Pale Moon 歷史版本列表 Page72

更新時間：2016-02-16
更新細節：

What's new in this version:

Changes/fixes:
- Disabled our ES6 Promise implementation introduced in 26.0 since there were some severe issues with its implementation that caused a lot of inexplicable failures on websites. This means that some sites that insist on using Promises without checking availability and that do not provide sufficient web client compatibility by way of server-side libraries or polyfills will currently not work as-intended. Apologies for any inconvenience this may cause; providing a perfectly-working implementation will be our top priority going forward
- Improved website compatibility with many sites and web applications by making our cookie gate less strict
- Fixed web compatibility with Google Hangouts and Yahoo Calendar
- Changed the memory allocator on Windows platforms to a much more modern full-library implementation of jemalloc, with miscellaneous additional fixes. This should give comparable speed to the system one and will allocate free memory more dynamically. This should fix issues like "huge animated gif choking" and inexplicable pauses when using many tabs, scrolling (extremely) long pages, or viewing media
- Fixed a few rare crashing issues on Windows due to the build process
- Reduced so-called "jank" on inner frame scrolling reflows
- Extension compatibility: partial implementation of Firefox 26 download js modules as shims; this should make more Firefox extensions compatible with us out-of-the-box.
- Added a "superstop" key combination (Shift+Esc) that will stop all (foreground and background) network activity, stop animated gifs, etc. even after the page itself has fully loaded (and the stop button not being available) - some web applications may not like this if you use it since it will also cancel XHR requests, etc.
- Updated NTLM authentication, deprecating v1 and adding a proper v2 implementation
- Updated the default theme to tweak/improve it some more

Security fixes:
- Updated the Graphite2 font library to 1.3.5+ to fix a number of vulnerabilities (and some font bugs

更新時間：2016-02-16
更新細節：

What's new in this version:

Changes/fixes:
- Disabled our ES6 Promise implementation introduced in 26.0 since there were some severe issues with its implementation that caused a lot of inexplicable failures on websites. This means that some sites that insist on using Promises without checking availability and that do not provide sufficient web client compatibility by way of server-side libraries or polyfills will currently not work as-intended. Apologies for any inconvenience this may cause; providing a perfectly-working implementation will be our top priority going forward
- Improved website compatibility with many sites and web applications by making our cookie gate less strict
- Fixed web compatibility with Google Hangouts and Yahoo Calendar
- Changed the memory allocator on Windows platforms to a much more modern full-library implementation of jemalloc, with miscellaneous additional fixes. This should give comparable speed to the system one and will allocate free memory more dynamically. This should fix issues like "huge animated gif choking" and inexplicable pauses when using many tabs, scrolling (extremely) long pages, or viewing media
- Fixed a few rare crashing issues on Windows due to the build process
- Reduced so-called "jank" on inner frame scrolling reflows
- Extension compatibility: partial implementation of Firefox 26 download js modules as shims; this should make more Firefox extensions compatible with us out-of-the-box.
- Added a "superstop" key combination (Shift+Esc) that will stop all (foreground and background) network activity, stop animated gifs, etc. even after the page itself has fully loaded (and the stop button not being available) - some web applications may not like this if you use it since it will also cancel XHR requests, etc.
- Updated NTLM authentication, deprecating v1 and adding a proper v2 implementation
- Updated the default theme to tweak/improve it some more

Security fixes:
- Updated the Graphite2 font library to 1.3.5+ to fix a number of vulnerabilities (and some font bugs

更新時間：2016-02-07
更新細節：

What's new in this version:

- Changed our cookie gate to allow cookie names with spaces in them, to improve web compatibility
- Critical note: if your site uses cookie names with spaces in them, please consider moving away from doing that so you are no longer in the "grey" area of cookie behavior
- Changed the configuration of our XSS filter to address some known, harmless filter hits that have been reported

更新時間：2016-02-07
更新細節：

What's new in this version:

- Changed our cookie gate to allow cookie names with spaces in them, to improve web compatibility
- Critical note: if your site uses cookie names with spaces in them, please consider moving away from doing that so you are no longer in the "grey" area of cookie behavior
- Changed the configuration of our XSS filter to address some known, harmless filter hits that have been reported

更新時間：2016-02-03
更新細節：

What's new in this version:

Changes/fixes:
- Removed the sanity check for unsupported point-of-sale XP-based operating systems by user request.
- Please see the forum for information on which operating systems we can reasonably support.
- Changed the way "transparent" is handled in Goanna to improve transparent gradients using this keyword.
- Made sure that dom.disable_beforeunload is predefined in about:config.
- Fixed web compatibility issues with Youtube, Youtube Gaming, Yuku fora and Netflix.
- Fixed web compatibility with Comcast/XFinity webmail and other sites or web applications that expect older JavaScript versions as default.
- Reinstated the about:config warning by default.
- Fixed 2 potential browser crashes.

Security fixes:
- Updated NSS to 3.19.4.1-PM to fix a potential UAF and CVE-2015-7575.
- Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
- Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
- Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
- Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.

更新時間：2016-02-03
更新細節：

What's new in this version:

Changes/fixes:
- Removed the sanity check for unsupported point-of-sale XP-based operating systems by user request.
- Please see the forum for information on which operating systems we can reasonably support.
- Changed the way "transparent" is handled in Goanna to improve transparent gradients using this keyword.
- Made sure that dom.disable_beforeunload is predefined in about:config.
- Fixed web compatibility issues with Youtube, Youtube Gaming, Yuku fora and Netflix.
- Fixed web compatibility with Comcast/XFinity webmail and other sites or web applications that expect older JavaScript versions as default.
- Reinstated the about:config warning by default.
- Fixed 2 potential browser crashes.

Security fixes:
- Updated NSS to 3.19.4.1-PM to fix a potential UAF and CVE-2015-7575.
- Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
- Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
- Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
- Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.

更新時間：2016-01-27
更新細節：

What's new in this version:

- This is a new milestone release! It's been in the works for a good number of months, and has many hundreds of notable changes, fixes, and improvements that can't possibly all be listed here.
- These release notes for this version are a concise summary, lifting out the most prominent and important changes. You may find slightly more detailed release notes on the forum.

General:
- Goanna logoPale Moon is now building on the new Goanna engine instead of Gecko. Although close relatives in terms of web technology, they are not the same under the hood and any reports of bugs with the layout/rendering engine should be as detailed as possible to allow us to pinpoint the cause of the bugs and fix them (just stating "it works in Firefox" really doesn't help us!). If you wish to report issues, please either use the issue tracker on GitHub or report a detailed description and steps to reproduce on the forum
- We've had to reduce the number of supported languages for our language packs. With the need to move to our own full localization and lacking translators to support and maintain less common languages in use around the world, we've reduced our number of offered languages to a little over 30. The languages still supported should royally cover all commonly-spoken languages around the globe. You will need to update your language packs!
- Although we've given this release extensive testing, it is still possible you run into some website compatibility issues (usually because of websites doing useragent sniffing) and e.g. some sites displaying a mobile version if they do not recognize or incorrectly recognize the new browser engine. Please always try contacting the webmasters first before posting support requests at our address, since this is usually not something we can provide solutions for, ourselves, and we end up having to redirect you anyway

Fixes / Changes:
- The layout parser/renderer has received many updates with this change over to Goanna, improving web compatibility and standards compliance in many areas
- The browser user interface has received updates, making it more compatible with Windows 10 in many respects and more in line with the general styles of the operating system version it is run on in terms of the shapes of controls and color setting
- Updated graphics/media support: Pale Moon now supports the WebP image format, properly scales EXIF rotated JPEGs, has updated support for different WebGL texture formats, improved scaling of vector images, updated libpng, libjpeg-turbo, libvpx, and misc other upstream libraries/modules, and more!

Library changes:
- The library now has a scope bar (pops up when searching) with the option to select what you want to search in (either bookmarks or history) and the option to save your searches
- By default, there will be a history menu drop-down in the browser's user interface next to the bookmarks one
- Added "Containing folder" and "Containing folder path" columns so you can see exactly where a bookmark is located at a glance when searching (after enabling the columns)
- Added support for Ruby annotations. If you need this functionality, set the about:config preference browser.ruby.enabled to true, and restart the browser
- Added conservative image decoding: it will now only decode images that are (almost) in view, greatly improving overall memory use and initial loading of graphics-heavy pages
- Aligned 3D CSS transforms and perspective with the spec
- JavaScript improvements: added basic support for ES6 Promises, added lement.matches(), updated property assignments, added Bin/Oct literals in Number(), improved performance of TypeOf calls, improved GC memory shrinking, improved memory allocations, improved RegEx performance and compatibility, and more!
- Added CSS media queries to determine the OS the browser is running on, allowing theme designers to make specific changes based on OS at run-time
- Added a control preference for onunload= events as dom.disable_beforeunload. This allows you to completely disable events fired when leaving a page
- Changed the memory allocator to the (faster) system allocator on modern operating systems
- Improved the handling of very large numbers of tabs
- Added Ecosia as a "green" search engine alternative for the environmentally aware surfer
- Autoplay of media now has a separate control preference for scripted content as media.autoplay.allowscripted, to block script-initiated autoplay of media

Security updates:
- Added support for 128-bit Camellia-GCM ciphers in addition to the existing CBC ciphers to offer a more internationally diverse choice of secure encryption ciphers than just AES
- Added an advanced, active XSS (cross-site scripting) filter. Pale Moon will now check for XSS attacks and block XSS content in the resulting pages. This is brand-new technology and feedback on this filter specifically (e.g. bugs, false positives, etc.) should be posted in the dedicated thread on the forum for this feature. Please also see that thread for details on how to use and control this filter
- Distrusted several root certificates in accordance with security best practice
- Aligned cookie acceptance with RFC 6265 §4.1.1. We still make an exception for allowing spaces and double quotes in cookie values, but this will be made more strict in the future for full spec compliance. If you are a web designer and use cookies, please verify that you are RFC compliant in terms of both cookie names and cookie values, or the browser may reject them
- Removed several hazardous modules like the maintenance service and the identity module
- Ported all security updates from Mozilla that are applicable/relevant to our code base (up to and including all security issues made known to us until now). Considering v26 has been kept updated over its long development until release, the list of fixes/CVEs would be too exhaustive to list in these release notes individually

更新時間：2016-01-27
更新細節：

What's new in this version:

- This is a new milestone release! It's been in the works for a good number of months, and has many hundreds of notable changes, fixes, and improvements that can't possibly all be listed here.
- These release notes for this version are a concise summary, lifting out the most prominent and important changes. You may find slightly more detailed release notes on the forum.

General:
- Goanna logoPale Moon is now building on the new Goanna engine instead of Gecko. Although close relatives in terms of web technology, they are not the same under the hood and any reports of bugs with the layout/rendering engine should be as detailed as possible to allow us to pinpoint the cause of the bugs and fix them (just stating "it works in Firefox" really doesn't help us!). If you wish to report issues, please either use the issue tracker on GitHub or report a detailed description and steps to reproduce on the forum
- We've had to reduce the number of supported languages for our language packs. With the need to move to our own full localization and lacking translators to support and maintain less common languages in use around the world, we've reduced our number of offered languages to a little over 30. The languages still supported should royally cover all commonly-spoken languages around the globe. You will need to update your language packs!
- Although we've given this release extensive testing, it is still possible you run into some website compatibility issues (usually because of websites doing useragent sniffing) and e.g. some sites displaying a mobile version if they do not recognize or incorrectly recognize the new browser engine. Please always try contacting the webmasters first before posting support requests at our address, since this is usually not something we can provide solutions for, ourselves, and we end up having to redirect you anyway

Fixes / Changes:
- The layout parser/renderer has received many updates with this change over to Goanna, improving web compatibility and standards compliance in many areas
- The browser user interface has received updates, making it more compatible with Windows 10 in many respects and more in line with the general styles of the operating system version it is run on in terms of the shapes of controls and color setting
- Updated graphics/media support: Pale Moon now supports the WebP image format, properly scales EXIF rotated JPEGs, has updated support for different WebGL texture formats, improved scaling of vector images, updated libpng, libjpeg-turbo, libvpx, and misc other upstream libraries/modules, and more!

Library changes:
- The library now has a scope bar (pops up when searching) with the option to select what you want to search in (either bookmarks or history) and the option to save your searches
- By default, there will be a history menu drop-down in the browser's user interface next to the bookmarks one
- Added "Containing folder" and "Containing folder path" columns so you can see exactly where a bookmark is located at a glance when searching (after enabling the columns)
- Added support for Ruby annotations. If you need this functionality, set the about:config preference browser.ruby.enabled to true, and restart the browser
- Added conservative image decoding: it will now only decode images that are (almost) in view, greatly improving overall memory use and initial loading of graphics-heavy pages
- Aligned 3D CSS transforms and perspective with the spec
- JavaScript improvements: added basic support for ES6 Promises, added lement.matches(), updated property assignments, added Bin/Oct literals in Number(), improved performance of TypeOf calls, improved GC memory shrinking, improved memory allocations, improved RegEx performance and compatibility, and more!
- Added CSS media queries to determine the OS the browser is running on, allowing theme designers to make specific changes based on OS at run-time
- Added a control preference for onunload= events as dom.disable_beforeunload. This allows you to completely disable events fired when leaving a page
- Changed the memory allocator to the (faster) system allocator on modern operating systems
- Improved the handling of very large numbers of tabs
- Added Ecosia as a "green" search engine alternative for the environmentally aware surfer
- Autoplay of media now has a separate control preference for scripted content as media.autoplay.allowscripted, to block script-initiated autoplay of media

Security updates:
- Added support for 128-bit Camellia-GCM ciphers in addition to the existing CBC ciphers to offer a more internationally diverse choice of secure encryption ciphers than just AES
- Added an advanced, active XSS (cross-site scripting) filter. Pale Moon will now check for XSS attacks and block XSS content in the resulting pages. This is brand-new technology and feedback on this filter specifically (e.g. bugs, false positives, etc.) should be posted in the dedicated thread on the forum for this feature. Please also see that thread for details on how to use and control this filter
- Distrusted several root certificates in accordance with security best practice
- Aligned cookie acceptance with RFC 6265 §4.1.1. We still make an exception for allowing spaces and double quotes in cookie values, but this will be made more strict in the future for full spec compliance. If you are a web designer and use cookies, please verify that you are RFC compliant in terms of both cookie names and cookie values, or the browser may reject them
- Removed several hazardous modules like the maintenance service and the identity module
- Ported all security updates from Mozilla that are applicable/relevant to our code base (up to and including all security issues made known to us until now). Considering v26 has been kept updated over its long development until release, the list of fixes/CVEs would be too exhaustive to list in these release notes individually

更新時間：2015-11-29
更新細節：

What's new in this version:

- Fix for a crash that could occur at random since the update to 25.8.0.
- Fix for CSP (Content Security Policy) to be more lenient towards the incorrect passing of full URLs with all sorts of parameters in the CSP header, leading to misinterpretation of the header and incorrectly blocking the loading of content.

更新時間：2015-11-29
更新細節：

What's new in this version:

- Fix for a crash that could occur at random since the update to 25.8.0.
- Fix for CSP (Content Security Policy) to be more lenient towards the incorrect passing of full URLs with all sorts of parameters in the CSP header, leading to misinterpretation of the header and incorrectly blocking the loading of content.