Tor Browser

What's new in this version:

Updated Translations:
- Re-enable rlbox
- Add Finnish (fi) language support
- Circuit Isolation should take containers into account
- Check if we can create our own directories for branding
- eslint broken since migrating torbutton
- Disable LaterRun
- about:networking#networkid should be normalized
- Disable unused about: pages
- Disable the Normandy component at compile time
- Disable back webextension.storage.sync after ensuring NoScript settings won't be lost
- Turn --enable-base-browser in --with-base-browser-version
- Disable about:sync-logs
- Turn media.peerconnection.ice.relay_only to true as defense in depth against WebRTC ICE leaks
- Remove startup.homepage_override_url from Base Browser
- Immediately return on remoteSettings.pollChanges
- Replace the patch to disable live reload with its preference
- TTP-02-003 WP1: Data URI allows JS execution despite safest security level (Low)
- Avoid re-defining some macros in nsUpdateDriver.cpp
- Remove YEC 2022 strings
- Fix maximization warning x button and preference
- Improve support for non-portable mode
- HTTP onion sites do not give a popup warning when submitting form data to non-onion HTTP sites
- about:privatebrowsing Firefox branding
- URL bar lock icon says connection is not secure when on "view-source:.onion" URLs [tor-browser]
- New texts for the add a bridge manually modal
- Improve security warning when downloading a file
- Review and expand the stakeholders we communicate major changes to
- Use the new branding directories
- Allow customizing MOZ_APP_BASENAME
- Copy some documentation files only on Tor Browser
- Move translations to new paths
- Tor Browser 11.0.4-11.0.6 phoning home
- Set update URL for nightly base-browser
- Make testing the updater easier
- Add basebrowser-incrementals-nightly makefile target
- base-browser nightly is using the default channel instead of nightly
- The number of relays displayed for an onion site can be misleading
- Update "Click to Copy" button label in circuit display
- Some users are choosing an adjacent country for circumvention settings
- Reserve red as a button color for dangerous actions
- Refactor the UI to remove all bridges
- Users don't understand the purpose of bridge-moji
- "New circuit..." button gets cut-off when onion name wraps
- Move the implementation of Bug 19273 out of Torbutton
- Move the crypto protection patch earlier in the patchset
- Crypto warning popup is not screen reader accessible
- User 'danger' style for primary button in new identity modal
- Tor Browser says Firefox timed out, confusing users
- Disable restart in case of reboot and restore in case of crash
- Improve localization notes
- Page Info window for view-source:http://...onion addresses says Connection Not Encrypted
- Confusing build-id date in about:preferences in alphas
- API-triggered fullscreen after F11 causes letterboxing to crop the page
- Disable profile migration
- Disable the updater for Base Browser
- Disable pagethumbnails capturing
- Some users have difficulty finding the circuit display
- Update "New Circuit" icon
- Improve the UX of the location bar's connection status
- Move the disabling of Firefox Home (Activity Stream) to base-browser
- Skip Drang & Drop filtering for DNS-safe URLs (no hostname, e.g. RFC3966 tel:)
- Improve the UX of the built-in bridges dialog
- Update the iconography used in the status strip in connection settings
- Update connection assist's iconography
- Updating from 12.0.2 to 12.0.3 resets NoScript settings
- Remove --enable-tor-browser-data-outside-app-dir
- Move part of the updater patches to base browser
- Move the 'Bug 11641: Disable remoting by default' commit from base-browser to tor-browser
- Port warning on maximized windows without letterboxing from torbutton
- Tighten up the tor onion alias regular expression
- Reporting an extension does not work
- The connection pill needs to be centered vertically
- sendCommand should not try to send a command forever
- Race condition when opening a new window in New Identity
- Add the external filetype warning to about:downloads
- Update title and button strings in the new circuit display to sentence case
- Stray connectionPane.xhtml patch
- Animate the torconnect icon to transition between connected states
- Add a 'Connected' flag to indicate which built-in bridge option Tor Browser is currently using
- Customize the default CustomizableUI toolbar using CustomizableUI.jsm
- Replace the onion-glyph with dedicated icon for onion services
- Keyboard navigation broken leaving the toolbar tor circuit button
- Avoid re-defining some macros in nsUpdateDriver.cpp
- Network monitor in developer tools shows HTTP onion resources as insecure
- Drag and Drop protection prevents dragging downloads
- Add the external filetype warning to Library / Manage Bookmarks
- Fix handleProcessReady in TorSettings.init
- Bad regex used to extract transport from bridgeline
- Add "Connect" buttons to Request Bridge and Provide Bridge modals
- The top navigation in about:torconnect isn't updated correctly
- Use the new onion-site.svg icon in the onion-location pill

Build System:
- Updated Go to 1.20.5
- Avoid building each go module separately
- Use the latest translations for nightly builds
- Update Ubuntu version from projects/mmdebstrap-image/config to 22.04.1
- Create a script to prepare changelogs
- Update fetch-changelogs.py scripts to support new Build System label
- Find why rlbox hurts reproducibility
- make signtag-* needs to take project name into account
- We should not copy mar tools when the updater is disabled
- Add BSD packager contacts to release prep templates
- Add support for signing multiple browsers in tools/signing/nightly
- Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to use $projectname prefix directory
- Fix var_p/nightly_torbrowser_incremental_from after #40737
- Include the build-id in firefox-l10n output name
- Trim down tor-browser-build release prep issue templates
- Bad UX for the changelogs script when using the issue number
- Define the version flag for all browsers
- Add config for signing base-browser nightly in tools/signing/nightly
- Make var/rezip in projects/firefox/config quiet
- Enable wasm target for rust compiler
- Use http://archive.debian.org/debian-archive/ for jessie
- Rebase mullvad-browser build changes onto main
- Remove url without browser name from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
- Create rebase and security backport gitlab issue templates
- Add base-browser nightly mar signing key
Windows + macOS + Linux
- Provide a way for easily updating Go dependencies of projects
- Use the new tor-browser l10n branch in Firefox
- Create a Go bootstrap project
- Disable all translations with testbuilds in Firefox
- Remove all languages but en-US for privacy-browser build target
- Remove --enable-tor-browser-update and --enable-verify-mar from projects/firefox/mozconfig
- Enable var/updater_enabled for basebrowser nightly
- Update appname_* variables in projects/release/update_responses_config.yml
- Correctly set appname_marfile for basebrowser in tools/signing/nightly/update-responses-base-config.yml
- MAR generation uses (mostly) hard-coded MAR update channel
- Adapt signing scripts to new signing machines
- Move Go dependencies to the projects dependent on them, not as a standalone projects
- Remove Using ansible to set up a nightly build machine from README
- obfs4 is renamed to lyrebird
Windows
- NSIS Installer not reproducible when icon has an alpha channel
- Change projects/browser/windows-installer/torbrowser.nsi to a template file
Windows + macOS + Linux
- Review Bundle-Data and try not to ship the default profile in base browser
- Ship NoScript in the distribution directory also for Windows and Linux
- UpdateInfo jumped into Data
- Check and fix HiDPI issues in the NSIS installer
- Add some metadata also to the Windows installer
- Correct the ExecShell for system-wide installs in the NSIS script
- WebRTC fails to build under mingw
- WebRTC build fix patches incorrectly defining pid_t