GitLab

at 2025-04-16T15:29:13+00:00

fixup! MB 188: Customize Gitlab Issue and Merge templates

revert

fixup! Adding issue and merge request templates

revert

BB 43615: Add Gitlab Issue and Merge Request templates

fixup! BB 43615: Add Gitlab Issue and Merge Request templates

add new and modify existing shared Tor/Mullvad browser templates

fixup! MB 188: Customize Gitlab Issue and Merge templates

+# 🐞 Bug Report

+<!--

+Use this template to report problems with the browser which are unrelated to

+website functionality (please use the Web Compatibility template for such issues).

+The issue's title MUST provide a succinct description of the problem.

+

+Some good (hypothetical) titles:

+- Browser crashes when visiting example.com in Safer mode

+- Letterboxing appears even when disabled when using tiling window-manager

+- All fonts in browser-chrome have serifs

+

+Please DO NOT include information about platform in the title, it is redundant

+with our labeling system!

+-->

+

+## Reproduction steps

+<!--

+Provide specific steps developers can follow to reproduce your issue.

+-->

+

+## Expected behaviour

+<!--

+Provide a description of the browser feature or scenario which does not appear

+to be working.

+-->

+

+## Actual behaviour

+<!--

+Provide a description of what actually occurs.

+-->

+

+## Bookkeeping

+<!--

+Please provide the following information:

+-->

+

+- Browser version:

+- Browser channel:

+  - [ ] Release

+  - [ ] Alpha

+  - [ ] Nightly

+- Distribution method:

+  - [ ] Installer/archive from mullvad.net

+  - [ ] homebrew

+  - [ ] other (please specify):

+- Operating System:

+  - [ ] Windows

+  - [ ] macOS

+  - [ ] Linux

+  - [ ] Other (please specify):

+- Operating System Version:

+

+### Browser UI language

+<!--

+Found in `about:preferences#general`.

+Feel free to omit this if you like, but sometimes bugs can be language specific so having

+this info may make it easier for developers to reproduce your problem.

+-->

+

+### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones?

+<!--

+If you changed any preference in about:config that aren't exposed in a UI,

+could you try to see if you can reproduce without them? Generally speaking, such

+changes are unsupported and bugs might be closed as invalid.

+-->

+

+### Do you have any extra extensions installed?

+<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc -->

+

+## Troubleshooting

+<!--

+This is optional, but it will help to resolve your problem.

+-->

+

+### Does this bug occur in a fresh installation?

+

+### Is this bug new? If it is a regression, in which version of the browser did this bug first appear?

+<!--

+Archived packages for past versions can be found here:

+- https://archive.torproject.org/tor-package-archive

+-->

+

+### Does this bug occur in the Alpha release channel?

+<!--

+Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel.

+⚠️ However, the Alpha release channel is the development version and as such may be contain

+critical bugs not present in the Stable release channel.

+

+The latest Alpha can be found here:

+- https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Atrue

+-->

+

+### Does this bug occur in Firefox ESR (Desktop only)?

+<!--

+Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely

+also be present in Tor Browser.

+Firefox ESR is available for download here:

+- https://www.mozilla.org/en-US/firefox/all/desktop-esr/

+-->

+

+### Does this bug occur in Firefox Rapid Release?

+<!--

+If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able

+to identify and backport the patch which fixes it.

+

+Firefox Rapid Release is available for download here:

+- https://www.mozilla.org/en-US/firefox/new/

+

+If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix?

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Bug"
+# 💡 Proposal

+<!--

+Use this template to request a feature or propose some change in the browser.

+The issue will likely be edited many times over its life to flesh out the various

+questions, so if you don't know the answers to something, jut leave it blank!

+

+The issue's title MUST provide a succinct description of proposal.

+

+Some good (hypothetical) titles:

+- Remove 'Safer' option from Security Level

+- Bundle uBlock Origin by default

+- Replace NoScript with faith-based JavaScript sand-boxing

+-->

+

+## User Story

+<!--

+Provide a high-level summary of the proposed feature, the problem it solves, and

+what it would allow users to do if implemented. -->

+

+## Security and Privacy Implications

+<!--

+How would this proposal interact with our the browser's threat model?

+Would this feature negatively affect the browser's security or privacy

+guarantees?

+-->

+

+### Security

+<!--

+TODO: Mullvad Browser's threat model is somehow less restrictive than Tor Browser's, but currently undefined

+Outline any security implications this feature would introduce. The browser's

+security requirements can be found in our threat model document here:

+- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#21-security-requirements

+-->

+

+### Privacy

+<!--

+TODO: Mullvad Browser's threat model is somehow less restrictive than Tor Browser's, but currently undefined

+Outline any privacy implications this feature would introduce. The browser's

+privacy requirements can be found in our threat model document here:

+- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#22-privacy-requirements

+-->

+

+## Accessibility Implications

+<!--

+Would this proposal affect or interact with the browser's usability for users

+with accessibility needs (e.g. vision or mobility issues). What problems would need

+to be solved to ensure these users are not left behind?

+-->

+

+## Other Trade-Offs

+<!--

+Beyond the security, privacy and accessibility implications, what other implications

+are there for users?

+-->

+

+## Prior Art

+

+### Does this feature exist in other browsers?

+- [ ] Yes

+    - [ ] Firefox

+    - [ ] Firefox ESR

+    - [ ] Other (please specify)

+- [ ] No

+

+### Does this feature exist as an extension? If yes, which one provides this functionality?

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Proposal"
+# 🌍 Web Compatibility

+<!--

+Use this template to report websites which do not work properly in the browser.

+The issue's title MUST provide a succinct description of the problem.

+

+Some good (hypothetical) titles:

+- Road signs do not render correctly on maps.foo.com

+- Infinite CAPTCHA prompts on bar.nat

+- Cannot login to baz.org

+-->

+

+## URL

+<!-- Provide a link to the website -->

+

+## Expected behaviour

+<!--

+Provide a description of the how the website is supposed to work

+-->

+

+## Actual behaviour

+<!--

+Provide a description of what actually occurs

+-->

+

+## Reproduction steps

+<!--

+Provide specific steps developers can follow to reproduce your issue

+-->

+

+## Bookkeeping

+<!--

+Please provide the following information:

+-->

+

+- Browser version:

+- Browser channel:

+  - [ ] Release

+  - [ ] Alpha

+  - [ ] Nightly

+- Distribution method:

+  - [ ] Installer/archive from mullvad.net

+  - [ ] homebrew

+  - [ ] other (please specify):

+- Operating System:

+  - [ ] Windows

+  - [ ] macOS

+  - [ ] Linux

+  - [ ] Other (please specify):

+- Operating System Version:

+

+### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones?

+<!--

+If you changed any preference in about:config that aren't exposed in a UI,

+could you try to see if you can reproduce without them? Generally speaking, such

+changes are unsupported and bugs might be closed as invalid.

+-->

+

+### Do you have any extra extensions installed?

+<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc -->

+

+## Troubleshooting

+<!--

+This is optional, but it will help to resolve your problem.

+-->

+

+### Does this bug occur in a fresh installation?

+

+### Is this bug new? If it is a regression, in which version of the browser did this bug first appear?

+<!--

+Archived packages for past versions can be found here:

+- https://archive.torproject.org/tor-package-archive

+-->

+

+### Does this bug occur in the Alpha release channel?

+<!--

+Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel.

+⚠️ However, the Alpha release channel is the development version and as such may be contain

+critical bugs not present in the Stable release channel.

+

+The latest Alpha can be found here:

+- https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Atrue

+-->

+

+### Does this bug occur in Firefox ESR (Desktop only)?

+<!--

+Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely

+also be present in Tor Browser.

+Firefox ESR is available for download here:

+- https://www.mozilla.org/en-US/firefox/all/desktop-esr/

+-->

+

+### Does this bug occur in Firefox Rapid Release?

+<!--

+If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able

+to identify and backport the patch which fixes it.

+

+Firefox Rapid Release is available for download here:

+- https://www.mozilla.org/en-US/firefox/new/

+

+If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix?

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::WebCompatibility"
+# 💣 Test

+<!--

+Use this template to track testing of some feature. Please

+try to make the title a good one-liner for the changelogs!

+

+Some good (hypothetical) titles:

+- Add test exercising new circuit button

+- Add tests for verifying built-in bridge connectivity

+- Develop a mock Lox authority for automated testing

+-->

+

+## Description

+<!--

+Provide an overview of the technical/implementation aspects of this

+test work a developer would need to know

+-->

+

+## Scenarios

+<!--

+Provide a list of high-level classes of desired test-cases

+and the expected behaviour of each

+-->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Test"
+# ✨ Feature

+<!--

+Use this template to track implementation of some feature. Please

+try to make the title a good one-liner for the changelogs!

+

+Some good (hypothetical) titles:

+- Bundle AwesomeFont Sans Font

+- Implement new user on-boarding UX

+- Publish Linux aarch64 alpha builds

+-->

+

+## Description

+<!--

+Provide an overview of the technical/implementation aspects of this feature

+-->

+

+## Bookkeeping

+

+### Proposal

+<!-- Add links to associated proposal issues (or delete block) -->

+- mullvad-browser#123

+

+### Design

+<!-- Add links to associated design issues (or delete block) -->

+- tpo/UX/Design#123

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Feature"
+# ⬅️ Backport Patchset

 <!--

-Title:

-    Backport mullvad-browser#123: Title of Issue

-    Backport Bugzilla 1234567: Title of Issue

+This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from

+Mozilla Rapid-Release to Alpha).

-This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from Mozilla Rapid-Release to Alpha)

--->

+please ensure the title has the following format:

+

+- Backport tor-browser#12345: Title of original issue

+- Backport Bugzilla 1234567: Title of original issue

-## Backport Patchset

+-->

-### Book-keeping

+## Bookkeeping

-#### Gitlab Issue(s)

+### Issue(s)

 - tor-browser#12345

 - mullvad-browser#123

 - https://bugzilla.mozilla.org/show_bug.cgi?id=1234567

-#### Merge Request(s)

-- mullvad-browser!123

+### Merge Request(s)

+- tor-browser!123

-#### Target Channels

+### Target Channels

 - [ ] Alpha

 - [ ] Stable

+- [ ] Legacy

-### Notes

+## Notes

 <!-- whatever additional info, context, etc that would be helpful for backporting -->

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::TorBrowser"

 /label ~"Apps::Type::Backport"
+# ⤵️ Rebase Alpha

+

 **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

 <details>

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::Blocker"
+# ⤵️ Rebase Stable

 **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

 <details>

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::Blocker"
+# ⤵️ Rebase Rapid

+

 **NOTE**: All examples in this template reference the rebase from Firefox 129.0a1 to 130.0a1, see the tor-browser `Rebase Browser - Rapid.md` template for further info

 <details>

     ```

   - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 -->

+

+---

+

+/label ~"Apps::Product::MullvadBrowser"

 /label ~"Apps::Type::Rebase"

+/label ~"Apps::Priority::High"
+# 🚨 Emergency Security Issue

+

 **NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.

 ## Information

 ### Related Issue

-- tor-browser#AAAAA

 - mullvad-browser#BBBBB

 - tor-browser-build#CCCCC

 #### Affected Platforms

-- [ ] Android

 - [ ] Desktop

   - [ ] Windows

   - [ ] macOS

 ### Type of Issue: What are we dealing with?

 - [ ] Security (sandbox escape, remote code execution, etc)

-- [ ] Cross-Site Linkability (correlating sessions across websites)

+- [ ] Proxy Bypass (traffic contents becoming MITM'able)

+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)

+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)

 - [ ] Disk Leak (persisting session information to disk)

 - [ ] Other (please explain)

   - [ ] **clairehurst** : Android, macOS

   - [ ] **dan** : Android, macOS

   - [ ] **henry** : accessibility, frontend, localisation

+  - [ ] **jwilde** : windows, firefox internals

   - [ ] **ma1** : firefox internals

   - [ ] **pierov** : updater, fonts, localisation, general

-  - [ ] **richard** : signing, release

+  - [ ] **morgan** : signing, release

   - [ ] **thorin** : fingerprinting

 - [ ] Other Engineering Teams

   - [ ] UX (**donuts**)

   - [ ] TPA (**anarcat**, **lavamind**)

 - [ ] External Tor Partners

-  - [ ] Mozilla (**tjr**)

-  - [ ] Mullvad (**ruihildt**)

+  - [ ] Mozilla

+  - [ ] Mullvad

   - [ ] Other (please list)

 ### Urgency: When do we need to act?

 - [ ] Start an initial email thread with the following people:

   - [ ] **bella**

-  - [ ] **ruihildt**, **support@mullvadvpn.net**

   - [ ] Relevant Applications Developers

   - [ ] **(Optional)** **micah**

     - if there are considerations or asks outside the Applications Team

   - [ ] **(Optional)** **gazebook**

     - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed

+Godspeed! :pray:

+

+<!-- Do not edit beneath this line <3 -->

+

+---

+

 /cc @bella

 /cc @ma1

 /cc @micah

-/cc @richard

+/cc @morgan

 /cc @ruihildt

 /confidential

-Godspeed! :pray:
+/label ~"Apps::Product::MullvadBrowser"

+/label ~"Apps::Type::Bug"

+/label ~"Apps::Priority::Blocker"
+# Open a new Issue

+

+Please select the appropriate issue template from the **Description** drop-down.

+

+---

+

+- 🐞 **Bug Report** - report a problem with the browser

+- 💡 **Proposal** - suggest a new feature

+- 🌐 **Web Compatibility** - report a broken website

+

+*NOTE*: the following issue types are intended for internal use

+

+- 💣 **Test** - develop a test or update testing infrastructure

+- ✨ **Feature** - implement new features

+- ⬅️ **Backport** - cherry-pick change to other release channels

+- ⤵️ **Rebase - Alpha** - rebase alpha to latest Firefox ESR version

+- ⤵️ **Rebase - Stable** - rebase stable to latest Firefox ESR version

+- ⤵️ **Rebase - Rapid** - rebase rapid to latest Firefox Nightly version

+- 🚨 **Emergency Security Issue** - manage fixing and publishing a critical security fix
-Manual QA test check-list for major android releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!

-<details>

-    <summary>Tor Browser Android QA Checklist</summary>

-```markdown

-# System Information

-

-- Version: Tor Browser XXX

-- OS: Android YYY

-- Device + CPU Architecture: ZZZ

-

-# Features

-

-## Base functionality

-- [ ] Tor Browser launches successfully

-- [ ] Connects to the Tor network

-- [ ] Localisation (Browser chrome)

-  - [ ] Check especially the recently added strings

-- [ ] Toolbars and menus work

-- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html

-- [ ] Security level (Standard, Safer, Safest)

-    - **TODO**: test pages verifying correct behaviour

-

-## Proxy safety

-- [ ] Tor exit test: https://check.torproject.org

-- [ ] Circuit isolation

-    - Following websites should all report different IP addresses

-    - https://ifconfig.io

-    - https://myip.wtf

-    - https://wtfismyip.com

-- [ ] DNS leaks: https://dnsleaktest.com

-

-## Connectivity + Anti-Censorship

-- [ ] Bridges:

-    - Bootstrap

-    - Browse: https://check.torproject.org

-    - [ ] Default bridges:

-        - [ ] obfs4

-        - [ ] meek

-        - [ ] snowflake

-    - [ ] User provided bridges:

-        - [ ] obfs4 from https://bridges.torproject.org

-        - [ ] webtunnel from https://bridges.torproject.org

-        - [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/blob/main/client/torrc?ref_type=heads#L6)

-

-## Web Browsing

-- [ ] HTTPS-Only: http://http.badssl.com

-- [ ] .onion:

-    - [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/

-    - [ ] Onion service errors

-        - [ ] invalid onion: http://invalid.onion

-        - [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/

-        - [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/BadSSL-But-Onion

-        - **TODO** all the identity block states

-        - **TODO** client auth

-- [ ] **TODO**: .securedrop.tor.onion

-- [ ] **TODO**: onion-service alt-svc

-- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page

-    - [ ] MPEG4

-    - [ ] WebM

-    - [ ] Ogg

-- [ ] WebSocket Test: https://websocketking.com/

-

-## External Components

-- [ ] NoScript

-  - [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/

-  - [ ] Not removable from about:addons

-  - [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/

-    - **TODO**: fix test pages

-```

-

-</details>
-Manual QA test check-list for major desktop releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!

-

-<details>

-    <summary>Tor Browser Desktop QA Checklist</summary>

-

-```markdown

-# System Information

-

-- Version: Tor Browser XXX

-- OS: Windows|macOS|Linux YYY

-- CPU Architecture:

-- Profile: New|Old

-

-# Features

-

-## Base functionality

-- [ ] Tor Browser launches successfully

-- [ ] Connects to the Tor network

-    - [ ] Homepage loads:

-        - [ ] about:tor

-        - [ ] about:blank

-        - [ ] custom

-- [ ] Tor Browser loads URLs passed by command-line after bootstrapped

-- [ ] Localisation (Browser chrome)

-  - [ ] Language notification/message bar

-  - [ ] Spoof English

-  - [ ] Check especially the recently added strings

-- [ ] UI Customisations:

-    - [ ] New Identity

-        - [ ] Toolbar icon

-        - [ ] Hamburger menu

-        - [ ] File menu

-    - [ ] New circuit for this site

-        - [ ] Circuit display

-        - [ ] Hamburger menu

-        - [ ] File menu

-    - [ ] No Firefox extras (Sync, Pocket, Report broken site, Tracking protection, etc)

-    - [ ] No unified extensions button (puzzle piece)

-    - [ ] NoScript button hidden

-    - [ ] Context Menu Populated

-- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html

-- [ ] Security level (Standard, Safer, Safest)

-    - Displays in:

-        - toolbar icon

-        - toolbar panel

-        - about:preferences#privacy

-    - [ ] On switch, each UI element is updated

-    - [ ] On custom config (toggle `svg.disabled`)

-        - [ ] each UI element displays warning

-        - [ ] `Restore defaults` reverts custom prefs

-    - **TODO**: test pages verifying correct behaviour

-- [ ] New identity

-- [ ] Betterboxing

-    - [ ] Reuse last window size

-    - [ ] Content alignment

-    - [ ] No letterboxing:

-        - [ ]empty tabs or privileged pages (eg: about:blank, about:about)

-        - [ ] full-screen video

-        - [ ] pdf viewer

-        - [ ] reader-mode

-- [ ] Downloads Warning

-    - [ ] Downloads toolbar panel

-    - [ ] about:downloads

-    - [ ] Library window (<kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>o</kbd>)

-- [ ] Drag and Drop protections:

-    - [ ] Dragging a link from a tab to another tab in the same window works

-    - [ ] Dragging a link from a tab to another tab in a separate window works

-    - [ ] Dragging a link into the library creates a bookmark

-    - [ ] Dragging a link from Tor Browser to Firefox doesn't work

-    - [ ] Dragging a link from Firefox to Tor Browser works

-    - [ ] Dragging a link from Tor Browser to another app (e.g., text editor) doesn't work

-    - [ ] Repeat with page favicon

-

-## Proxy safety

-- [ ] Tor exit test: https://check.torproject.org

-- [ ] Circuit isolation

-    - Following websites should all report different IP addresses

-    - https://ifconfig.io

-    - https://myip.wtf

-    - https://wtfismyip.com

-- [ ] DNS leaks: https://dnsleaktest.com

-- [ ] Circuit Display

-    - [ ] Website => circuit

-    - [ ] Remote PDF => circuit

-    - [ ] Remote image => circuit

-    - [ ] .onion Website => circuit with onion-service relays

-    - [ ] .tor.onion Website => circuit with onion-service relays, link to true onion address

-        - http://ft.securedrop.tor.onion

-    - [ ] Website in reader mode => circuit (same as w/o reader mode)

-    - [ ] Local image => no circuit

-    - [ ] Local SVG with remote content => catch-all circuit, but not shown

-    - [ ] Local PDF => no circuit

-    - [ ] Local HTML `file://` with local resources  => no circuit

-    - [ ] Local HTML `file://` with remote resources => catch-all circuit, but not shown

-

-## Connectivity + Anti-Censorship

-- [ ] Tor daemon config by environment variables

-    - https://gitlab.torproject.org/tpo/applications/team/-/wikis/Environment-variables-and-related-preferences

-- [ ] Internet Test ( about:preferences#connection )

-  - [ ] Fails when offline

-  - [ ] Succeeds when online

-- [ ] Bridges:

-    - Bootstrap

-    - Browse: https://check.torproject.org

-    - Bridge node in circuit-display

-    - Bridge cards

-    - Disable

-    - Remove

-    - [ ] Default bridges:

-        - [ ] Removable as a group, not editable

-        - [ ] obfs4

-        - [ ] meek

-        - [ ] snowflake

-    - [ ] User provided bridges:

-        - [ ] Removable and editable individually

-        - [ ] obfs4 from https://bridges.torproject.org

-        - [ ] webtunnel from https://bridges.torproject.org

-        - [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/blob/main/client/torrc?ref_type=heads#L6)

-    - [ ] Request bridges...

-        - [ ] Removable as a group, but not editable

-        - [ ] Succeeds when bootstrapped

-        - [ ] Succeeds when not bootstrapped

-    - **TODO**: Lox

-- [ ] Connect Assist

-    - Useful pref: `torbrowser.debug.censorship_level`

-    - [ ] Auto-bootstrap updates Tor connection settings on success

-    - [ ] Auto-bootstrap restore previous Tor connection settings on failure

-

-## Web Browsing

-- [ ] HTTPS-Only: http://http.badssl.com

-- [ ] Crypto-currency warning on http website

-    - **TODO**: we should provide an example page

-- [ ] .onion:

-    - [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/

-    - [ ] Onion-Location pill

-    - [ ] Client authentication

-        - You can create an ephemeral client-auth onion-service using [onion share](https://onionshare.org)

-        - [ ] Remember key option saves the key between sessions.

-        - [ ] Saved keys are viewable in preferences (privacy).

-          - [ ] Can remove individual keys.

-          - [ ] Can remove all keys at once.

-    - [ ] Onion service errors

-        - [ ] invalid onion: http://invalid.onion

-        - [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/

-        - [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/BadSSL-But-Onion

-        - **TODO** all the identity block states

-        - **TODO** client auth

-- [ ] **TODO**: .securedrop.tor.onion

-- [ ] **TODO**: onion-service alt-svc

-- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page

-    - [ ] MPEG4

-    - [ ] WebM

-    - [ ] Ogg

-- [ ] WebSocket Test: https://websocketking.com/

-

-## External Components

-- [ ] NoScript

-  - [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/

-  - [ ] Not removable from about:addons

-  - [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/

-    - **TODO**: fix test pages

-```

-

-</details>
-<!--

-Title:

-    Uplift tor-browser#12345: Title of Issue

-

-This is an issue for tracking uplift of a patch-set to Firefox

--->

-

-## Uplift Patchset

-

-### Book-keeping

-

-#### Gitlab Issue(s)

-- tor-browser#12345

-- mullvad-browser#123

-

-#### Merge Request(s)

-- tor-browser!123

-

-#### Upstream Mozilla Issue(s):

-- https://bugzilla.mozilla.org/show_bug.cgi?id=12345

-

-### Notes

-

-<!-- whatever additional info, context, etc that would be helpful for uplifting -->

-

-/label ~"Apps::Type::Uplift"
-<!--

-* Use this issue template for reporting a new bug.

--->

-

-### Summary

-**Summarize the bug encountered concisely.**

-

-

-### Steps to reproduce:

-**How one can reproduce the issue - this is very important.**

-

-1. Step 1

-2. Step 2

-3. ...

-

-### What is the current bug behavior?

-**What actually happens.**

-

-

-### What is the expected behavior?

-**What you want to see instead**

-

-

-

-### Environment

-**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**

-**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**

-

-### Relevant logs and/or screenshots

-

-

-/label ~"Apps::Type::Bug"
   - **accessibility** : henry

   - **android** : clairehurst, dan

   - **build system** : boklm

+  - **ci/cd**: brizental, henry

   - **extensions** : ma1

   - **firefox internals (XUL/JS/XPCOM)** : jwilde, ma1

   - **fonts** : pierov

   - **localization** : henry, pierov

   - **macOS** : clairehurst, dan

   - **nightly builds** : boklm

-  - **rebases/release-prep** : dan, ma1, pierov, morgan

+  - **rebases/release-prep** : brizental, clairehurst, dan, ma1, pierov, morgan

   - **security** : jwilde, ma1

   - **signing** : boklm, morgan

   - **updater** : pierov

morgan pushed to branch mullvad-browser-128.9.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser

Commits:

16 changed files:

Changes: