[tor-qa] Tor Browser 4.5 is ready for testing

Mike Perry mikeperry at torproject.org
Mon Apr 27 00:59:41 UTC 2015 

We had to do a rebuild over the weekend for two bugs:
 * Bug 15794: Crash on some pages with SVG images if SVG is disabled
 * Bug 15795: Some security slider prefs do not trigger custom checkbox

We also updated HTTPS-Everywhere to 5.0.3.

New builds are at:
https://people.torproject.org/~mikeperry/builds/4.5-build5/

Georg Koppen:
> Hi,
> 
> we are excited to announce the first stable version in the 4.5 series
> being ready for testing. It will be the next alpha as well. Bundles can
> be found on
> 
> https://people.torproject.org/~mikeperry/builds/4.5-build4/
> 
> Compared to 4.5a5 we were able to put another couple of important
> usability fixes into this release. We improved HTTP connection handling,
> the HTTP authentication experience and fixed the TLS connection display,
> to name a few. Moreover, we neutered Blob URIs to a great deal which can
> get used to track users across domains and, finally, brought all Tor
> Browser components up-to-date.
> 
> The complete changelog since 4.5a5 is:
> 
> Tor Browser 4.5 -- Apr 28 2015
>  * All Platforms
>    * Update Tor to 0.2.6.7 with additional patches:
>      * Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is
> used
>    * Update NoScript to 2.6.9.22
>    * Update HTTPS-Everywhere to 5.0.2
>      * Bug 15689: Resume building HTTPS-Everywhere from git tags
>    * Update meek to 0.17
>    * Update obfs4proxy to 0.0.5
>    * Update Tor Launcher to 0.2.7.4
>      * Bug 15704: Do not enable network if wizard is opened
>      * Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
>      * Bug 13576: Don't strip "bridge" from the middle of bridge lines
>      * Bug 15657: Display the host:port of any connection faiures in
> bootstrap
>    * Update Torbutton to 1.9.2.1
>      * Bug 15562: Bind SharedWorkers to thirdparty pref
>      * Bug 15533: Restore default security level when restoring defaults
>      * Bug 15510: Close Tor Circuit UI control port connections on New
> Identity
>      * Bug 15472: Make node text black in circuit status UI
>      * Bug 15502: Wipe blob URIs on New Identity
>      * Bug 14429: Disable automatic window resizing for now
>    * Bug 4100: Raise HTTP Keep-Alive back to 115 second default
>    * Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
>    * Bug 15411: Remove old (and unused) cacheDomain cache isolation
> mechanism
>    * Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS
> connection info display
>    * Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
>    * Bug 15562: Disable Javascript SharedWorkers due to third party tracking
>    * Bug 15757: Disable Mozilla video statistics API extensions
>    * Bug 15758: Disable Device Sensor APIs
>  * Linux
>    * Bug 15747: Improve start-tor-browser argument handling
>    * Bug 15672: Provide desktop app registration+unregistration for Linux
>  * Windows
>    * Bug 15539: Make installer exe signatures reproducibly removable
>    * Bug 10761: Fix instances of shutdown crashes
> 
> Georg
> 



> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa


-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20150426/33a1b57b/attachment.sig>

More information about the tor-qa mailing list