v2.5.4

NOTE: This release is a source-only release, to fix a recent issue with changed sqlite options on FreeBSD. For Windows/macOS binary releases (and any environment where sqlite accepts double-quoted string literals), this release is equivalent to v2.5.3, thus no new binaries were uploaded here.

Fixed

• Support SQLite with DQS (double quoted string) compile time option turned
  off.

v2.5.3

Added

• New array_at quirk, polyfilling the Array.at method, which is needed by various websites, but only natively available with Qt 6.2.

Fixed

• Crash when the adblock filter file can't be read.
• Inconsistent behavior when using :config-{dict,list}-* commands with an
  invalid value. Before the fix, using the same command again would complain that
  the value was already present, despite the error and the value not being
  actually changed.
• Incomplete error handling when mutating a dict/list in config.py and setting
  an invalid value. Before the fix, this would result in either a message in the
  terminal rather than GUI (startup), or in a crash (:config-source).
• Wrong type handling when using :config-{dict,list}-* commands with a config
  option with non-string values. The only affected option is bindings.commands,
  which is probably rarely used with those commands.
• The readability userscript now correctly passes the source URL to
  Breadability, to make relative links work.
• Update dictcli.py to use the main branch, fixing a 404 error.
• Crash with some notification servers when the server did quit.
• Minor documentation fixes

v2.5.2

Fixed

• Packaging-related fixes:
  • The install and stacktrace help pages are now included in the docs
    shipped with qutebrowser when using the recommended packaging workflow.
  • The Windows installer now more consistently uses the configured Windows
    colors.
  • The Windows installer now bases the desktop/start menu icon choices on
    the existing install, if upgrading.
  • The macOS release hopefully doesn't cause macOS to (falsely) claim that it
    "is damaged and can't be opened" anymore.
• The notification fixes in v2.5.1 caused new notification crashes (probably
  more common than the ones being fixed...). Those are now fixed, along with a
  (rather involved) test case to prevent similar issues in the future.
• When a text was not found on a page, the associated message would be shown as
  rich text (e.g. after /<h1>). With this release, this is fixed for search
  messages, while the 3.0.0 release will change the default for all messages to be
  plain-text. Note this is NOT a security issue, as only a small subset of HTML
  is interpreted as rich text by Qt, independently from the website.
• When a Greasemonkey script couldn't be loaded (e.g. due to an unreadable file),
  qutebrowser would crash. It now shows an error instead.
• Ever since the v1.2.0 release in 2018, the content.default_encoding setting
  was not applied on start properly (only when it was changed afterwards). This
  is now fixed.

v2.5.1

Fixed

• The qute-pass userscript is marked as executable again.
• PDF.js now works properly again with the macOS and Windows releases.
• The MathML workaround for darkmode (e.g. black on black Wikipedia formula)
  now also works for display (rather than inline) math.
• The content.proxy setting can now correctly be set to arbitrary values via
  the qute://settings page again.
• Fixed issues with Chromium version detection on Archlinux with
  qt5-webengine 5.15.9-3.
• Fixed a rare possible crash with invalid Content-Disposition headers.
• Fixes for various notification-related crashes:
  • With the tiramisu notification server (due to invalid behavior of the server, now a non-fatal error)
  • With the budgie notification server when closing a notification (due to invalid behavior of the server, now worked around)
  • When a server exits with an unsuccessful exit status (now a non-fatal error)
  • When a server couldn't be started successfully (now a non-fatal error)
  • With the herbe notification presenter, when the website tries to close
    the notification after the user accepting (right-clicking) it.
• Fixes in userscripts:
  • The qute-bitwarden userscript now correctly searches for entries for
    sites on a subdomain of an unrecognized TLD. subdomain names. Previously
    my.site.local would have searched in bitwarden for my.sitelocal,
    losing the rightmost dot.

v2.5.0

Deprecated

• v2.5.x will be the last release of qutebrowser 2.
  For the upcoming 3.0.0 release, it's planned to drop support for various
  legacy platforms and libraries which are unsupported upstream, such as:
  • Qt before 5.15 LTS (plus adding support for Qt 6.2+)
  • Python 3.6
  • The QtWebKit backend
  • macOS 10.14 (via Homebrew)
  • 32-bit Windows (via Qt)
  • Windows 8 (via Qt)
  • Windows 10 before 1809 (via Qt)
  • Possibly other more minor dependency changes
• The :rl-unix-word-rubout command (<Ctrl-W> in command/prompt modes) has
  been deprecated. Use :rl-rubout " " instead.
• The :rl-unix-filename-rubout command has been deprecated. Use either
  :rl-rubout "/ " (classic readline behavior) or :rl-filename-rubout (using
  OS path separator and ignoring spaces) instead.

Changed

• Improved message if a spawned process wasn't found and a Flatpak container is
  in use.
• The :tab-move command now takes start and end as index to move a tab
  to the first/last position.
• Tests now automatically pick the backend (QtWebKit/QtWebEngine) based on
  what's available. The QUTE_BDD_WEBENGINE environment variable and
  --qute-bdd-webengine argument got replaced by QUTE_TESTS_BACKEND and
  --qute-backend respectively, which can be set to either webengine or
  webkit.
• Using :tab-give or :tab-take on the last tab in a window now always
  closes that window, no matter what tabs.last_close is set to.
• Redesigned qute://settings (:set) page with buttons for options with
  fixed values.
• The default hint.selectors now match more ARIA roles (tab, checkbox,
  menuitem, menuitemcheckbox and menuitemradio).
• Using e.g. :bind --mode=passthrough now scrolls to the passthrough section
  on the qute://bindings page.
• Clicking on a notification now tries to focus the tab where the notification
  is coming from. Note this might not work properly if there is more than one
  tab from the same host open.
• Improvements to userscripts:
  • qute-bitwarden understands a new --password-prompt-invocation, which can
    be used to specify a tool other than rofi to ask for a password.
  • cast now uses yt-dlp if available (falling back to youtube-dl if not).
    It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM
    environment variable.
  • qute-pass now understands a new --prefix argument if used in gopass
    mode, which gets passed as subfolder prefix to gopass.
  • open_download now supports Flatpak by using its XDG Desktop Portal.
  • open_download now waits for the exit status of xdg-open, causing
    qutebrowser to report any issues with it.
• The content.headers.custom setting now accepts empty strings as values,
  resulting in an empty header being sent.
• Renamed settings:
  • qt.low_end_device_mode -> qt.chromium.low_end_device_mode
  • qt.process_model -> qt.chromium.process_model
• System-wide userscripts are now discovered from the correct location when
  running via Flatpak (/app/share rather than /usr/share).
• Filename prompts now don't display a .. entry in the list of files anymore.
  To get back to the parent directory, either type ../ manually, or use the new
  :rl-filename-rubout command, bound to <Ctrl-Shift-W> by default.

Added

• New input.match_counts option which allows to turn off count matching for
  more emacs-like bindings.
• New {relative_index} field for tabs.title.format (and .pinned_format)
  which shows relative tab numbers.
• New input.mode_override option which allows overriding the current mode
  based on the new URL when navigating or switching tabs.
• New qt.chromium.sandboxing setting which allows to disable Chromium's
  sandboxing (mainly intended for development and testing).
• New QUTE_TAB_INDEX variable for userscripts, containing the index of the
  current tab.
• New editor.remove_file setting which can be set to False to keep all
  temporary editor files after closing the external editor.
• New :rl-rubout command replacing :rl-unix-word-rubout (and optionally
  :rl-unix-filename-rubout), taking a delimiter as argument.
• New :rl-filename-rubout command, using the OS path separator and ignoring
  spaces. The command also gets shown in the suggested commands for a download
  filename prompt now.

Fixed

• When search.incremental is disabled, searching using /text followed by a
  backwards search via ?text (or vice-versa) now correctly changes the search
  direction.
• Elements getting a hint due to a tabindex now are skipped if it's set to
  -1, reducing some false-positives.
• The audible indicator ([A]) now uses a 2s cooldown when the audio goes
  silent, equivalent with the behavior of older QtWebEngine versions.
• With confirm_quit set to downloads, the confirmation dialog is now only
  shown when closing the last window (rather than closing any window, which
  would continue running that window's downloads). Unfortunately, more issues
  with confirm_quit and multiple windows remain.
• Crash when a previous crash-log file contains non-ASCII characters (which
  should never happen unless it was edited manually)
• Due to changes in Debian, an old workaround (for broken QtWebEngine patching
  on Debian) caused the inferior qutebrowser error page to be displayed, when
  Chromium's would have worked fine. The workaround was now dropped.
• Crash when using <Ctrl-D> (:completion-item-del) in the :tab-focus
  list, rather than :tab-select.
• Work around a Qt issue causing :spawn to run executables from the current
  directory if no system-wide executable was found. The underlying Qt bug is
  tracked as CVE-2022-25255,
  though the impact with typical qutebrowser usage is low: Normally,
  qutebrowser is run from a fixed location (usually the users home directory),
  and :spawn is not typically used with executables that don't exist. The main
  security impact of this bug is in tools like text editors, which are often
  executed in untrusted directories and might attempt to run auxiliary tools
  automatically.
• When :rl-rubout or :rl-filename-rubout (formerly :rl-unix-word-rubout
  and :rl-unix-filename-rubout) were used on a string not starting with the
  given delimiter, they failed to delete the first character, which is now fixed.
• Fixes in userscripts:
  • ripbang now works again (it got blocked due to a missing user agent and
    used outdated qutebrowser commands before)
  • keepassxc now has a properly working --insecure flag
• Speculative fix for an immediate crash at start with the macOS/Windows
  binaries (in certain rare environments).
• Speculative fix for a qutebrowser crash when the notification daemon crashes
  while showing the notification.
• Fix crash when using :screenshot with an invalid --rect argument.
• Added a site-specific quirk to make cookie dialogs on StackExchange pages
  (such as Stack Overflow) work on Qt 5.12.

v2.4.0

Security

• CVE-2021-41146: Fix arbitrary command execution on Windows via URL handler
  argument injection. See the security advisory for details.

Added

• New content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.
• New downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).
• New --private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.

Fixed

• Switching tabs via mouse wheel scrolling now works properly on macOS. Set tabs.mousewheel_switching to false if you prefer the previous behavior.
• Speculative fix for a crash when closing qutebrowser while a systray notification is shown.

v2.3.1

Fixes

• Updated the workaround for Google Account log in claiming that this browser
  isn't secure. For an equivalent workaround on older versions, run:
  :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:90.0) Gecko/20100101 Firefox/90.0"
• Corrupt cache file exceptions with adblock 0.5.0+ are now handled properly.
• Crash when entering unicode surrogates into the filename prompt.
• UnboundLocalError in qute-keepass when the database couldn't be opened.

v2.3.0

Added

• New content.prefers_reduced_motion setting to request websites to reduce
  non-essential motion/animations.
• New colors.prompts.selected.fg setting to customize the text color for
  selected items in filename prompts.

Changed

• The hosts-based adblocker (using content.blocking.hosts.lists) now also
  blocks all requests to any subdomains of blocked hosts.
• The fonts.web.* settings now support URL patterns.
• The :greasemonkey-reload command now shows a list of loaded scripts and has
  a new --quiet switch to suppress that message.
• When launching a userscript via hints, a new QUTE_CURRENT_URL environment
  variable now points to the current page (rather than the URL of the selected
  element, where QUTE_URL points to).

Fixed

• Crash on macOS 10.14+ when logging into Google accounts -- the previous fix
  was incomplete due wrong information in Apple's documentation.
• Crash when two Greasemonkey scripts have the same name (usually happening
  because the same file is in both the data and the config directory).
• Deprecation warnings when using the link_pyqt.py script on Python 3.10
  (e.g. via tox or mkvenv.py).

v2.2.3

Fixed

• Logging into Google accounts or sharing the camera on macOS 10.14+ crashed,
  which is now fixed.
• The Windows installer now correctly aborts the installation on Windows 7
  (rather than attempting an install which won't work, since Windows 7 is
  unsupported since the v2.0.0 release).
• Using --json-logging without --debug caused qutebrowser to crash since the
  v1.13.0 release. It now works correctly again.
• Mixing Qt 5.14+ with QtWebEngine 5.12 caused a crash related to qutebrowser's
  notification support, which is now fixed.
• The documentation now points to the new IRC channels on irc.libera.chat
  instead of the defunct Freenode channels (due to a hostile takeover by
  Freenode staff).
• Setting content.headers.user_agent or .accept_language to a value
  containing non-ascii characters was permitted by qutebrowser, but resulted in
  a crash when loading a page. Such values are now rejected properly.
• When quitting qutebrowser on the qute://settings page, a crash could happen, which is now fixed.
• When :edit-text is used, but the existing text in the input isn't
  representable in the configured encoding (editor.encoding), qutebrowser would
  crash. It now shows a proper error instead.
• The testsuite should now work properly on aarch64.
• When QtWebEngine is in a "stuck" state while :selection-follow was used,
  this could cause a crash in qutebrowser. This is now fixed (speculatively, due
  to lack of a reproducer).
• When the brave adblock data (adblock-cache.dat) got corrupted, qutebrowser
  would crash when trying to load it. It now displays an error instead.
• Combining /S (silent) and /allusers when uninstalling via the Windows
  installer now works properly.

v2.2.2

Fixed

• When awesomewm's "naughty" notification daemon was used with a development
  version of AwesomeWM and an unknown version number, qutebrowser would crash
  when trying to parse the version string. This is now fixed.
• Due to a bug with QtWebEngine 5.15.4, old Service Worker data could cause
  renderer process crashes. This is now worked around by qutebrowser.
• When an (broken) binding to set-cmd-text without any argument existed,
  using : would crash, which is now fixed.
• New site-specific quirk (again) working around not being able to type
  accented/composed characters on Google Docs.
• When running with python -OO (which is not recommended), a notification
  being shown would result in a crash, which is now fixed.