@wolfbeast wolfbeast released this Nov 13, 2018 · 17 commits to master since this release

Assets 2

This is a major development and bugfix release.

Changes/fixes:

  • Fixed a major performance issue with web workers.
  • Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
  • Fixed a performance/timer issue when leaving the browser idle.
  • Fixed an issue causing an empty dialog when launching executable files from the browser.
  • Fixed an issue preventing making entries to disallow sites to store data for off-line use.
  • Removed code to prevent extensions with binary components.
  • Fixed an issue with common dialogs being sized incorrectly for their content.
  • Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
  • Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
  • Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
  • Re-enabled the use and parsing of ICC v4 color profiles.
  • Removed telemetry code from the caching subsystem.
  • Improved full-screen detection for suppressing status messages.
  • Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
  • Cleaned up some internal installer code.
  • Fixed making caret width configurable when dealing with CJK characters (regression).
  • Fixed drawing of table borders consistently when zooming a page (regression).
  • Exposed the "Save download location per site" pref in about:config.
  • Improved media handling (ongoing).
  • Added experimental support for AV1 in WebM videos (disabled by default).
    Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
  • Removed the (defunct and incomplete) in-browser translation code.
  • Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
  • Fixed notification settings menu entry (opes about:permissions with relevant data now).
  • Fixed the launching of an undesirable background content process for capturing page thumbnails.
  • Fixed a focus issue in the bookmark properties dialog.
  • Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
  • Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
  • Updated the default reported Firefox version in Firefox Compatibility Mode to prevent "too old Firefox" complaints on websites.
  • Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
    Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

@wolfbeast wolfbeast released this Nov 13, 2018 · 18 commits to master since this release

Assets 2

Fixed an issue that prevented the browser from starting properly on some systems after the most recent update.

@wolfbeast wolfbeast released this Nov 4, 2018 · 30 commits to master since this release

Assets 2

This is a development and security release.

  • Removed more telemetry code from the platform.
  • Updated libnestegg from upstream.
  • Updated ffvpx library from upstream.
  • Web dev: Make all arguments to init*Event() optional except the first.
  • Ported all applicable security fixes from Gecko/63 and intermediate point releases.
  • Fixed an issue in session storage scripting that might prematurely throw an error and interrupt session restore.
  • Resolved an issue with long menus not scrolling if a submenu was open.
  • Cleaned up and updated some installer code.
  • Made caret width normal/thick behind CJK char configurable.
  • Fixed an issue with table border scaling at various zoom levels.
  • Updated handling of multimedia (on-going).
  • Fixed a corner case behavioral issue when an Outlook-sourced mail message is dropped to the browser.
  • Removed the unfinished and disabled in-browser translation code.
  • Updated the Reader View components.
  • Added experimental AV1 support for WebM videos (disabled by default).
    Note: This is limited to WebM videos only at the moment, so it will not yet work on MP4 videos or MSE streaming (e.g. YouTube).
  • Fixed an issue with CSS grid element sizing.
  • Updated sidebar conext menu behavior to be more in line with other browsers.
  • Fixed an issue where a separate content process could be launched despite e10s being disabled.
  • Disabled the reporting of CSS errors to the console by default to improve general performance.

@wolfbeast wolfbeast released this Nov 4, 2018 · 233 commits to master since this release

Assets 2

This is a development and security release.

  • Added support for local-ref URLs in SVG USE elements.
  • Reinstated part of the searchplugin API that was removed by Mozilla, improving compatibility with search-engine modifying extensions.
  • Improved compiler compatibility with GCC 8.
  • Ported all applicable security patches from Gecko/62.
  • Fixed wrong SVG sizes with non-integer values for viewBox width/height.
  • Fixed a performance regression when many workers are in use simultaneously.
  • Improved browser session restore speed by skipping unnecessary notifications.
  • Fixed a crash with http authentication.
  • Fixed a performance issue caused by rapid-fire timers due to value overflow.
  • Fixed an issue with launching executable files not working.
  • Fixed an issue where sites allowed to store offline data could not be removed from the permission list.
  • Fixed an issue with common dialog boxes having incorrect sizes for their content.
  • Fixed a regression: ICC v4 color profiles would not be honored.
  • Remove the blocking of binary components in extensions.
  • Added a preference to enable (experimental!) asynchronous panning and zooming on desktop.
  • Fixed a potential crash when using SOCKS.
  • Fixed a potential privacy issue in non-standard environments. (CVE-2017-7797)
  • Fixed a memory leak when using SHA256 crypto.

@wolfbeast wolfbeast released this Sep 20, 2018 · 255 commits to Pale_Moon-release since this release

Assets 2

This major update is focused on performance, security and some regression and bug fixes.

Changes/fixes:

  • Updated NSS to 3.38, removed TLS 1.3 draft version check since it's considered final.
  • Reinstated RC4 as an optional encryption cypher for non-standard environments (e.g. old routing/peripheral networked hardware on LAN). RC4 and 3DES are marked weak and disabled, and will never be used in the first handshake with a site, only as last-ditch fallback when specifically enabled (meaning they won't show up on ssllabs' test, for example).
  • Removed Telemetry accumulation calls, automatic timers and stopwatches. This removes a very noticeable performance sink for all operations on all platforms.
  • Fixed many occurrences of discouraged types of memory access for primarily GCC 8 compatibility. This improves overall code security as a defense-in-depth measure.
  • Re-implemented the pref-controlled custom background color for standalone images.
  • Updated session history handling for internal pages. about:logopage is no longer stored in history, and you can choose to store the QuickDial page in history by setting the pref browser.newtabpage.add_to_session_history to true. This is disabled by default (meaning you can't use the "Back" button to go back to the QuickDial page) as a defense-in-depth security measure.
  • Added ui.menu.allow_content_scroll to control whether content can be scrolled if a context menu is open.
  • Fixed incorrect code removal in ipc.
  • Removed support for TLS session caches in TLSServerSocket.
  • Added support for local-ref as SVG xlink:href values.
  • Changed the find bar to be a browser-global toolbar again (like in Pale Moon 27) instead of per-tab. For people who prefer search terms to be saved on a per-tab basis (like with the per-tab findbar previously), this is possible by setting findbar.termPerTab to true. This resolves a number of issues, including styling with lightweight themes not applying to the find bar, and status pop-ups overlapping the find bar.
  • Ported all relevant security fixes from Mozilla's Gecko/62 release, including CVE-2018-12377 and CVE-2018-12379.
  • Restored part of the searchplugin API that was removed by Mozilla, so extensions can provide and save edits to installed search engines.
  • Improved the speed of restoring browsing sessions upon startup.
  • Fixed the "Restore previous session" button sometimes being missing from about:home, while a restorable session would be present.
  • Fixed tab previews in the Windows taskbar (if enabled).
  • Fixed the setting of the new tab page being "My Home Page" so it'll pick up subsequent changes to the home page URL automatically.
  • Removed the Firefox Accounts migrator from Sync.
  • Fixed an issue with the enabled state of number controls if appearances changed.
  • Stopped building ffvpx on 32-bit platforms (except windows) to use the (faster) system-installed lib instead.
  • Re-added a horizontal scroll action option for mouse wheel. (regression)
  • Fixed handling of content language if the locale is changed.
  • Fixed document navigation with the F6 key.
  • Fixed toolbar styling in toolkit themes.
  • Fixed viewing the source of a selection.

@wolfbeast wolfbeast released this Sep 13, 2018 · 333 commits to master since this release

Assets 2

This is a development release.

  • Added new DataTransfer constructor (spec compliance).
  • Aligned CSS layout flex grid with latest spec.
  • Made the MP4 reader less sensitive to corrupt data.
  • Improved media handling (ongoing).
  • Updated NSPR/NSS and enabled the use of latest draft TLS 1.3.
  • Changed the way network/cert errors are handled and displayed.
  • Fixed an ANGLE rendering issue (WebGL2 crash fix).
  • Added support for sbgp and sgpd boxes in EME.
  • Fixed "sticky" menus in High Contrast themes.
  • Updated zlib to 1.2.11.
  • Enabled Direct3D9 accelerated layers as a fallback if Direct3D11 can't be used.
  • Tuned the network stack for efficiency.
  • Fixed a number of performance issues with the browser.
  • Improved Mac OS X theming (unreleased).
  • Improved compatibility with GCC 8.
  • Reinstated RC4 and 3DES as weak cyphers as an option to enable use in non-standard environments (not enabled for the web by default).
  • Removed most telemetry calling code from C++ and the JS TelemetryStopwatch. This prevents most data gathering and improves performance.
  • Added an option (browser.newtabpage.add_to_session_history) to decide whether to store "about:newtab" in the session history for workflows of people wanting to use the back button to return to the QuickDial page.
  • Added an option (ui.menu.allow_content_scroll) to override the OS convention to prevent scrolling of content when contextual menus are open.
  • Added a horizontal scroll action option for mouse wheel.

@wolfbeast wolfbeast released this Sep 13, 2018 · 437 commits to master since this release

Assets 2

This is a bugfix point release to address serious performance bottlenecks and general run-time issues (UI slowness, crashes, hangs) with the browser. Once again this impacted 32-bit operating systems more severely than 64-bit ones due to its more limited address space that would get flooded with bogus data.

Changes/fixes:

  • Backed out a Mozilla upstream patch causing issues with IPC and texture allocation for the compositor.
  • Backed out a Mozilla upstream patch causing issues with Javascript memory buffer allocation.

@wolfbeast wolfbeast released this Aug 16, 2018 · 437 commits to master since this release

Assets 2

We are excited to bring you Pale Moon 28.0. This is a new major milestone in Pale Moon's release history.

We are now building on the Unified XUL Platform which has been forked off from Mozilla's mozilla-central at a point before Rust and Quantum to continue focus on the XUL interface language and traditional browser extensions. Many thousands of things have changed since the v27 (AKA "Tycho") versions, which can't possibly all be listed here. Instead, the most pertinent improvements in this new release are highlighted here:

  • SpiderMonkey update: The JavaScript engine has received a major upgrade and now supports all landmark features from the ECMAScript standards as carried by mainstream browsers. This should put an end to the increasing JavaScript issues we've seen due to web frameworks not being browser-agnostic in that respect, or the browser not supporting what websites expect.
  • Goanna update: The layout and rendering engine (Goanna) has been updated to its 4th generation (version 4.*) which brings with it improved compatibility with "trendy" CSS styling techniques that build on a few very specific features (e.g. CSS Grid). Goanna continues to build on tried-and-tested software fallbacks in case hardware acceleration can't be used, and Linux remote desktop users can continue to leverage xrender for speedy remote screen updates in Pale Moon.
  • DOM enhancements: Enhancements in the Document Object Model provides websites with updated APIs to perform their tasks. (e.g. Fetch, WebAnimations, WebCrypto, HTML Input Element Extensions, etc.)
  • Media enhancements: Our media back-end update is, for all intents and purposes, complete. MSE media streaming (for MP4) should be compatible with all major players on the market now. MSE for WebM is still disabled by default due to some compatibility issues that need to be examined, but you may enable this in preferences to e.g. allow 4k video playback on some sites that only offer UHD in WebM format. We now also support playback of FLAC-encoded audio.
  • New: WebGL2 support! Pale Moon now supports the WebGL2 standard for enhanced graphical experiences in 2D and 3D.
  • Devtools have been given a refresh. Just in case you thought they weren't extensive enough yet, some new categories have been added to inspect and manipulate all aspects of web content.
  • Updates to the login manager: Login credentials can now be stored specifically with or without a user name, and selected individually. This is a behavior change from previous, and clicking a password field can now pop-up a selection list of user names for which passwords are stored (if multiple credentials are saved). Clicking the appropriate login name (or date-stamped version if no name is present) will fill in the accompanying password.

What might be more important for people worrying about upgrading to this milestone is what hasn't changed.

  • We continue to support NPAPI plugins.
  • We continue to support complete themes as well as lightweight themes.
  • We continue to offer a fully customizable interface like before. Australis (like seen in Basilisk) is not used.
  • We continue to support XUL overlay, bootstrapped and (deprecated) Jetpack extensions (collectively called "legacy extensions" by Mozilla).
  • We do not include any DRM in the browser (people needing this can use e.g. the Silverlight plugin to play protected content), even though the platform we build on supports it.

Our primary goal has been to lift Pale Moon up to the new platform and as such most changes are "under the hood" and won't be seen in casual use (aside from more things "just working"). We aim to keep your user experience consistent and logical; but some things will have changed, of course. Browser extensions may need updating or may need a different version, for example.

Of course with such a big change of platform, there are some things that have regressed (worked before but no longer work), and we will work on fixing these regressions over time (hopefully with your help).

Reality check: Even though we have extensively tested the browser in daily use for a few months (also thanks to the brave souls on our unstable channel) we don't expect that the browser will be flawless or bug-free. If you find bugs, regressions or issues with the new release, please discuss them on the forum. Let's work together as a community of users to make this the best browser yet!

Big thank-yous and kudos go out to everyone who has, in one way or another, contributed to this milestone release and helped make it possible. This one belongs to all of you!

Aug 10, 2018