google Translate
- Unbreak the Netflix blog
- Toolbar button now looks OK in Seamonkey
- Declare compatibility with the next round of Firefox alphas
New in HTTPS Everywhere for Firefox 1.0.0development.3 (Aug 5, 2011)
- Do not show a bizarre popup when people click the HTTPS toolbar button on
- error pages
- Fix a GoogleServices bug that broke logout from non-US google accounts
New in HTTPS Everywhere for Firefox 1.0.0development.2 (Aug 5, 2011)
- Fix bugs that arose when trying to move the toolbar menu icon:
- Handle usernames and passwords in URIs more explicitly
- By default, move context menu from toolbar to addons bar
- Ship 22 new rulesets
- Add support for Google Plus, Accounts and AdWdords
- Improvements to Microsoft, Twitter and Gitorious
New in HTTPS Everywhere for Firefox 1.0.0development.1 (Aug 5, 2011)
- Add a context menu to let users toggle rulesets that are/might be
- applicable to the current page (we can now stabilise the dev branch!)
- Ship 42 new rulesets
- Support for Google Image Search (except the very first landing page :/)
- Fixes: Netflix, Plone
- Improvements: Google APIs, Google Services, Mediawiki
- Disable broken rules: OKCupid, Surveymonkey
- Declare compatibility with recent Seamonkey releases
New in HTTPS Everywhere for Firefox 0.9.9.development.6 (Aug 5, 2011)
- Optimistically declare compatibility with Firefoxes up to v 7.*
- Ship 193 new rulesets
- Fixes & Improvements: Wikipedia, AmazonAWS, Google Images, Microsoft,
- Mozilla, Netflix, Google User Content, Twitter, Gitorious, AdBlock Plus,
- Youtube, he.net, Bitcoin
- Remove broken rules: Match.com
New in HTTPS Everywhere for Firefox 0.9.9.development.5 (Aug 5, 2011)
- Compatible with Firefox 4.0.1+
- New ruleset management UI (thanks to katmagic and Stefan Tomanek)
- Ship 136 new rulesets
- Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious
- Improvements: Bit.ly, Yahoo, Nokia
- Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!)
New in HTTPS Everywhere for Firefox 0.9.9.development.4 (Aug 5, 2011)
- Ship 117 new rulesets
- Fixes: MySQL, GroupOn, country-specific Google news sites,
- Improvements: mail.com, WordPress
- Leave WashingtonPost ruleset on in the hope that it gets fixed soon :/
- Disable broken rules: HTC, I2P
New in HTTPS Everywhere for Firefox 0.9.9.development.3 (Aug 5, 2011)
- In the settings dialogue, offer "Reset defaults" instead of "Enable all"
- Merge fixes from NoScript that avoid some torbutton bugs
- Ship 56 new rulesets
- Numerous tweaks + fixes, including NYTimes and AddThis
New in HTTPS Everywhere for Firefox 0.9.9.development.2 (Aug 5, 2011)
- Prevent the preferences window from swallowing the screen on OS X / Windows
- Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS)
- Attempt to do the same for for CAcert
- Fixes to: Reddit, Drupal.org
- Disable some problematic rulesets: Cisco, Opera
- Enable: Reddit
- Ship another 62 rulesets
New in HTTPS Everywhere for Firefox 0.9.9.development.1 (Aug 5, 2011)
- The efficient ruleset checking implementation should now hopefully be...
- efficient
- Ship all the rulesets
- Except the ones that cause cert warnings, which are there but off by default
- Build scripts attempt to validate rulesets before making a .xpi
New in HTTPS Everywhere for Firefox 0.9.7 (Aug 5, 2011)
- Support firefox 5 and 6 betas
- Numerous improvements and fixes to Google and GoogleServices support
- Fixes to AmazonAWS
- Secure j.mp via bit.ly
- Fix gentoo bugs
New in HTTPS Everywhere for Firefox 0.9.6 (Aug 5, 2011)
- Support firefox 4.0.1
- Unbreak recaptcha
- Disable google.com/jsapi (which was breaking some embedded maps, though that bug *might* have been fixed)
New in HTTPS Everywhere for Firefox 0.9.5 (Aug 5, 2011)
- WashingtonPost is broken and seems to be staying that way; disable it
- Replace "Enable All" with "Reset Defaults"
- Fixes & Improvements to WordPress + Mozilla
New in HTTPS Everywhere for Firefox 0.9.3 (Aug 5, 2011)
- Significant performance improvements
- Disable Cisco by default
- Fixes & improvements to: NYTimes, WashingtonPost, Cisco, WordPress
- Support Google Code
- Disable Google Custom Search Engines (they don't work)
- Support global installation for OS distributions
New in HTTPS Everywhere for Firefox 0.9.2 (Aug 5, 2011)
- Fix a bug in our redirection loop detection that was causing touble with
- some parts of NYTimes, Facebook, and other sites
New in HTTPS Everywhere for Firefox 0.9.1 (Nov 25, 2010)
- Unbreak the "all x news articles" links in Google News
- Exclude nytimes.com/roomfordebate, since it's broken in https.
New in HTTPS Everywhere for Firefox 0.9.0 (Nov 25, 2010)
- This is our "Firesheep" release. It has numerous anti-firesheep
- improvements!
- Split the stricter parts of the Facebook rule into a "Facebook+" rule.
- It's what's required to protect Facebook from Firesheep and similar cookie
- theft attacks, but it may break apps, because apps.facebook.com currently
- has the wrong cert.
- Allow rulesets to specify that the secure flag should be set on some cookies even if the site operator failed to do so
- Ship rules for:
- Amazon S3 (AWS)
- Github
- Bit.ly
- Dropbox
- Evernote
- Cisco
- Extensive improvements (including secure cookies) in the Twitter and
- Facebook rules
- Support for full Live / Hotmail encryption
- Significant performance optimisation decreases CPU load
- Fixes:
- https://trac.torproject.org/projects/tor/ticket/1656
- https://trac.torproject.org/projects/tor/ticket/2194
- Rearrange our Channel Replacement code!
- Add scrollbars if there are a lot of rules present in the Preferences
- dialog (may still be somewhat buggy...)
- Optimise GoogleServices.xml and support Google code search
- Patch for future compatiability with Request Policy:
- https://trac.torproject.org/projects/tor/ticket/1574
- Support for the Firefox 4 API
- The Amazon rule was causing a lot of glitches; it is now off by default
- Control log verbosity with an about:config variable
- Numerous minor rule improvements
New in HTTPS Everywhere for Firefox 0.2.2 (Nov 11, 2010)
- Fix a glitch in the Content Policy path. The patch breaks toolbar search suggestions.
- Don't send some country homepages to https://www.google.com/webhp?hl= ; use https://encrypted.google.com instead
- Cleanup and refactor the URI replacement and rewriting code.
- Add a Google APIs rule
- Remove some Extremely Nasty code that would delete malformed rulesets (!)(it was pasted from Torbutton's cookie handling logic...)
- Add code.google.com to Google Services
- The client=firefox* workaround is no longer necessary once we're sending non-US users to encrypted.google.com rather than www.google.com
- Better coverage for GMX, Google services, Twitter
- Scroogle homepage in HTTPS
- Add rules for:
- Mail.com logins
- Microsoft (limited coverage)
- Fix a nasty Google/Wikipedia bug within 0.2.2.development.{1,2}
New in HTTPS Everywhere for Firefox 0.2.1 (Nov 11, 2010)
- Although google said https://www.google.com would continue to work, that wasn't absolutely true.
- The new encyrpted.google.com seems to require queries to be #q=thing rather than search?q=thing, at least some of the time.
New in HTTPS Everywhere for Firefox 0.2.0 (Nov 11, 2010)
- Work around the fact that Google does not allow client=firefox* HTTPS searches from outside the US, by rewriting those URIs
- Add rules for:
- Amazon
- GMX
- Live.com (Hotmail logins)
- Meebo
- the Netherlands Government
- Wordpress.com
- Zoho
- Remove the assumption that non-US searches would always start with an hl=language parameter
- Handle searches to the google.com/firefox script better
- Remove accidental duplicates of a couple of rules!
- Bump maxVersion into the future so we're compatible with Firefox alphas
- Fix more legacy eff.org bugs
New in HTTPS Everywhere for Firefox 0.1.2 (Nov 11, 2010)
- Apparently, we are not actually compatible with Firefox 2.0.0.x, so don't install with it!
- Further generalisation of Wikimedia rules
- Fix bugs in the handling of obscure parts of eff.org and torproject.org
- A bug in a user rules file should produce an error, rather than causing all rules to fail to load
New in HTTPS Everywhere for Firefox 0.1.1 (Nov 11, 2010)
- Generalise the Wikipedia rules to other Wikimedia services
- In Preferences window, add a link to instructions for writing one's own rules