1.39.0

Commits to master since this release
Commits since last release

To install the stable build:

• Firefox: Click uBlock0_1.39.0.firefox.signed.xpi
  • uBO works best on Firefox.
• Chromium: Install from the Chrome store (CWS): https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
• Edge: Install from Microsoft Store: https://microsoftedge.microsoft.com/addons/detail/odfafepnkmbhccpbejgmiehpchacaeak
  • The Microsoft Store version of uBO is published by Nik Rolls
• Opera: Install from Opera addons: https://addons.opera.com/en/extensions/details/ublock/

---

Important

Fixed security issues reported by @hackvertor, see "uBlock, I exfiltrate: exploiting ad blockers with CSS".

New

A new "Report an issue on this website" icon has been added to the popup panel, to make it easier to report filter issue to volunteers maintaining filter lists. Reporting filter issues through this new feature requires a GitHub account.

A new Support pane has been added to the dashboard, to make it easy for users to share technical information about their current uBO's configuration, and consequently make it easier for volunteers to diagnose reported issues.

Closed as fixed

Chromium

• Text editing boxes have mouse location issues in higher DPIs
• Cosmetic filters not working on many websites with "Experimental Web Platform features" in chrome://flags
  • This also fixed "Security: Comments can still be used to smuggle arbitrary CSS", which was reported afterward.

Core

• [discovered by @hackvertor] Security: Cosmetic filters can make background requests using image-set() on Firefox
• uBlock GA overwrites breaking _link implementation when using a named property
• [discovered by @hackvertor] Security: Smuggle arbitrary CSS inside cosmetic uBlock filters
• [discovered by @hackvertor] Security: JavaScript URL injection allowed in query string parameter and redirection to uBlock origin urls
• Fix not highlighting cases of invalid syntax
• [patch by @pixeltris] Twitch bypass is circumvented
• Extension report website adblocking option
• [patch by @eligrey] Don't assume document.documentElement is non-null
• Add support for pseudo classes

Notable commits without an entry in the issue tracker

• Do not decode query parameter name when used as token
• Suggest network filter as best candidate by default
• Auto-escape commas in removeparam's regexes
• Simplify handling of valid HTML tags in i18n files
• Give precedence to negated types in case of ambiguity
• Fix regression in isBlockImportant()
• Add refresh-defuser scriptlet
• Add advanced setting to modify default webext flavor
• Convert fingerprint2.js scriptlet into a redirectable resource