GitLab

at 2025-10-21T16:37:49+00:00

Bug 41596,41597: Prepare Tor, Mullvad Browser 15.0

+Mullvad Browser 15.0 - October 28

+ * All Platforms

+   * Updated Firefox to 140.4.0esr

+   * Updated NoScript to 13.2.2

+   * Bug 451: The restart to apply button doesn't work [mullvad-browser]

+   * Bug 463: Fix typo in MimeType entry in .desktop file included in deb/rpm package (application/xhtml_xml instead of application/xhtml+xml) [mullvad-browser]

+   * Bug 468: Drop the Metager search engine [mullvad-browser]

+   * Bug 478: Update to the Mullvad Browser extension to 0.9.5 [mullvad-browser]

+   * Bug 19741: Opensearch (contextual search) does not obey FPI [tor-browser]

+   * Bug 42738: Tidy up the commit structure for browser updates UI [tor-browser]

+   * Bug 43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target [tor-browser]

+   * Bug 43093: Refactor the patch to disable LaterRun [tor-browser]

+   * Bug 43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream [tor-browser]

+   * Bug 43525: Check if our search engine customization still works after ESR 140 transition [tor-browser]

+   * Bug 43590: Move letterboxing rules out of browser/base/content/browser.css [tor-browser]

+   * Bug 43610: Use newer CSS variable names for ESR 140 [tor-browser]

+   * Bug 43629: All migrations in migrateUIBB are run for new profiles [tor-browser]

+   * Bug 43638: Fix up our `<command>` elements [tor-browser]

+   * Bug 43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog [tor-browser]

+   * Bug 43728: Update search engine icon sizes [tor-browser]

+   * Bug 43745: Disable HEVC (H265) playback support [tor-browser]

+   * Bug 43749: Replace the newtab component and addon with our home page [tor-browser]

+   * Bug 43770: Bugzilla 1958070: More BrowserGlue simplification/splitting [tor-browser]

+   * Bug 43772: Do not use official branding for BB/TB/MB [tor-browser]

+   * Bug 43776: Set branding files for l10n merging [tor-browser]

+   * Bug 43795: Restore the URL classifier XPCOM components. [tor-browser]

+   * Bug 43844: Security level shield icon should be flipped for RTL locales [tor-browser]

+   * Bug 43850: Modify the Contrast Control settings for RFP [tor-browser]

+   * Bug 43864: Remove features from the unified search button [tor-browser]

+   * Bug 43869: Hide pens with RFP [tor-browser]

+   * Bug 43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 [tor-browser]

+   * Bug 43886: Fix new tab for ESR 140 [tor-browser]

+   * Bug 43900: Open newtab rather than firefoxview when unloading the last tab [tor-browser]

+   * Bug 43902: Hide Sidebar buttons [tor-browser]

+   * Bug 43903: Report broken site is disabled rather than hidden [tor-browser]

+   * Bug 43905: base-browser.ftl missing from about:addons [tor-browser]

+   * Bug 43906: Extension.sys.mjs change in the wrong commit [tor-browser]

+   * Bug 43913: Context menu not properly populated [tor-browser]

+   * Bug 43947: Console error from ContentBlockingPrefs.init [tor-browser]

+   * Bug 43966: Notify the user when they are in a custom security level (desktop) [tor-browser]

+   * Bug 43989: Switch off AI chatbot preference [tor-browser]

+   * Bug 44030: Security Level selector does not get confirmation before restarting [tor-browser]

+   * Bug 44034: Update string used for checkbox on New Identity confirmation dialog [tor-browser]

+   * Bug 44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons [tor-browser]

+   * Bug 44045: Drop AI and machine learning components [tor-browser]

+   * Bug 44090: Several of our XUL pages cause a crash because of missing CSP [tor-browser]

+   * Bug 44106: Make sure background tasks are not used for shutdown cleanup [tor-browser]

+   * Bug 44107: Switch tab search action is missing an icon [tor-browser]

+   * Bug 44108: Fix the new history sidebar [tor-browser]

+   * Bug 44123: Do not trim protocol off of URLs ever [tor-browser]

+   * Bug 44125: Do not offer to save signatures by default in Private Browsing Mode [tor-browser]

+   * Bug 44140: Refactored patch to prevent writing temp PDF files to disk [tor-browser]

+   * Bug 44141: Hide "Report broken site" items by default  [tor-browser]

+   * Bug 44142: Missing document_pdf.svg from our branding directories [tor-browser]

+   * Bug 44153: Test search engine customization [tor-browser]

+   * Bug 44159: Change or hide the sidebar settings description [tor-browser]

+   * Bug 44177: Remove more urlbar actions [tor-browser]

+   * Bug 44178: Search preservation does not work with duckduckgo in safest security level [tor-browser]

+   * Bug 44187: TLS session tickets leak Private Browsing mode [tor-browser]

+   * Bug 44213: Reduce linkability concerns of the "Search with" contextual search action [tor-browser]

+   * Bug 44214: Update letterboxing to reflect changes in ESR 140 [tor-browser]

+   * Bug 44215: Hide Firefox home settings in about:preferences [tor-browser]

+   * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser]

+   * Bug 44234: No images in PDF [tor-browser]

+   * Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser]

+   * Bug 44262: Disable adding search engines from HTML forms [tor-browser]

+   * Bug 44279: Disable contextual search install prompt [tor-browser]

+ * Windows

+   * Bug 440: Make abseil use win32 thread model on mingw [mullvad-browser]

+   * Bug 44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list [tor-browser]

+   * Bug 44062: Force touch enabled on Windows and Android [tor-browser]

+ * Linux

+   * Bug 43950: Review Mozilla 1894818: Support HEVC playback on Linux [tor-browser]

+   * Bug 43959: Make Noto Color Emoji the default emoji font on Linux [tor-browser]

+   * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser]

+   * Bug 41586: Replace Noto CJK with Jigmo on Linux [tor-browser-build]

+ * Build System

+   * All Platforms

+     * Bug 43891: Update the translation CI to use the new mozilla versions [tor-browser]

+     * Bug 44067: Move --enable-geckodriver only to Linux-only mozconfigs [tor-browser]

+     * Bug 44103: git's export-subst is a reproducibility problem [tor-browser]

+     * Bug 44104: Don't run linter when there are no overall changes [tor-browser]

+     * Bug 26408: Make MAR signature checks clearer when creating incremental MAR files [tor-browser-build]

+     * Bug 34434: Remove unused variables from rbm.conf [tor-browser-build]

+     * Bug 40697: Delete repackage_browser.sh [tor-browser-build]

+     * Bug 40698: Update locale in tbb_version.json [tor-browser-build]

+     * Bug 40994: Add support in do-all-signing to sign release for some archs only [tor-browser-build]

+     * Bug 41064: Update tools/signing/README and add a tools/signing/machines-setup/README [tor-browser-build]

+     * Bug 41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils [tor-browser-build]

+     * Bug 41373: Remove `_ALL` from mar filenames [tor-browser-build]

+     * Bug 41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser [tor-browser-build]

+     * Bug 41448: Update toolchains for Firefox ESR 140 [tor-browser-build]

+     * Bug 41452: Skip update-responses xml files for versions which don't have incrementals [tor-browser-build]

+     * Bug 41457: Set mar IDs as env variables in tor-browser-build [tor-browser-build]

+     * Bug 41459: Update taskcluster/ci paths in README and comments [tor-browser-build]

+     * Bug 41465: Disable development artifacts generation by default, keep it enabled for nightly builds [tor-browser-build]

+     * Bug 41478: Add vim and others missing basic tools to base container image [tor-browser-build]

+     * Bug 41496: Clean up unused projects [tor-browser-build]

+     * Bug 41501: cargo_vendor generated archive maintains timestamps [tor-browser-build]

+     * Bug 41517: Add morgan's key to the setup account on the signing machine [tor-browser-build]

+     * Bug 41534: Copy geckodriver only for Linux x86-64 [tor-browser-build]

+     * Bug 41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 [tor-browser-build]

+     * Bug 41568: Update instructions for manually building 7zip [tor-browser-build]

+     * Bug 41579: Add zip to the list of Tor Browser Build dependencies [tor-browser-build]

+     * Bug 40084: Always use bash for the debug terminal [rbm]

+     * Bug 40087: Downloaded files getting stricter permissions than expected [rbm]

+   * Windows

+     * Bug 44167: Move the nsis-uninstall.patch to tor-browser repository [tor-browser]

+   * macOS

+     * Bug 41503: Error 403 when downloading macOS SDK [tor-browser-build]

+     * Bug 41527: Update libdmg-hfsplus and enable LZMA compression on dmgs [tor-browser-build]

+     * Bug 41538: Bump macOS SDK to 15.5 [tor-browser-build]

+     * Bug 41571: Work-around to prevent older 7z versions to break rcodesign. [tor-browser-build]

+   * Linux

+     * Bug 41458: Ship geckodriver only on Linux [tor-browser-build]

+     * Bug 41488: Disable sys/random.h for Node.js [tor-browser-build]

+     * Bug 41558: Share descriptions between Linux packages and archives [tor-browser-build]

+     * Bug 41561: Ship Noto Color Emoji on Linux [tor-browser-build]

+     * Bug 41569: Use var/display_name in .desktop files [tor-browser-build]

+

 Mullvad Browser 15.0a4 - October 16 2025

  * All Platforms

    * Updated Firefox to 140.4.0esr

    * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser]

    * Bug 44234: No images in PDF [tor-browser]

    * Bug 44240: Typo on dom.security.https_first_add_exception_on_failure [tor-browser]

-   * Bug 44242: Hand over Security Level's WebAssembly controls  to NoScript [tor-browser]

+   * Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser]

    * Bug 44262: Disable adding search engines from HTML forms [tor-browser]

  * Linux

    * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser]

+Tor Browser 15.0 - October 28 2025

+ * All Platforms

+   * Updated NoScript to 13.2.2

+   * Updated Lyrebird to 0.6.2

+   * Bug 19741: Opensearch (contextual search) does not obey FPI [tor-browser]

+   * Bug 43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target [tor-browser]

+   * Bug 43093: Refactor the patch to disable LaterRun [tor-browser]

+   * Bug 43727: Update moz-toggle customisation for ESR 140 [tor-browser]

+   * Bug 43745: Disable HEVC (H265) playback support [tor-browser]

+   * Bug 43772: Do not use official branding for BB/TB/MB [tor-browser]

+   * Bug 43784: Get confirmation from NoScript that settings are applied [tor-browser]

+   * Bug 43832: Drop eslint-env [tor-browser]

+   * Bug 43850: Modify the Contrast Control settings for RFP [tor-browser]

+   * Bug 43853: DomainFrontedRequests: setData is no longer a function [tor-browser]

+   * Bug 43864: Remove features from the unified search button [tor-browser]

+   * Bug 43869: Hide pens with RFP [tor-browser]

+   * Bug 43880: Update moat's domain front url [tor-browser]

+   * Bug 44045: Drop AI and machine learning components [tor-browser]

+   * Bug 44068: Handle migration from meek-azure to meek built-in bridge type [tor-browser]

+   * Bug 44069: Update `meek-azure` related strings to `meek` [tor-browser]

+   * Bug 44140: Refactored patch to prevent writing temp PDF files to disk [tor-browser]

+   * Bug 44234: No images in PDF [tor-browser]

+   * Bug 41429: Add a note about user safety to Tor Browser Alpha blog posts [tor-browser-build]

+   * Bug 41442: Update our audit CSVs to use the new Audit template [tor-browser-build]

+   * Bug 41502: Application services build is failing on isNetworkAllowed() [tor-browser-build]

+ * Windows + macOS + Linux

+   * Updated Firefox to 140.4.0esr

+   * Bug 42025: Purple elements (e.g. Tor buttons) need dark theme variants [tor-browser]

+   * Bug 42738: Tidy up the commit structure for browser updates UI [tor-browser]

+   * Bug 43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream [tor-browser]

+   * Bug 43519: Replace tor-loading.png with SVG [tor-browser]

+   * Bug 43525: Check if our search engine customization still works after ESR 140 transition [tor-browser]

+   * Bug 43590: Move letterboxing rules out of browser/base/content/browser.css [tor-browser]

+   * Bug 43610: Use newer CSS variable names for ESR 140 [tor-browser]

+   * Bug 43629: All migrations in migrateUIBB are run for new profiles [tor-browser]

+   * Bug 43636: Tor exiting during startup with "connect automatically" leads to "Try a bridge" page [tor-browser]

+   * Bug 43638: Fix up our `<command>` elements [tor-browser]

+   * Bug 43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog [tor-browser]

+   * Bug 43728: Update search engine icon sizes [tor-browser]

+   * Bug 43765: Temporarily disable Lox [tor-browser]

+   * Bug 43766: Only save the relevant TorSettings changes to preferences. [tor-browser]

+   * Bug 43770: Bugzilla 1958070: More BrowserGlue simplification/splitting [tor-browser]

+   * Bug 43776: Set branding files for l10n merging [tor-browser]

+   * Bug 43795: Restore the URL classifier XPCOM components. [tor-browser]

+   * Bug 43817: Write e2e test for verifying if the browser is connected to the Tor network [tor-browser]

+   * Bug 43844: Security level shield icon should be flipped for RTL locales [tor-browser]

+   * Bug 43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 [tor-browser]

+   * Bug 43879: tor-branding.css declarations are overwritten [tor-browser]

+   * Bug 43886: Fix new tab for ESR 140 [tor-browser]

+   * Bug 43900: Open newtab rather than firefoxview when unloading the last tab [tor-browser]

+   * Bug 43901: Modify about:license for Tor Browser and drop about:rights [tor-browser]

+   * Bug 43902: Hide Sidebar buttons [tor-browser]

+   * Bug 43903: Report broken site is disabled rather than hidden [tor-browser]

+   * Bug 43905: base-browser.ftl missing from about:addons [tor-browser]

+   * Bug 43906: Extension.sys.mjs change in the wrong commit [tor-browser]

+   * Bug 43913: Context menu not properly populated [tor-browser]

+   * Bug 43929: two about:tor pages opened after update [tor-browser]

+   * Bug 43930: Onionize toggle not centre aligned in about:tor [tor-browser]

+   * Bug 43947: Console error from ContentBlockingPrefs.init [tor-browser]

+   * Bug 43966: Notify the user when they are in a custom security level (desktop) [tor-browser]

+   * Bug 43989: Switch off AI chatbot preference [tor-browser]

+   * Bug 44030: Security Level selector does not get confirmation before restarting [tor-browser]

+   * Bug 44034: Update string used for checkbox on New Identity confirmation dialog [tor-browser]

+   * Bug 44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons [tor-browser]

+   * Bug 44090: Several of our XUL pages cause a crash because of missing CSP [tor-browser]

+   * Bug 44095: Rename connectionPane.xhtml and remove it from the jar [tor-browser]

+   * Bug 44101: Toolbar connection status is not visible when using vertical tabs [tor-browser]

+   * Bug 44106: Make sure background tasks are not used for shutdown cleanup [tor-browser]

+   * Bug 44107: Switch tab search action is missing an icon [tor-browser]

+   * Bug 44108: Fix the new history sidebar [tor-browser]

+   * Bug 44115: Make remove all bridges dialog use a destructive red button [tor-browser]

+   * Bug 44123: Do not trim protocol off of URLs ever [tor-browser]

+   * Bug 44125: Do not offer to save signatures by default in Private Browsing Mode [tor-browser]

+   * Bug 44141: Hide "Report broken site" items by default [tor-browser]

+   * Bug 44142: Missing document_pdf.svg from our branding directories [tor-browser]

+   * Bug 44145: Switch onion connection icons to use --icon-color-critical and --icon-color [tor-browser]

+   * Bug 44153: Test search engine customization [tor-browser]

+   * Bug 44159: Change or hide the sidebar settings description [tor-browser]

+   * Bug 44177: Remove more urlbar actions [tor-browser]

+   * Bug 44178: Search preservation does not work with duckduckgo in safest security level [tor-browser]

+   * Bug 44180: Clear YEC 2024 preference [tor-browser]

+   * Bug 44184: Duckduckgo Onion Lite search does not work properly in safest when added as a search engine [tor-browser]

+   * Bug 44187: TLS session tickets leak Private Browsing mode [tor-browser]

+   * Bug 44192: Hovering unloaded tab causes console error [tor-browser]

+   * Bug 44213: Reduce linkability concerns of the "Search with" contextual search action [tor-browser]

+   * Bug 44214: Update letterboxing to reflect changes in ESR 140 [tor-browser]

+   * Bug 44215: Hide Firefox home settings in about:preferences [tor-browser]

+   * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser]

+   * Bug 44239: DDG HTML page and search results displayed incorrectly with Safest security setting [tor-browser]

+   * Bug 44262: Disable adding search engines from HTML forms [tor-browser]

+   * Bug 44279: Disable contextual search install prompt [tor-browser]

+ * Windows + Android

+   * Bug 44062: Force touch enabled on Windows and Android [tor-browser]

+ * Windows

+   * Bug 44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list [tor-browser]

+ * macOS

+   * Bug 44127: Do not show macOS Privacy hint on network error pages [tor-browser]

+ * Linux

+   * Bug 43950: Review Mozilla 1894818: Support HEVC playback on Linux [tor-browser]

+   * Bug 43959: Make Noto Color Emoji the default emoji font on Linux [tor-browser]

+   * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser]

+   * Bug 41586: Replace Noto CJK with Jigmo on Linux [tor-browser-build]

+ * Android

+   * Updated GeckoView to 140.4.0esr

+   * Bug 43179: Make persistent 'private tabs' notification distinct from Firefox's [tor-browser]

+   * Bug 43401: Replace the constructor of Locale with a builder [tor-browser]

+   * Bug 43577: Flush settings fails on Android [tor-browser]

+   * Bug 43643: Clean out unused tor connect strings [tor-browser]

+   * Bug 43650: Survey banner behaves like a dialog on Android, rather than a card [tor-browser]

+   * Bug 43676: Preemptively disable unified trust panel by default so we are tracking for next ESR [tor-browser]

+   * Bug 43699: Dummy "about:" pages are not cleared from recently closed tabs (and possibly elsewhere) because they are normal tabs, not private tabs. [tor-browser]

+   * Bug 43755: Restore functionality of "switch to tab" urlbar suggestion [tor-browser]

+   * Bug 43826: Review Mozilla 1960122: Use `MOZ_BUILD_DATE` in Fenix build configuration [tor-browser]

+   * Bug 43855: brand.properties merging on Android is broken in 140 [tor-browser]

+   * Bug 43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP [tor-browser]

+   * Bug 44021: Android settings page colors are sometimes messed up (seems to be on the first launch) [tor-browser]

+   * Bug 44029: Search/url bar doesn't work on android after ESR 140 [tor-browser]

+   * Bug 44036: Crash on opening "Search Settings" on android [tor-browser]

+   * Bug 44042: Debug crash when opening settings too quickly after launching app [tor-browser]

+   * Bug 44047: Tor Browser's home doesn't have the background at the first load on Android [tor-browser]

+   * Bug 44080: Further remove "Analytics data collection and usage" [tor-browser]

+   * Bug 44083: "snowflake" is lower case on Android [tor-browser]

+   * Bug 44098: Bookmarks offer a way to go to sync in 15.0a1 [tor-browser]

+   * Bug 44133: Hide the "Allow in private browsing" checkboxes from WebExtension management UI [tor-browser]

+   * Bug 44139: Restore the (inactive) YouTube and Reddit search plugins on Android [tor-browser]

+   * Bug 44172: Fix crash in TorAndroidIntegration.handleMessage() [tor-browser]

+   * Bug 44237: Revoke access to all advertising ids available in Android [tor-browser]

+   * Bug 41494: Update GeckoView build scripts for ESR140 [tor-browser-build]

+ * Build System

+   * All Platforms

+     * Bug 43615: Add Gitlab Issue and Merge request templates [tor-browser]

+     * Bug 43616: Customize Gitlab Issue and Merge templates [tor-browser]

+     * Bug 43891: Update the translation CI to use the new mozilla versions [tor-browser]

+     * Bug 43954: Update tb-dev to handle lightweight tags [tor-browser]

+     * Bug 43962: update tb-dev auto-fixup for git 2.50 [tor-browser]

+     * Bug 44061: "Contributing" link is broken [tor-browser]

+     * Bug 44067: Move --enable-geckodriver only to Linux-only mozconfigs [tor-browser]

+     * Bug 44103: git's export-subst is a reproducibility problem [tor-browser]

+     * Bug 44104: Don't run linter when there are no overall changes [tor-browser]

+     * Bug 26408: Make MAR signature checks clearer when creating incremental MAR files [tor-browser-build]

+     * Bug 34434: Remove unused variables from rbm.conf [tor-browser-build]

+     * Bug 40551: Drop go reproducibility patches [tor-browser-build]

+     * Bug 40697: Delete repackage_browser.sh [tor-browser-build]

+     * Bug 40698: Update locale in tbb_version.json [tor-browser-build]

+     * Bug 41064: Update tools/signing/README and add a tools/signing/machines-setup/README [tor-browser-build]

+     * Bug 41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils [tor-browser-build]

+     * Bug 41434: Go updates shouldn't target all platforms until macOS is on legacy in the changelogs [tor-browser-build]

+     * Bug 41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser [tor-browser-build]

+     * Bug 41448: Update toolchains for Firefox ESR 140 [tor-browser-build]

+     * Bug 41459: Update taskcluster/ci paths in README and comments [tor-browser-build]

+     * Bug 41465: Disable development artifacts generation by default, keep it enabled for nightly builds [tor-browser-build]

+     * Bug 41474: update README to explain moat-settings project requires `jq` to be installed [tor-browser-build]

+     * Bug 41478: Add vim and others missing basic tools to base container image [tor-browser-build]

+     * Bug 41486: Track bundletool and osslicenses-plugin versions in list_toolchain_updates_checks [tor-browser-build]

+     * Bug 41496: Clean up unused projects [tor-browser-build]

+     * Bug 41501: cargo_vendor generated archive maintains timestamps [tor-browser-build]

+     * Bug 41514: Remove var/build_go_lib from projects/go/config [tor-browser-build]

+     * Bug 41532: Rename meek-azure to meek in pt_config.json [tor-browser-build]

+     * Bug 41534: Copy geckodriver only for Linux x86-64 [tor-browser-build]

+     * Bug 41537: Add script to count mar downloads from web logs [tor-browser-build]

+     * Bug 41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 [tor-browser-build]

+     * Bug 41568: Update instructions for manually building 7zip [tor-browser-build]

+     * Bug 41576: Build expert bundles outside containers [tor-browser-build]

+     * Bug 41579: Add zip to the list of Tor Browser Build dependencies [tor-browser-build]

+     * Bug 41594: Remove version from tor-expert-bundle and tor-expert-bundle-aar filenames [tor-browser-build]

+     * Bug 41600: update lyrebird version to v0.6.2 [tor-browser-build]

+     * Bug 41602: Update tools/changelog-format-blog-post [tor-browser-build]

+     * Bug 40084: Always use bash for the debug terminal [rbm]

+     * Bug 40087: Downloaded files getting stricter permissions than expected [rbm]

+   * Windows + macOS + Linux

+     * Bug 44131: Generate torrc-defaults and put it in objdir post-build [tor-browser]

+     * Bug 41373: Remove `_ALL` from mar filenames [tor-browser-build]

+     * Bug 41457: Set mar IDs as env variables in tor-browser-build [tor-browser-build]

+     * Bug 41604: Keep update-responses files from previous release [tor-browser-build]

+   * Windows + Linux + Android

+     * Updated Go to 1.24.9

+   * Windows

+     * Bug 44167: Move the nsis-uninstall.patch to tor-browser repository [tor-browser]

+   * macOS

+     * Bug 41503: Error 403 when downloading macOS SDK [tor-browser-build]

+     * Bug 41527: Update libdmg-hfsplus and enable LZMA compression on dmgs [tor-browser-build]

+     * Bug 41538: Bump macOS SDK to 15.5 [tor-browser-build]

+     * Bug 41571: Work-around to prevent older 7z versions to break rcodesign. [tor-browser-build]

+   * Linux

+     * Bug 41458: Ship geckodriver only on Linux [tor-browser-build]

+     * Bug 41488: Disable sys/random.h for Node.js [tor-browser-build]

+     * Bug 41558: Share descriptions between Linux packages and archives [tor-browser-build]

+     * Bug 41561: Ship Noto Color Emoji on Linux [tor-browser-build]

+     * Bug 41569: Use var/display_name in .desktop files [tor-browser-build]

+   * Android

+     * Bug 43984: Update android build scripts and docs for ESR 140 [tor-browser]

+     * Bug 43987: 140 Android is not reproducible [tor-browser]

+     * Bug 44078: Modify ./autopublish-settings.gradle for building a-s and glean with uniffi-bindgen no-op [tor-browser]

+     * Bug 44220: Disable the JS minifier as it produces invalid JS [tor-browser]

+     * Bug 41453: Update application-services and uniffi-rs for ESR140 [tor-browser-build]

+     * Bug 41467: Remove list_toolchain_updates-firefox-android from Makefile [tor-browser-build]

+     * Bug 41483: geckoview_example-withGeckoBinaries-....apk doesn't exist anymore in Firefox 140 [tor-browser-build]

+     * Bug 41484: Create a fork of application-services [tor-browser-build]

+     * Bug 41500: Optimize tor and its dependencies for size on Android [tor-browser-build]

+     * Bug 41506: Use appilcation-services branch for nightlies builds [tor-browser-build]

+     * Bug 41507: Single-arch build fails because artifacts don't have arch subdirectories [tor-browser-build]

+     * Bug 41523: Use custom built Glean package on Android [tor-browser-build]

+     * Bug 41548: Hide tor's symbols on Android and add other linker options to save space [tor-browser-build]

+     * Bug 41577: Minify JS with UglifyJS on Android x86 [tor-browser-build]

+     * Bug 41583: Align tor and PTs to 16kB on Android [tor-browser-build]

+     * Bug 41605: Ignore incrementals if we're not building desktop [tor-browser-build]

+

 Tor Browser 15.0a4 - October 16 2025

  * All Platforms

    * Updated NoScript to 13.2.1

     enable: '[% ! c("var/android") %]'

   - filename: dmg-root

     enable: '[% ! c("var/android") %]'

-  - URL: https://addons.mozilla.org/firefox/downloads/file/4593796/noscript-13.2.1.xpi

+  - URL: https://addons.mozilla.org/firefox/downloads/file/4597669/noscript-13.2.2.xpi

     name: noscript

-    sha256sum: 190297f3d1e55db0c65f9bc00460bea9b753939d428ea593d6cef27fde1ce69a

+    sha256sum: f5ae80f2858057a3c8ebbafc12269659003f937e1cd781e05c01cc668e025c70

   - URL: https://addons.mozilla.org/firefox/downloads/file/4578681/ublock_origin-1.66.4.xpi

     name: ublock-origin

     sha256sum: bc62cd930601212f1568964389352bbd4b1808466f2c9ac1198c754338077fb0

   browser_series: '15.0'

   browser_rebase: 1

   browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]'

-  browser_build: 2

+  browser_build: 4

   copyright_year: '[% exec("git show -s --format=%ci " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }).remove("-.*") %]'

   nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]'

   gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser

       updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/'

       mar_id_prefix: 'mullvadbrowser-mullvad'

       nightly_updates_publish_dir_prefix: mullvadbrowser-

+      browser_build: 3

   linux-x86_64:

     var:

   browser_series: '15.0'

   browser_rebase: 1

   browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]'

-  browser_build: 2

+  browser_build: 4

   gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser

   git_commit: '[% exec("git rev-parse " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }) %]'

   deps:

 # vim: filetype=yaml sw=2

 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]'

-version: 0.4.9.3-alpha

+version: 0.4.8.19

 git_hash: 'tor-[% c("version") %]'

 git_url: https://gitlab.torproject.org/tpo/core/tor.git

 git_submodule: 1

 steps:

   base-browser:

     base-browser: '[% INCLUDE build %]'

-    git_hash: dff70d135408cfc24931c170efa91fbaded19914

+    git_hash: cdd3da6308bb3beb916744057af92331025053bb

     targets:

       nightly:

         git_hash: 'base-browser'

   tor-browser:

     tor-browser: '[% INCLUDE build %]'

-    git_hash: ca310e42296a7085ea59fc323592f3dc702123ac

+    git_hash: 3395fe5bdb7556490e31d3c6804e6240278bc708

     targets:

       nightly:

         git_hash: 'tor-browser'

     fenix: '[% INCLUDE build %]'

     # We need to bump the commit before releasing but just pointing to a branch

     # might cause too much rebuidling of the Firefox part.

-    git_hash: 0efa38c746df88feeb4daa7150e394e87e6d4d18

+    git_hash: 807271d57878187b08fbd004276a3eea624421e6

     compress_tar: 'zst'

     targets:

       nightly:

   git_signtag_opt: '-s'

 var:

-  torbrowser_version: '15.0a4'

+  torbrowser_version: '15.0'

   torbrowser_build: 'build1'

   # This should be the date of when the build is started. For the build

   # to be reproducible, browser_release_date should always be in the past.

-  browser_release_date: '2025/10/15 18:00:00'

+  browser_release_date: '2025/10/20 17:00:00'

   browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]'

-  browser_default_channel: alpha

+  browser_default_channel: release

   browser_platforms:

     android-armv7: '[% c("var/browser_platforms/is_android_release") %]'

     android-x86: '[% c("var/browser_platforms/is_android_release") %]'

   updater_enabled: 1

   build_mar: 1

   torbrowser_incremental_from:

-    - 15.0a3

-    - 15.0a2

-    - 15.0a1

+    - 14.5.8

+    - 14.5.7

+    - 14.5.6

   mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]'

-#  torbrowser_legacy_version: 13.5.22

-#  torbrowser_legacy_platform_version: 115.28.0

+  torbrowser_legacy_version: 13.5.23

+  torbrowser_legacy_platform_version: 115.29.0

   # By default, we sort the list of installed packages. This allows sharing

   # containers with identical list of packages, even if they are not listed

morgan pushed to branch maint-15.0 at The Tor Project / Applications / tor-browser-build

Commits:

8 changed files:

Changes: