Closed as fixed:

Firefox 51+

• WebRTC local IP leakage prevention ineffective

Closed as fixed:

• Untokenizable static filters not properly enforced

Changes

Cosmetic filtering

Implementation of cosmetic filter operator :matches-css has been revised according to the discussion at #1930 (comment) and request in uBlockOrigin/uAssets#212:

• :matches-css now accept no more than one single style property. If more than one style property must be matched on the same node, you will need to chain them (i.e. div##matches-css(...):matches-css(...) -- ability to chain is coming for next release). Since there is only one style property, do not use trailing ;.
• :matches-css-before() and :matches-css-after() are now also available to specifically match style property for the pseudo elements :before and :after on a node.
• Support the use of regexes for property matching: if the first and last character of the value to match is /, the value will be deemed to be a literal regular expression which must be matched.

Dashboard

The last dashboard's pane you visited will be automatically opened next time you open the dashboard (issue #2206).

Closed as fixed:

Edge

• tapping on icons in tablet mode selects them

Firefox

• Incompatibility between ABP and uBO over FETCH (json)

Core

• $generichide sometimes does not work (regression from d62059c)
• Select last visited pane when re-opening the dashboard

Changes

Dynamic filtering pane

The dynamic filtering pane in the popup panel is now available in read-only mode to users who did not enable "I am an advanced user" in Settings:

The rationale for this change is explained in issue 2010. It still is collapsed by default, but can be brought up by clicking the "requests blocked" or "domains connected" fields in the main area.

Template-based scriptlets

In order to promote the reuse of injectable scriplets across different sites, it is now possible for a scriptlet to accept arguments. The arguments are comma-separated and appear after the token, for example (a real case):

golem.de##script:inject(abort-on-property-write.js, _sp_)

In the example above, the scriplet abort-on-property-write.js contains a placeholder for one argument, which placeholder will be replaced with the argument _sp_. Placeholders for scriplets which accept arguments will always be for string values (reminder that injectable scriplets are part of the project, never from an external party).

Advanced settings

A new "Advanced settings" pane, available only to advanced users. It contains settings which are experimental, or which are of interest to advanced users who want more control over how uBO behaves internally. I do not want to bloat the Settings pane in the dashboard with settings which are of interest only to a minority of users or which are experimental: this is where the new "Advanced settings" pane is useful.

When you enabled "Advanced users" in the Settings pane, a cogs icon will appear next to that setting. Click this cogs icon to access those "hidden" advanced settings:

The UI of the advanced settings page is purposefully stern. Keep in mind that whatever settings you see in there may be experimental and could be removed at any time in the future.

Experimental advanced setting of interest: suspendTabsUntilReady (default to false), to prevent uBO from establishing any remote connection at launch before all filter lists/settings have been fully loaded (related issue #1327). How well it works will have to be evaluated by users.

WebExtensions

From now on, there will be a Firefox's WebExtension version of uBO (see uBlock0.webext.zip below, see "Temporary Installation in Firefox" on how to install on Firefox). Do not bother trying it out if you do not have Nightly 52.0a1 (2016-10-29) or later installed. Also, do not open issues here for the WebExtension version of uBO -- it is still at an experimental stage and there are things which are known to be missing in the API for uBO to fully function: see bugzilla 13099260.

Closed as fixed:

Firefox:

• Fix to work around Firefox issue 1317173: "[non-e10s] Pop-ups opened in Private Browsing mode stay in history"
• ublock origin "blocks" webtoepub addon on firefox (not on chromium)
  • Added moz-extension-scheme to default whitelist directives.

Core

• Support passing arguments to injected scriplets
• Weird logger issue (regression)
• Dynamic filtering pane issue in v1.9.16 (regression)
• $elemhide cannot be disabled via a counter filter flag
• Why is redirect clause ignored in static filter?
• Fonts on left side of advanced mode popup are too big
• Allow dynamic filtering pane to be visible (simplified, read-only) for non-advanced users
• For certain rules logger does not show from which list(s) it originates (regression)
• ###\5f filters not read by uBlock
• Feature Request: Whitelist wildcard IP addresses
• Ignoring ping filters
• Blocking "early" requests is not possible (experimental fix)

Changes:

Some work has been done on the element picker:

• can now handle procedural cosmetic filters (:has, matches-css, :xpath), and also the special operator :style -- matching elements of such filters will be highlighted like normal CSS selector-based filters.
• an invalid filter in the input field will now trigger a visual cue: the background of the input field will be reddish.
• the number of elements on the current page matching the filter in the input field is now displayed in the bottom right corner of the input field.
• the preview mode is now sticky, i.e. you can modify the filter in the input field without being kicked out of preview mode. Convenient when creating :style-based cosmetic filters.

The Privacy setting "Disable hyperlink auditing/beacon" has been changed to "Disable hyperlink auditing", and network requests of type beacon are no longer blanket-blocked. The network requests of type beacon will now be filtered just like any other network requests, according to the current filters/rules. [need to update wiki doc].

Network requests of type csp_report will be blocked regardless of filters/rules when there is a probability they are fired as a result of uBO internally redirecting one or more network requests to neutered resources. In such case, uBO considers these csp_report network requests as "spurious" and blocks them. An example of such spurious CSP reports being fired as a result of uBO redirecting resources is https://medium.com/ (see dev console when loading a page from that site), where a CSP report is fired by the browser as a result of uBO redirecting Google Analytics script to uBO's neutered version.

Closed as fixed:

Chromium

• uBlock blocking domain but not showing it in the dynamic filtering pane

Core

• [security] Translations can inject JavaScript code into the extension
• ##iframe[id][style] hides element picker
• Websocket filters of the form *$websocket are still applied for whitelisted sites
• Hard Mode Issue When Toggling to Medium Mode
• Generic cosmetic filters abruptly not applied
• Automatically lookup site-specific scriptlets: support for entity-based filters was left out, this has been added.
• Revisit the setting "Disable hyperlink auditing/beacon"
• Element picker and :has() operator
• filters that start with || and end with |
• Export in YYYY-MM-DD format for easier folder navigation

This version is worth publishing only for Opera store currently -- as neither Chromium nor Chrome expose the specific setting which uBO was overwriting.

Closed as fixed:

Chromium

• Opera store feedback: "cannot 'Disable non-proxied UDP' - WebRTC"

Closed as fixed:

Firefox

• Move script tag filtering data into content process side
  • Benefit mostly multiprocess Firefox.
• :xpath doesn't hide this element
  • Procedural cosmetic filters (:has, :matches-css, :xpath) are now more sturdily enforced (true for Firefox versions 38 and above)

Closed as fixed:

• Some connections from whitelist are blocked
  • Regression bug from a7fe367.