GitLab

at 2025-04-16T15:28:30+00:00

fixup! TB 41649: Create rebase and security backport gitlab issue templates

revert

fixup! Adding issue and merge request templates

revert

BB 43615: Add Gitlab Issue and Merge Request templates

fixup! BB 43615: Add Gitlab Issue and Merge Request templates

add new and modify existing shared Tor/Mullvad browser templates

TB 43616: Customize Gitlab Issue and Merge Request templates

fixup! TB 43616: Customize Gitlab Issue and Merge Request templates

Tor Browser specific updates

+# 🐞 Bug Report

+<!--

+Use this template to report problems with the browser which are unrelated to

+website functionality (please use the Web Compatibility template for such issues).

+The issue's title MUST provide a succinct description of the problem.

+

+Some good (hypothetical) titles:

+- Browser crashes when visiting example.com in Safer mode

+- Letterboxing appears even when disabled when using tiling window-manager

+- All fonts in browser-chrome have serifs

+

+Please DO NOT include information about platform in the title, it is redundant

+with our labeling system!

+-->

+

+## Reproduction steps

+<!--

+Provide specific steps developers can follow to reproduce your issue.

+-->

+

+## Expected behaviour

+<!--

+Provide a description of the browser feature or scenario which does not appear

+to be working.

+-->

+

+## Actual behaviour

+<!--

+Provide a description of what actually occurs.

+-->

+

+## Bookkeeping

+<!--

+Please provide the following information:

+-->

+

+- Browser version:

+- Browser channel:

+  - [ ] Release

+  - [ ] Alpha

+  - [ ] Nightly

+- Distribution method:

+  - [ ] Installer/archive from torproject.org

+  - [ ] tor-browser-launcher

+  - [ ] homebrew

+  - [ ] other (please specify):

+- Operating System:

+  - [ ] Windows

+  - [ ] macOS

+  - [ ] Linux

+  - [ ] Android

+  - [ ] Tails

+  - [ ] Other (please specify):

+- Operating System Version:

+

+### Browser UI language

+<!--

+Found in `about:preferences#general`.

+Feel free to omit this if you like, but sometimes bugs can be language specific so having

+this info may make it easier for developers to reproduce your problem.

+-->

+

+### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones?

+<!--

+If you changed any preference in about:config that aren't exposed in a UI,

+could you try to see if you can reproduce without them? Generally speaking, such

+changes are unsupported and bugs might be closed as invalid.

+-->

+

+### Do you have any extra extensions installed?

+<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc -->

+

+## Troubleshooting

+<!--

+This is optional, but it will help to resolve your problem.

+-->

+

+### Does this bug occur in a fresh installation?

+

+### Is this bug new? If it is a regression, in which version of the browser did this bug first appear?

+<!--

+Archived packages for past versions can be found here:

+- https://archive.torproject.org/tor-package-archive

+-->

+

+### Does this bug occur in the Alpha release channel?

+<!--

+Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel.

+⚠️ However, the Alpha release channel is the development version and as such may be contain

+critical bugs not present in the Stable release channel. Do not test in Alpha if you are an

+at risk user unless you really, actually, truly know what you are doing!

+

+The latest Alpha can be found here:

+- https://www.torproject.org/download/alpha/

+-->

+

+### Does this bug occur in Firefox ESR (Desktop only)?

+<!--

+Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely

+also be present in Tor Browser.

+Firefox ESR is available for download here:

+- https://www.mozilla.org/en-US/firefox/all/desktop-esr/

+-->

+

+### Does this bug occur in Firefox Rapid Release?

+<!--

+If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able

+to identify and backport the patch which fixes it.

+

+Firefox Rapid Release is available for download here:

+- https://www.mozilla.org/en-US/firefox/new/

+

+If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix?

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Bug"
+# 💡 Proposal

+<!--

+Use this template to request a feature or propose some change in the browser.

+The issue will likely be edited many times over its life to flesh out the various

+questions, so if you don't know the answers to something, jut leave it blank!

+

+The issue's title MUST provide a succinct description of proposal.

+

+Some good (hypothetical) titles:

+- Remove 'Safer' option from Security Level

+- Bundle uBlock Origin by default

+- Replace NoScript with faith-based JavaScript sand-boxing

+-->

+

+## User Story

+<!--

+Provide a high-level summary of the proposed feature, the problem it solves, and

+what it would allow users to do if implemented. -->

+

+## Security and Privacy Implications

+<!--

+How would this proposal interact with our the browser's threat model?

+Would this feature negatively affect the browser's security or privacy

+guarantees?

+-->

+

+### Security

+<!--

+Outline any security implications this feature would introduce. The browser's

+security requirements can be found in our threat model document here:

+- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#21-security-requirements

+-->

+

+### Privacy

+<!--

+Outline any privacy implications this feature would introduce. The browser's

+privacy requirements can be found in our threat model document here:

+- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#22-privacy-requirements

+-->

+

+## Accessibility Implications

+<!--

+Would this proposal affect or interact with the browser's usability for users

+with accessibility needs (e.g. vision or mobility issues). What problems would need

+to be solved to ensure these users are not left behind?

+-->

+

+## Other Trade-Offs

+<!--

+Beyond the security, privacy and accessibility implications, what other implications

+are there for users?

+-->

+

+## Prior Art

+

+### Does this feature exist in other browsers?

+- [ ] Yes

+    - [ ] Firefox

+    - [ ] Firefox ESR

+    - [ ] Other (please specify)

+- [ ] No

+

+### Does this feature exist as an extension? If yes, which one provides this functionality?

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Proposal"
+# 🌍 Web Compatibility

+<!--

+Use this template to report websites which do not work properly in the browser.

+The issue's title MUST provide a succinct description of the problem.

+

+Some good (hypothetical) titles:

+- Road signs do not render correctly on maps.foo.com

+- Infinite CAPTCHA prompts on bar.nat

+- Cannot login to baz.org

+-->

+

+## URL

+<!-- Provide a link to the website -->

+

+## Expected behaviour

+<!--

+Provide a description of the how the website is supposed to work

+-->

+

+## Actual behaviour

+<!--

+Provide a description of what actually occurs

+-->

+

+## Reproduction steps

+<!--

+Provide specific steps developers can follow to reproduce your issue

+-->

+

+## Bookkeeping

+<!--

+Please provide the following information:

+-->

+

+- Browser version:

+- Browser channel:

+  - [ ] Release

+  - [ ] Alpha

+  - [ ] Nightly

+- Distribution method:

+  - [ ] Installer/archive from torproject.org

+  - [ ] tor-browser-launcher

+  - [ ] homebrew

+  - [ ] other (please specify):

+- Operating System:

+  - [ ] Windows

+  - [ ] macOS

+  - [ ] Linux

+  - [ ] Android

+  - [ ] Tails

+  - [ ] Other (please specify):

+- Operating System Version:

+

+### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones?

+<!--

+If you changed any preference in about:config that aren't exposed in a UI,

+could you try to see if you can reproduce without them? Generally speaking, such

+changes are unsupported and bugs might be closed as invalid.

+-->

+

+### Do you have any extra extensions installed?

+<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc -->

+

+## Troubleshooting

+<!--

+This is optional, but it will help to resolve your problem.

+-->

+

+### Does this bug occur in a fresh installation?

+

+### Is this bug new? If it is a regression, in which version of the browser did this bug first appear?

+<!--

+Archived packages for past versions can be found here:

+- https://archive.torproject.org/tor-package-archive

+-->

+

+### Does this bug occur in the Alpha release channel?

+<!--

+Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel.

+⚠️ However, the Alpha release channel is the development version and as such may be contain

+critical bugs not present in the Stable release channel. Do not test in Alpha if you are an

+at risk user unless you really, actually, truly know what you are doing!

+

+The latest Alpha can be found here:

+- https://www.torproject.org/download/alpha/

+-->

+

+### Does this bug occur in Firefox ESR (Desktop only)?

+<!--

+Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely

+also be present in Tor Browser.

+Firefox ESR is available for download here:

+- https://www.mozilla.org/en-US/firefox/all/desktop-esr/

+-->

+

+### Does this bug occur in Firefox Rapid Release?

+<!--

+If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able

+to identify and backport the patch which fixes it.

+

+Firefox Rapid Release is available for download here:

+- https://www.mozilla.org/en-US/firefox/new/

+

+If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix?

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::WebCompatibility"
+# 💣 Test

+<!--

+Use this template to track testing of some feature. Please

+try to make the title a good one-liner for the changelogs!

+

+Some good (hypothetical) titles:

+- Add test exercising new circuit button

+- Add tests for verifying built-in bridge connectivity

+- Develop a mock Lox authority for automated testing

+-->

+

+## Description

+<!--

+Provide an overview of the technical/implementation aspects of this

+test work a developer would need to know

+-->

+

+## Scenarios

+<!--

+Provide a list of high-level classes of desired test-cases

+and the expected behaviour of each

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Test"
+# ✨ Feature

+<!--

+Use this template to track implementation of some feature. Please

+try to make the title a good one-liner for the changelogs!

+

+Some good (hypothetical) titles:

+- Bundle AwesomeFont Sans Font

+- Implement new user on-boarding UX

+- Publish Linux aarch64 alpha builds

+-->

+

+## Description

+<!--

+Provide an overview of the technical/implementation aspects of this feature

+-->

+

+## Bookkeeping

+

+### Proposal

+<!-- Add links to associated proposal issues (or delete block) -->

+- tor-browser#12345

+

+### Design

+<!-- Add links to associated design issues (or delete block) -->

+- tpo/UX/Design#123

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Feature"
+# ⬅️ Backport Patchset

 <!--

-Title:

-    Backport tor-browser#12345: Title of Issue

-    Backport Bugzilla 1234567: Title of Issue

+This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from

+Mozilla Rapid-Release to Alpha).

-This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from Mozilla Rapid-Release to Alpha)

--->

+please ensure the title has the following format:

+

+- Backport tor-browser#12345: Title of original issue

+- Backport Bugzilla 1234567: Title of original issue

-## Backport Patchset

+-->

-### Book-keeping

+## Bookkeeping

-#### Issue(s)

+### Issue(s)

 - tor-browser#12345

 - mullvad-browser#123

 - https://bugzilla.mozilla.org/show_bug.cgi?id=1234567

-#### Merge Request(s)

+### Merge Request(s)

 - tor-browser!123

-#### Target Channels

+### Target Channels

 - [ ] Alpha

 - [ ] Stable

 - [ ] Legacy

-### Notes

+## Notes

 <!-- whatever additional info, context, etc that would be helpful for backporting -->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Backport"
+# ⤵️ Rebase Alpha

+

 **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

 <details>

     - [ ] Update `firefox_platform_version`

     - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds)

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::Blocker"
+# ⤵️ Rebase Stable

+

 **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

 <details>

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::Blocker"
+# ⤵️ Rebase Legacy

+

 **NOTE:** All examples in this template reference the rebase from 115.17.0esr to 115.18.0esr

 <details>

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::Blocker"
+# ⤵️ Rebase Rapid

+

 - **NOTE**: All examples in this template reference the rebase from Firefox 129.0a1 to 130.0a1

 - **TODO**:

   - Documentation step for any difficulties or noteworthy things for each rapid rebase

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::High"
+# ⬆️ **Uplift**

 <!--

 Title:

     Uplift tor-browser#12345: Title of Issue

 This is an issue for tracking uplift of a patch-set to Firefox

 -->

-## Uplift Patchset

+## Book-keeping

-### Book-keeping

-

-#### Gitlab Issue(s)

+### Gitlab Issue(s)

 - tor-browser#12345

 - mullvad-browser#123

-#### Merge Request(s)

+### Merge Request(s)

 - tor-browser!123

-#### Upstream Mozilla Issue(s):

+### Upstream Mozilla Issue(s):

 - https://bugzilla.mozilla.org/show_bug.cgi?id=12345

-### Notes

+## Notes

+<!--

+Whatever additional info, context, etc that would be helpful for uplifting -->

+

+<!-- Do not edit beneath this line <3 -->

-<!-- whatever additional info, context, etc that would be helpful for uplifting -->

+---

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Uplift"
+# 🛡️ **Security Backports**

+

 <details>

   <summary>Explanation of Variables</summary>

 **NOTE:** It is assumed the `tor-browser` rebases (stable and alpha) have already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)

-### **Bookkeeping**

+## **Bookkeeping**

-- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Apps%3A%3AType%3A%3AReleasePreparation) issues (stable and alpha).

+- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Apps%3A%3AType%3A%3AReleasePreparation) issues (alpha, stable, and legacy).

-### **Security Vulnerabilities Report**: https://www.mozilla.org/en-US/security/advisories/

+## **Security Vulnerabilities Report**: https://www.mozilla.org/en-US/security/advisories/

 - Potentially Affected Components:

   - `firefox`/`geckoview`: https://github.com/mozilla/gecko-dev

-  - `application-services`: https://github.com/mozilla/application-services

-  - `android-components` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android

-  - `fenix` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android

-  - `firefox-android`: https://github.com/mozilla-mobile/firefox-android

-

-**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos until we have transitioned to ESR 115.

 - [ ] Go through the `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` report and create a candidate list of CVEs which potentially need to be backported in this issue:

   - CVEs which are explicitly labeled as 'Android' only

     - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.

     - **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.

-### CVEs

+## CVEs

 <!-- CVE Resolution Template, foreach CVE to investigate add an entry in the form:

 - [ ] https://www.mozilla.org/en-US/security/advisories/mfsaYYYY-NN/#CVE-YYYY-XXXXX // CVE description

   - https://bugzilla.mozilla.org/show_bug.cgi?id=NNNNNN // Bugzilla issue

   - **Note**: Any relevant info about this fix, justification for why it is not necessary, etc

   - **Patches**

-    - firefox-android: https://link.to/relevant/patch

     - firefox: https://link.to/relevant/patch

  -->

-### **tor-browser**: https://gitlab.torproject.org/tpo/applications/tor-browser.git

+## **tor-browser**: https://gitlab.torproject.org/tpo/applications/tor-browser.git

 - [ ] Backport any Android-specific security fixes from Firefox rapid-release

   - [ ] Backport patches to `tor-browser` stable branch

   - [ ] Open MR

   - [ ] Merge

-  - [ ] Rebase patches onto:

+  - [ ] cherry-pick patches onto:

     - [ ] `base-browser` stable

+    - [ ] `mullvad-browser` stable

     - [ ] `tor-browser` alpha

     - [ ] `base-browser` alpha

+    - [ ] `mullvad-browser` alpha

   - [ ] Sign/Tag commits:

-    - **Tag**: `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`

-    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`

+    - In **tor-browser-build.git**, run signing script:

+      ```bash

+      ./tools/browser/sign-tag.${PROJECT_NAME} ${CHANNEL} ${BUILD_N}

+      ```

     - [ ] `base-browser` stable

     - [ ] `tor-browser` stable

+    - [ ] `mullvad-browser` stable

     - [ ] `base-browser` alpha

     - [ ] `tor-browser` alpha

-  - [ ] Push tags to `upstream`

-- **OR**

-- [ ] No backports

+    - [ ] `mullvad-browser` alpha

-### **application-services**: https://gitlab.torproject.org/tpo/applications/application-services

-- **NOTE**: we will need to setup a gitlab copy of this repo and update `tor-browser-build` before we can apply security backports here

-- [ ] Backport any Android-specific security fixes from Firefox rapid-release

-  - [ ] Backport patches to `application-services` stable branch

-  - [ ] Open MR

-  - [ ] Merge

-  - [ ] Rebase patches onto `application-services` alpha

-  - [ ] Sign/Tag commits:

-    - **Tag**: `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`

-    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha`

-    - [ ] `application-services` stable

-    - [ ] `application-services` alpha

   - [ ] Push tags to `upstream`

 - **OR**

 - [ ] No backports

+<!-- Do not edit beneath this line <3 -->

-### **android-components (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/android-components.git

-- [ ] Backport any Android-specific security fixes from Firefox rapid-release

-  - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.

-  - [ ] Backport patches to `android-components` stable branch

-  - [ ] Open MR

-  - [ ] Merge

-  - [ ] Rebase patches onto `android-components` alpha

-  - [ ] Sign/Tag commits:

-    - **Tag**: `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`

-    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`

-    - [ ] `android-components` stable

-    - [ ] `android-components` alpha

-  - [ ] Push tags to `upstream`

-- **OR**

-- [ ] No backports

-

-

-### **fenix (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/fenix.git

-- [ ] Backport any Android-specific security fixes from Firefox rapid-release

-  - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.

-  - [ ] Backport patches to `fenix` stable branch

-  - [ ] Open MR

-  - [ ] Merge

-  - [ ] Rebase patches onto `fenix` alpha

-  - [ ] Sign/Tag commits:

-    - **Tag**: `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`

-    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`

-    - [ ] `fenix` stable

-    - [ ] `fenix` alpha

-  - [ ] Push tags to `upstream`

-- **OR**

-- [ ] No backports

-

-### **firefox-android**: https://gitlab.torproject.org/tpo/applications/firefox-android

-- [ ] Backport any Android-specific security fixes from Firefox rapid-release

-  - [ ] Backport patches to `firefox-android` stable branch

-  - [ ] Open MR

-  - [ ] Merge

-  - [ ] Rebase patches onto `fenix` alpha

-  - [ ] Sign/Tag commits:

-    - **Tag**: `firefox-android-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`

-    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`

-    - [ ] `firefox-android` stable

-    - [ ] `firefox-android` alpha

-  - [ ] Push tags to `upstream`

-- **OR**

-- [ ] No backports

+---

 /confidential

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Backport"

+/label ~"Apps::Priority::Blocker"
+# 🚨 Emergency Security Issue

+

 **NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.

 ## Information

   - [ ] **clairehurst** : Android, macOS

   - [ ] **dan** : Android, macOS

   - [ ] **henry** : accessibility, frontend, localisation

+  - [ ] **jwilde** : windows, firefox internals

   - [ ] **ma1** : firefox internals

   - [ ] **pierov** : updater, fonts, localisation, general

-  - [ ] **richard** : signing, release

+  - [ ] **morgan** : signing, release

   - [ ] **thorin** : fingerprinting

 - [ ] Other Engineering Teams

   - [ ] Networking (**ahf**, **dgoulet**)

   - [ ] **(Optional)** **gazebook**

     - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed

+Godspeed! :pray:

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

 /cc @bella

 /cc @ma1

 /cc @micah

-/cc @richard

+/cc @morgan

 /confidential

-Godspeed! :pray:
+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Bug"

+/label ~"Apps::Priority::Blocker"
+# ✅ Release QA - Desktop

+

 Manual QA test check-list for major desktop releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!

 <details>

     <summary>Tor Browser Desktop QA Checklist</summary>

-```markdown

+```

 # System Information

 - Version: Tor Browser XXX

   - [ ] Language notification/message bar

   - [ ] Spoof English

   - [ ] Check especially the recently added strings

+  - [ ] New Locales

+    - [ ] Bulgarian, Belarusian, Portuguese (PT)

 - [ ] UI Customisations:

     - [ ] New Identity

         - [ ] Toolbar icon

 - [ ] Betterboxing

     - [ ] Reuse last window size

     - [ ] Content alignment

+    - [ ] Window size indicator on window resize

     - [ ] No letterboxing:

-        - [ ]empty tabs or privileged pages (eg: about:blank, about:about)

+        - [ ] empty tabs or privileged pages (eg: about:blank, about:about)

         - [ ] full-screen video

         - [ ] pdf viewer

         - [ ] reader-mode

 ## Connectivity + Anti-Censorship

 - [ ] Tor daemon config by environment variables

     - https://gitlab.torproject.org/tpo/applications/team/-/wikis/Environment-variables-and-related-preferences

-- [ ] Internet Test ( about:preferences#connection )

-  - [ ] Fails when offline

+- [ ] Internet Test ( bootstrap, also visible in about:preferences#connection )

+  - [ ] Fails when offline (Goes to offline about:neterror)

+    - **NOTE**: platform dependent, expected that Linux will just try to bootstrap forever

   - [ ] Succeeds when online

 - [ ] Bridges:

     - Bootstrap

         - [ ] Succeeds when not bootstrapped

     - **TODO**: Lox

 - [ ] Connect Assist

-    - Useful pref: `torbrowser.debug.censorship_level`

+    - Useful pref: `torbrowser.debug.censorship_level` (0-5; least to most censored)

+    - [ ] Connect Automatically checkbox triggers bootstrapping after one successful bootstrap attempt

     - [ ] Auto-bootstrap updates Tor connection settings on success

     - [ ] Auto-bootstrap restore previous Tor connection settings on failure

         - **TODO** client auth

 - [ ] **TODO**: .securedrop.tor.onion

 - [ ] **TODO**: onion-service alt-svc

-- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page

-    - [ ] MPEG4

-    - [ ] WebM

-    - [ ] Ogg

+- [ ] HTML5 Video: https://onion-tests.pierov.org/video.html

+    - [ ] H264

+    - [ ] VP9

+    - [ ] VP8

+    - [ ] AV1

+    - [ ] Theora

+    - [ ] MPEG4 + mp3: only audio should work

+    - [ ] HEVC + AAC: should not work

 - [ ] WebSocket Test: https://websocketking.com/

 ## External Components

   - [ ] Not removable from about:addons

   - [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/

     - **TODO**: fix test pages

+

+## Tor Settings (about:preferences#connection)

+- [ ] Proxy

+  - [ ] Bad Proxy Address Reports Error; e.g. any bad bad proxy address/port/etc

+   - [ ] On initial failure gives error modal

+   - [ ] On browser restart, will also give an error if provided a bad setting

+  - [ ] Good Proxy Works

+    - [ ] SOCKS5

+- [ ] Bridge

+  - [ ] Bad Bridge Fails with error modal; eg: `0:0`

+  - [ ] Modifying Bridges *during* bootstrap should cancel bootstrap

+- [ ] Firewall

+  - [ ] UI shouldn't accept bad ports (e.g. invalid port numbers, non-numbers, etc)

+- [ ] Each individual setting type has it's own validation (i.e. not all or nothing anymore)

+

 ```

 </details>

+

+Please lay claim to a platform in the comments:

+

+- Windows

+  - Windows 10, Windows 11

+  - x86

+  - x86_64

+- macOS

+  - 10.15, 15.x

+  - x86_64

+  - aarch64

+- Linux

+  - x86

+  - x86_64

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Test"

+/label ~"Apps::Priority::Blocker"
+# ✅ Release QA - Android

+

 Manual QA test check-list for major android releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!

+

 <details>

     <summary>Tor Browser Android QA Checklist</summary>

-```markdown

+

+```

 # System Information

 - Version: Tor Browser XXX

 - [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html

 - [ ] Security level (Standard, Safer, Safest)

     - **TODO**: test pages verifying correct behaviour

+- [ ] Bookmarks: for now ensure adding/removing/etc work as expected and doesn't busy-spin

+

+### Localisation

+- [ ] New Locales

+  - [ ] Bulgarian, Belarusian, Portuguese (PT)

 ## Proxy safety

 - [ ] Tor exit test: https://check.torproject.org

 - [ ] DNS leaks: https://dnsleaktest.com

 ## Connectivity + Anti-Censorship

+- [ ] Internet Test (try connect assist while actually offline)

+  - [ ] We expect this to fail but we should see what it actually does

 - [ ] Bridges:

     - Bootstrap

     - Browse: https://check.torproject.org

         - [ ] obfs4 from https://bridges.torproject.org

         - [ ] webtunnel from https://bridges.torproject.org

         - [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/blob/main/client/torrc?ref_type=heads#L6)

+- [ ] Connect Assist

+    - Useful pref: `torbrowser.debug.censorship_level` (0-5; least to most censored)

+    - [ ] Connect Automatically checkbox triggers bootstrapping after one successful bootstrap attempt

+    - [ ] Auto-bootstrap updates Tor connection settings on success

+    - [ ] Auto-bootstrap restore previous Tor connection settings on failure

 ## Web Browsing

 - [ ] HTTPS-Only: http://http.badssl.com

         - **TODO** client auth

 - [ ] **TODO**: .securedrop.tor.onion

 - [ ] **TODO**: onion-service alt-svc

-- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page

-    - [ ] MPEG4

-    - [ ] WebM

-    - [ ] Ogg

+- [ ] HTML5 Video: https://onion-tests.pierov.org/video.html

+    - [ ] H264

+    - [ ] VP9

+    - [ ] VP8

+    - [ ] AV1

+    - [ ] Theora

+    - [ ] MPEG4 + mp3: only audio should work

+    - [ ] HEVC + AAC: should not work

 - [ ] WebSocket Test: https://websocketking.com/

 ## External Components

 ```

 </details>

+

+Please lay claim to an architecture in the comments:

+

+Architectures:

+- x86

+- x86_64

+- arm32

+- aarch64

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Test"

+/label ~"Apps::Priority::Blocker"
+# 📋 Bugzilla Triage

+

+**NOTE** This issue presumes the branches and tags for the next Firefox release have already been created in tor-browser.git

+

+- [ ] Generate Bugzilla triage CSV

+  - Run (from `tor-browser-build` root):

+  ```bash

+    ./tools/browser/generate-bugzilla-triage-csv ${FIREFOX_VERSION} ${PREVIOUS_NIGHTLY_TAG} ${NEXT_NIGHLTY_TAG} ${TRIAGE_ISSUE_NUMBER} ${REVIEWERS} > out.csv

+  ```

+  - `${FIREFOX_VERSION}`: the major Firefox version of the nightly to review

+    - **Example**: 129

+  - `${PREVIOUS_NIGHTLY_TAG}`: the nightly 'end' tag of the previous major Firefox version

+    - **Example**: `FIREFOX_NIGHTLY_128_END`

+  - `${NEXT_NIGHLTY_TAG}`: the nightly 'end' tag of the next major Firefox version we are reviewing

+    - **Example**: `FIREFOX_NIGHTLY_129_END`

+  - `${TRIAGE_ISSUE_NUMBER}`: this `tor-browser` issue

+    - **Example**: `43303`

+  - `${REVIEWERS}`: `morgan` and two additional devs to triage this Firefox version

+    - `boklm`

+    - `brizental`

+    - `clairehurst`

+    - `dan`

+    - `henry`

+    - `jwilde`

+    - `ma1`

+    - `pierov`

+  - **Example**:

+    ```bash

+    ./tools/browser/generate-bugzilla-triage-csv 129 FIREFOX_NIGHTLY_128_END FIREFOX_NIGHTLY_129_END 43303 morgan pierov henry > 129.csv

+    ```

+- [ ] Attach the generated CSV file to the triage isssue

+- [ ] Import to Google Sheets ( https://sheets.google.com )

+  - [ ] Create blank spreadsheet

+  - [ ] **Title**: `Bugzilla Triage ${VERSION}`

+  - [ ] Import CSV: File > Import > Upload

+    - **Import location**: "Replace spreadsheet"

+    - **Separator type**: "Comma"

+    - **Convert text to numbers, dates, and fomulas**: "✅"

+  - [ ] Convert 'Review' column's issue cells to check-boxes:

+    - Select relevant cells (i.e.: `A2:A1554` for in the 129 triage)

+    - Insert > Checkbox

+  - [ ] Convert 'Triaged by' cells to check-boxes

+  - [ ] Share Spreadsheet

+    - 🔒 Share > General access

+      - Change `Restricted` to `Anyone with the link`

+    - Post link in an internal note on this issue

+- [ ] Page requested reviewers to this issue

+- [ ] Triage Completed by:

+  - [ ] morgan

+  - [ ] reviewer 1 <!-- replace with reviewer name :) -->

+  - [ ] reviewer 2 <!-- replace with reviewer name :) -->

+

+/label ~"esr-140"

+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Audit"

+/label ~"Apps::Priority::Blocker"
+# 🔍 Bugzilla Audit

 <!--

 Title:

     Review Mozilla <bugzilla-num>: <bugzilla-description>

 **Bugzilla**: https://bugzilla.mozilla.org/show_bug.cgi?id=

-<!-- briefly describe why this issue needs further review -->

+## Description

+<!-- Briefly describe why this issue needs further review -->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

 <!-- Make sure the "esr-" label is the correct version: -->

 /label ~"esr-140"

-

-/label ~"Bugzilla Review" ~"Apps::Type::Audit"
+/label ~"Apps::Product::TorBrowser"

+/label ~"Apps::Type::Audit"

+/label ~"Apps::Priority::Blocker"
-  # Bugzilla Triage

-

-  **NOTE** This issue presumes the branches and tags for the next Firefox release have already been created in tor-browser.git

-

-  - [ ] Generate Bugzilla triage CSV

-    - Run (from `tor-browser-build` root):

-    ```bash

-      ./tools/browser/generate-bugzilla-triage-csv ${FIREFOX_VERSION} ${PREVIOUS_NIGHTLY_TAG} ${NEXT_NIGHLTY_TAG} ${TRIAGE_ISSUE_NUMBER} ${REVIEWERS} > out.csv

-    ```

-    - `${FIREFOX_VERSION}`: the major Firefox version of the nightly to review

-      - **Example**: 129

-    - `${PREVIOUS_NIGHTLY_TAG}`: the nightly 'end' tag of the previous major Firefox version

-      - **Example**: `FIREFOX_NIGHTLY_128_END`

-    - `${NEXT_NIGHLTY_TAG}`: the nightly 'end' tag of the next major Firefox version we are reviewing

-      - **Example**: `FIREFOX_NIGHTLY_129_END`

-    - `${TRIAGE_ISSUE_NUMBER}`: this `tor-browser` issue

-      - **Example**: `43303`

-    - `${REVIEWERS}`: `morgan` and two additional devs to triage this Firefox version

-      - `boklm`

-      - `brizental`

-      - `clairehurst`

-      - `dan`

-      - `henry`

-      - `jwilde`

-      - `ma1`

-      - `pierov`

-    - **Example**:

-      ```bash

-      ./tools/browser/generate-bugzilla-triage-csv 129 FIREFOX_NIGHTLY_128_END FIREFOX_NIGHTLY_129_END 43303 morgan pierov henry > 129.csv

-      ```

-  - [ ] Attach the generated CSV file to the triage isssue

-  - [ ] Import to Google Sheets ( https://sheets.google.com )

-    - [ ] Create blank spreadsheet

-    - [ ] **Title**: `Bugzilla Triage ${VERSION}`

-    - [ ] Import CSV: File > Import > Upload

-      - **Import location**: "Replace spreadsheet"

-      - **Separator type**: "Comma"

-      - **Convert text to numbers, dates, and fomulas**: "✅"

-    - [ ] Convert 'Review' column's issue cells to check-boxes:

-      - Select relevant cells (i.e.: `A2:A1554` for in the 129 triage)

-      - Insert > Checkbox

-    - [ ] Convert 'Triaged by' cells to check-boxes

-    - [ ] Share Spreadsheet

-      - 🔒 Share > General access

-        - Change `Restricted` to `Anyone with the link`

-      - Post link in an internal note on this issue

-  - [ ] Page requested reviewers to this issue

-  - [ ] Triage Completed by:

-    - [ ] morgan

-    - [ ] reviewer 1 <!-- replace with reviewer name :) -->

-    - [ ] reviewer 2 <!-- replace with reviewer name :) -->
+# Open a new Issue

+

+Please select the appropriate issue template from the **Description** drop-down.

+

+---

+

+- 🐞 **Bug Report** - report a problem with the browser

+- 💡 **Proposal** - suggest a new feature

+- 🌐 **Web Compatibility** - report a broken website

+

+*NOTE*: the following issue types are intended for internal use

+

+- 💣 **Test** - develop a test or update testing infrastructure

+- ✨ **Feature** - implement new features

+- ⬅️ **Backport** - cherry-pick change to other release channels

+- ⤵️ **Rebase - Alpha** - rebase alpha to latest Firefox ESR version

+- ⤵️ **Rebase - Stable** - rebase stable to latest Firefox ESR version

+- ⤵️ **Rebase - Legacy** - rebase legacy to latest Firefox ESR 115 version

+- ⤵️ **Rebase - Rapid** - rebase rapid to latest Firefox Nightly version

+- ⬆️ **Uplift** - uplift change to upstream project

+- 🛡️ **Security Backports** - cherry-pick security fixes from Firefox

+- 🚨 **Emergency Security Issue** - manage fixing and publishing a critical security fix

+- ✅ **Release QA - Desktop** - test and verify functionality of our Desktop release

+- ✅ **Release QA - Android** - test and verify functionality of our Android release

+- 📋 **Bugzilla Triage** - identify upstream Firefox issues which need to be audited

+- 🔍 **Bugzilla Audit** - determine if/how an upstream change affects the browser
-<!--

-* Use this issue template for reporting a new bug.

--->

-

-### Summary

-**Summarize the bug encountered concisely.**

-

-

-### Steps to reproduce:

-**How one can reproduce the issue - this is very important.**

-

-1. Step 1

-2. Step 2

-3. ...

-

-### What is the current bug behavior?

-**What actually happens.**

-

-

-### What is the expected behavior?

-**What you want to see instead**

-

-

-

-### Environment

-**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**

-**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**

-

-### Relevant logs and/or screenshots

-

-

-/label ~"Apps::Type::Bug"
   - **accessibility** : henry

   - **android** : clairehurst, dan

   - **build system** : boklm

+  - **ci/cd**: brizental, henry

   - **extensions** : ma1

   - **firefox internals (XUL/JS/XPCOM)** : jwilde, ma1

   - **fonts** : pierov

   - **localization** : henry, pierov

   - **macOS** : clairehurst, dan

   - **nightly builds** : boklm

-  - **rebases/release-prep** : dan, ma1, pierov, morgan

+  - **rebases/release-prep** : brizental, clairehurst, dan, ma1, pierov, morgan

   - **security** : jwilde, ma1

   - **signing** : boklm, morgan

   - **updater** : pierov

-## Merge Info

-

-<!-- Bookkeeping information for release management -->

-

-### Rebase Issue

-- tor-browser#xxxxx

-- mullvad-browser#xxxxx

-

-### Release Prep Issue

-- tor-browser-build#xxxxx

-

-### Issue Tracking

-- [ ] Link rebase issue with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Apps%3A%3AType%3A%3AReleasePreparation&first_page_size=20) for changelog generation

-

-### Review

-

-#### Request Reviewer

-

-- [ ] Request review from a release engineer: boklm, dan, ma1, morgan, pierov

-

-#### Change Description

-

-<!-- Any interesting notes about the rebase and an overview of what the reviewer should expect from the diff of diffs and range-diff -->

morgan pushed to branch tor-browser-128.9.0esr-14.5-1 at The Tor Project / Applications / Tor Browser

Commits:

22 changed files:

Changes: