2.2.3 (2012-09-25)

* Workaround for breakage in Amazon Look Inside the Book (via Cloudfront)

https://trac.torproject.org/projects/tor/ticket/6848

* Fix logout for AOL users

* Other fixes: PassThePopcorn, WhatCD, Antispam.de, RFCeditor,

Weatherspark / GoogleMaps

* Disable broken: SVT.se

2.2.2 (2012-09-06)

* Fix a bug that was preventing settings from persisting:

https://trac.torproject.org/projects/tor/ticket/6653

* Fixes and improvements: Lenovo, YahooNew, Pirate Party, OpenDNS, Wordpress

https://trac.torproject.org/projects/tor/ticket/6604

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-August/001267.html

* Disable broken rulesets: FAZ, Playboy, Mapquest, Imgur, F-Secure

2.2.1 (2012-08-17)

* Fix a configuration-parsing bug in 2.2 that would

ignore default_off rules if this was a first install

https://mail1.eff.org/pipermail/https-everywhere/2012-August/001511.html

* Add a cleanup routine for profiles affected by that bug.

2.2 (2012-08-15)

* Prevent ruleset bugs from crashing the UI

https://trac.torproject.org/projects/tor/ticket/6280

* Fix the enable/disable button in Firefox 14

https://trac.torproject.org/projects/tor/ticket/6212

* Fix a nasty bug in the optional "Search www.google.com" ruleset:

https://gitweb.torproject.org/https-everywhere.git/commitdiff/50ca41a1e189ef8383781f803e51ec7a06688a3b

* Disable buggy/broken: ZDNet, Globe and Mail, Blip.tv, Governo Portugês,

Alton Towers, McAfee :( :( :(

* Fixes: Yandex, Wikipedia, PirateParty, JBoss, Gentoo

* Hopefully the last 2.x release before 3.0 stable

2.1 (2012-06-18)

* Fix context menu breakage when URIs lack a host

* Fixes: CiteULike, MozillaMessaging, Yandex, Demonoid, Pirate Party,

Gentoo, NYTimes, Microsoft, Wikipedia, Lenovo

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html

https://trac.torproject.org/projects/tor/ticket/6091

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001190.html

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-May/001186.html

https://mail1.eff.org/pipermail/https-everywhere/2012-May/001433.html

* Disable broken: MarketWatch, Disqus, Magento, Lavasoft, Project Syndicate,

Typepad/Say Media

https://trac.torproject.org/projects/tor/ticket/5899

https://trac.torproject.org/projects/tor/ticket/5496

2.0.5 (2012-05-16)

* Rebuild 2.0.4 without a bug in the release scripts that prevented all the

rulesets from being absent

2.0.4 (2012-05-16)

* Fix for compatibility with some other Firefox extensions:

https://trac.torproject.org/projects/tor/ticket/5682

* Fixes: Wordpress stylesheets, USENIX, Mozilla, Opera, Indymedia

https://trac.torproject.org/projects/tor/ticket/5905

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001105.html

* Disable broken: Pandora, Miranda IM, Pastebin.ca, PaidContent

https://trac.torproject.org/projects/tor/ticket/5804

https://trac.torproject.org/projects/tor/ticket/5776

2.0.3 (2012-04-26)

* Fix a downgrade attack that might allow attackers to deny HTTPS

Everywhere protection for cookies on some domains.

https://trac.torproject.org/projects/tor/ticket/5676

* Minor redirection mechanism fixes

* Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS

* Improvements: Mozilla

* Disable broken: ReadWriteWeb

2.0.2 (2012-04-19)

* Fix a weird wrong DOM-origin bug that occurred while redirects were in

progress (this might have security implications, although we are unsure

if it was exploitable).

https://trac.torproject.org/projects/tor/ticket/5477

* By default, use https://google.co.cctld instead of

encrypted.google.com

* Add an optional ruleset to use https://www.google.com

instead of encrypted.google.com, too

* Ruleset fixes: Debian, Kohls, Malwarebytes, Yandex, Wikipedia, Mises.org,

OpenDNS, Wizards of the Coast, Lenovo, Barnes and Noble

https://trac.torproject.org/projects/tor/ticket/5509

https://trac.torproject.org/projects/tor/ticket/5491

https://trac.torproject.org/projects/tor/ticket/5303

* Stumble across more horrible security holes in the Verizon website:

https://mail1.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html

* Disable the Gentoo ruleset on non-CAcert platforms

* Disable buggy rulesets: IBM, Scribd, Wunderground :( :( :(

https://trac.torproject.org/projects/tor/ticket/5344

https://trac.torproject.org/projects/tor/ticket/5435

https://trac.torproject.org/projects/tor/ticket/5630

2.0.1 (2012-02-27)

* 2.0 is now Stable!

* Fix tiny settings window on some versions of Windows:

https://trac.torproject.org/projects/tor/ticket/5197

* Fix drop down menu bug for the non-English versions of the UI

* Added Farsi and Arabic translations

* Disable Netflix, which was demonstrating a lot of breakage

* Improvements: Wikipedia

* Fixes: Google, Samba

* Ship 4 new rulesets since 2.0development.6

(404 new rulesets since 1.2.2!)

* Check ruleset grammaticity with xmllint/RelaxNG

chrome-2012.02.09

* make <exclusion pattern> rulesets elements work in the Chrome version

https://trac.torproject.org/projects/tor/ticket/5042

(also disable the LinkedIn ruleset)

* Support for Google Sorry

* 6 new rulesets

2.0.0development.6 (2012-02-08)

* Fix a nasty UI crash bug on Windows

https://trac.torproject.org/projects/tor/ticket/5020

* Ruleset fixes: Google Video, Yandex, LDS

https://trac.torproject.org/projects/tor/ticket/5026

https://trac.torproject.org/projects/tor/ticket/5042

* Disable problematic LinkedIn ruleset

* An experimental ruleset for the Google "Sorry" page

* Improved Nederlands translation

* Ship 6 new rulesets

chrome-2012.02.06{,.01}

* First "Official" EFF alpha Chrome release

* Installable on Chrome|Chromium 18+

* Two point versions, to test the autoupdating mechanism

2.0.0development.5 (2012-02-02)

* Fix some data structure inefficiencies that should reduce RAM consumption

by 25-75MB (!)

https://trac.torproject.org/projects/tor/ticket/4804

* Global enable / disable option

https://trac.torproject.org/projects/tor/ticket/4060

* Google Cache is back! :)

* Ship 126 new rulesets

* Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts, Yandex,

Hidemyass, Mozilla, Pogo, Google, Google Images, Google Video,

The Pirate Bay, AK Vorrat, JBoss

* Improvements: EFF, Flickr, RedHat, Diaspora, PrivatePaste, KDE,

Portugese Govt

* Disable broken: NSF.gov, WHO.int, Economist

* New experimental Yahoo! ruleset (off by default)

* New translations: Spanish, Nederlands

2.0.0development.4 (2011-11-15)

* The translations actually work

* Add new translations: Chinese, Russian

* Ship 37 new rulesets

* Exclude Userscript paths as an insecure workaround for the Greasemonkey

and Scriptish instances of this bug:

https://trac.torproject.org/projects/tor/ticket/3190

* Fixes: Java.com, Yandex, Wordpress, Wikipedia, Bahn.de, UNSW, Apache,

DuckDuckGo, Google Images

* Improvements: Debian, Tumblr, Apple, Facebook, VeriSign, Google Services,

Flickr, Youtu.be

* Disable broken: Target, OpenUniversity, TV.com, Radio Shack,

Yahoo Mail :( :(,

Google Cache coverage in Google Services :( :( :(

2.0.0development.3 (2011-10-19)

* Selectively reenable nsIContentPolicy::shouldLoad()

Fixes: https://trac.torproject.org/projects/tor/ticket/4194

Fixes: https://trac.torproject.org/projects/tor/ticket/4149

* Crazy experimental IOUtils hacks from NoScript

https://bugzilla.mozilla.org/show_bug.cgi?id=677643#c75

(Appears to fix

https://mail1.eff.org/pipermail/https-everywhere/2011-October/001208.html,

which is probably a general redirection bug)

* Secure cookies set by JavaScript as well as those set by HTTP

Fixes: https://trac.torproject.org/projects/tor/ticket/3766

* Perform initialisation synchronously, reducing races during startup

Fixes: https://trac.torproject.org/projects/tor/ticket/3533

* Ship 9 new rulesets

* Disable: MikeWest

* Improvements: YouTube, Google Images

2.0.0development.2 (2011-10-05)

* Enable YouTube by default

(also closes https://trac.torproject.org/projects/tor/ticket/4032)

* Merge nsIContentPolicy disablement from stable

(closes https://trac.torproject.org/projects/tor/ticket/3882)

* Context menu should work on error pages

(https://trac.torproject.org/projects/tor/ticket/3815)

* Fix the ASN setting button in the observatory prefs

(https://trac.torproject.org/projects/tor/ticket/4170)

* Make the Observatory much more efficient

* Ship 46 new rulesets

* Update for new Wikipedia HTTPS deployment

* Ruleset Fixes and Enhancements: Yandex, Identica, SBB, Polldaddy, XKCD,

Statcounter, Caltech, UCSD, FlickR, Android

* Disable broken: LastPass, Avast, EPEAT, Bloglines

* Improve the state of our translations-in progress

* Fancy new Python build scripts

2.0.0development.1 (2011-09-15)

* Begin alpha testing for the Decentralized SSL Observatory!

(currently opt-in, with a popup prompt if you have Tor Button installed)

* Ship 164 new rulesets

* Enable Google Maps by default

* Pending translations: Arabic, Dutch, German, Portugese, Latvian, Russian,

Swedish

* Fixes: OpenDNS, WordPress, Flickr

* Expansions & Improvements: Google Services, Twitter, Gowalla, Apple, Bit.ly

AdBlock Plus, KLM, Adobe, UCSD, Heroku, Wikipedia

* Disable broken rulesets: Deviantart, Bandcamp, Securityfocus

* Improved build scripts

1.2.2 (2012-01-09)

* Google Cache is back!

* Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts,

Yandex

* Improvements: EFF

* Disable broken: NSF.gov, WHO.int

1.2.1 (2011-10-15)

* Google Cache is broken, remove it from GoogleServices :( :( :(

* Fix for the Google Image Search homepage

* Exclude help.duckduckgo.com:

https://trac.torproject.org/projects/tor/ticket/4399

* Disable Yahoo! Mail:

https://trac.torproject.org/projects/tor/ticket/4441

* Installable on Firefox 10

1.2 (2011-10-14)

* Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se

* Improvements: use fancy new HTTPS Wikipedia

* Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT

1.1 (2011-10-19)

* Further tweaks to internals, will hopefully fix a number of weird issues:

https://trac.torproject.org/projects/tor/ticket/4194

https://trac.torproject.org/projects/tor/ticket/4149

https://mail1.eff.org/pipermail/https-everywhere/2011-October/001208.html

* YouTube is enabled by default!

* Fixes: Yandex, Statcounter, Polldaddy, SBB.ch

* Improvements: Facebook+

* Disable broken: Bloglines, EPEAT

1.0.3 (2011-09-26)

* Mozilla is about to release Firefox 7, the stable branch needs to be

installable there!

* Disabling nsIContentPolicy callbacks should fix this crash bug:

https://trac.torproject.org/projects/tor/ticket/3882

https://bugzilla.mozilla.org/show_bug.cgi?id=677643

It /might/ cause us to fail to rewrite requests in obscure corner cases.

We haven't found any in testing, but vigilance will be required.

* Support for Google Maps

* Fixes: WordPress, Lenovo, OpenDNS, Avast, Ripe.net, TV.com, 38.de

* Disable broken: Seagate

1.0.2 (2011-09-20)

* Major improvements to the Wikipedia ruleset

* Disable broken/buggy rulesets: DeviantArt, eHow, About.me, Bandcamp,

StudiVZ, Securityfocus, BankofAmerica :( :( :(

* Small fixes: OpenDNS, WordPress, links in the "About" page

* Declare incompatibility with Firefox 7 & 8 until Mozilla fixes this:

https://bugzilla.mozilla.org/show_bug.cgi?id=677643

1.0.1 (2011-08-10)

* Disable some rulesets with partial compatibility issues: Reddit,

StumbleUpon, Heroku

* Small Yandex fix

* Fix/improvement for Google Instant outside the US

1.0.0 (2011-08-04)

* Release 1.0 into the stable branch!

* Improve toolbar UI for error pages somewhat (it still isn't perfect)

* Bugfixes: Microsoft, Dropbox, Netflix, MySQL

* Disable a couple of broken rules

1.0.0development.5: (2011-07-13)

* Ship rulesets as a single "default.rulesets" file, shrinking the .xpi from

~370 kB to ~120kB and speeding Firefox startup:

https://trac.torproject.org/projects/tor/ticket/3404

* Fix an ephemeral bug where disabled-by-default rules would be briefly

enabled when first installed

* Wikipedia shows up in the toolbar/context menu

* Fixes to netflix & netzpolitik

* Toolbar/context menu can be opened with left or right click

1.0.0development.4: (2011-07-06)

* Fix a bug with Google Translate

* Unbreak the Netflix blog

* Toolbar button now looks OK in Seamonkey

* Declare compatibility with the next round of Firefox alphas

1.0.0development.3: (2011-07-04)

* Do not show a bizarre popup when people click the HTTPS toolbar button on

error pages

* Fix a GoogleServices bug that broke logout from non-US google accounts :(

1.0.0development.2: (2011-07-01)

* Fix bugs that arose when trying to move the toolbar menu icon:

https://trac.torproject.org/projects/tor/ticket/3497

* Handle usernames and passwords in URIs more explicitly

https://trac.torproject.org/projects/tor/ticket/2199

* By default, move context menu from toolbar to addons bar

* Ship 22 new rulesets

* Add support for Google Plus, Accounts and AdWdords

* Improvements to Microsoft, Twitter and Gitorious

1.0.0development.1: (2011-06-27)

* Add a context menu to let users toggle rulesets that are/might be

applicable to the current page (we can now stabilise the dev branch!)

* Ship 42 new rulesets

* Support for Google Image Search (except the very first landing page :/)

* Fixes: Netflix, Plone

* Improvements: Google APIs, Google Services, Mediawiki

* Disable broken rules: OKCupid, Surveymonkey

* Declare compatibility with recent Seamonkey releases

0.9.9.development.6:

* Optimistically declare compatibility with Firefoxes up to v 7.*

* Ship 193 new rulesets

* Fixes & Improvements: Wikipedia, AmazonAWS, Google Images, Microsoft,

Mozilla, Netflix, Google User Content, Twitter, Gitorious, AdBlock Plus,

Youtube, he.net, Bitcoin

* Remove broken rules: Match.com

0.9.9.development.5:

* Compatible with Firefox 4.0.1+

* New ruleset management UI (thanks to katmagic and Stefan Tomanek)

* Ship 136 new rulesets

* Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious

* Improvements: Bit.ly, Yahoo, Nokia

* Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!)

0.9.9.development.4:

* Ship 117 new rulesets

* Fixes: MySQL, GroupOn, country-specific Google news sites,

* Improvements: mail.com, WordPress

* Leave WashingtonPost ruleset on in the hope that it gets fixed soon :/

* Disable broken rules: HTC, I2P ...

0.9.9.development.3:

* In the settings dialogue, offer "Reset defaults" instead of "Enable all"

* Merge fixes from NoScript that avoid some torbutton bugs

* Ship 56 new rulesets

* Numerous tweaks + fixes, including NYTimes and AddThis

0.9.9.development.2:

* Prevent the preferences window from swallowing the screen on OS X / Windows

* Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS)

* Attempt to do the same for for CAcert

* Fixes to: Reddit, Drupal.org

* Disable some problematic rulesets: Cisco, Opera

* Enable: Reddit

* Ship another 62 rulesets

0.9.9.development.1:

* The efficient ruleset checking implementation should now hopefully be...

efficient

* Ship all the rulesets (!!!)

* Except the ones that cause cert warnings, which are there but off by default

* Build scripts attempt to validate rulesets before making a .xpi

0.9.7:

* Support firefox 5 and 6 betas

* Numerous improvements and fixes to Google and GoogleServices support

* Fixes to AmazonAWS

* Secure j.mp via bit.ly

* Fix gentoo bugs

0.9.6:

* Support firefox 4.0.1

* Unbreak recaptcha

* Disable google.com/jsapi (which was breaking some embedded maps, though

that bug *might* have been fixed)

0.9.5:

* WashingtonPost is broken and seems to be staying that way; disable it :(

* Replace "Enable All" with "Reset Defaults"

* Fixes & Improvements to WordPress + Mozilla

0.9.4:

* Significant performance improvements

* Disable Cisco by default

* Fixes & improvements to: NYTimes, WashingtonPost, Cisco, WordPress

* Support Google Code

* Disable Google Custom Search Engines (they don't work)

* Support global installation for OS distributions (thanks dm0)

0.9.3:

* Significant performance improvements

* Disable Cisco by default

* Fixes & improvements to: NYTimes, WashingtonPost, Cisco, WordPress

* Support Google Code

* Disable Google Custom Search Engines (they don't work)

* Support global installation for OS distributions (thanks dm0)

0.9.2:

* Fix a bug in our redirection loop detection that was causing touble with

some parts of NYTimes, Facebook, and other sites

(closes: https://trac.torproject.org/projects/tor/ticket/2217)

0.9.1:

* Unbreak the "all x news articles" links in Google News

* Exclude nytimes.com/roomfordebate, since it's broken in https.

0.9.0:

* This is our "Firesheep" release. It has numerous anti-firesheep

improvements!

* Split the stricter parts of the Facebook rule into a "Facebook+" rule.

It's what's required to protect Facebook from Firesheep and similar cookie

theft attacks, but it may break apps, because apps.facebook.com currently

has the wrong cert.

* Allow rulesets to specify that the secure flag should be set on some

cookies even if the site operator failed to do so

* Ship rules for:

- Amazon S3 (AWS)

- Github

- Bit.ly

- Dropbox

- Evernote

- Cisco

* Extensive improvements (including secure cookies) in the Twitter and

Facebook rules

* Support for full Live / Hotmail encryption

* Significant performance optimisation decreases CPU load

Fixes:

https://trac.torproject.org/projects/tor/ticket/1656

https://trac.torproject.org/projects/tor/ticket/2194

* Rearrange our Channel Replacement code!

Fixes https://trac.torproject.org/projects/tor/ticket/1684

https://bugzilla.mozilla.org/show_bug.cgi?id=548102

Thanks to Giorgio Maone and Boris Zbarsky!

* Add scrollbars if there are a lot of rules present in the Preferences

dialog (may still be somewhat buggy...)

* Optimise GoogleServices.xml and support Google code search

* Patch for future compatiability with Request Policy:

https://trac.torproject.org/projects/tor/ticket/1574

* Support for the Firefox 4 API

* The Amazon rule was causing a lot of glitches; it is now off by default

* Control log verbosity with an about:config variable

* Numerous minor rule improvements

0.2.2:

* Fix a glitch in the Content Policy path that may or may not have been

responsible for these bugs:

https://trac.torproject.org/projects/tor/ticket/1700

https://trac.torproject.org/projects/tor/ticket/1672

https://trac.torproject.org/projects/tor/ticket/1673

The patch breaks toolbar search suggestions. And who knows what else?

* Don't send some country homepages to https://www.google.com/webhp?hl= ;

use https://encrypted.google.com instead

* Cleanup and refactor the URI replacement and rewriting code. Should

hopefully fix https://trac.torproject.org/projects/tor/ticket/1649

* Add a Google APIs rule

* Remove some Extremely Nasty code that would delete malformed rulesets (!)

(it was pasted from Torbutton's cookie handling logic...)

* Add code.google.com to Google Services

* The client=firefox* workaround is no longer necessary once we're sending

non-US users to encrypted.google.com rather than www.google.com

* Better coverage for GMX, Google services, Twitter

* Scroogle homepage in HTTPS

* Add rules for

- Mail.com logins

- Microsoft (limited coverage)

* Fix a nasty Google/Wikipedia bug within 0.2.2.development.{1,2}

0.2.1:

* Although google said https://www.google.com would continue to work, that

wasn't absolutely true.

* The new encyrpted.google.com seems to require queries to be #q=thing

rather than search?q=thing, at least some of the time. So let's do that.

0.2.0:

* Work around the fact that Google does not allow client=firefox* HTTPS

searches from outside the US, by rewriting those URIs

* Add rules for:

- Amazon

- GMX

- Live.com (Hotmail logins)

- Meebo

- the Netherlands Government

- Wordpress.com

- Zoho

* Remove the assumption that non-US searches would always start with an hl=

language parameter

* Handle searches to the google.com/firefox script better

* Remove accidental duplicates of a couple of rules!

* Bump maxVersion into the future so we're compatible with Firefox alphas

* Fix more legacy eff.org bugs

0.1.2:

* Apparently, we are not actually compatible with Firefox 2.0.0.x, so don't

install with it!

* Further generalisation of Wikimedia rules

* Fix bugs in the handling of obscure parts of eff.org and torproject.org

* A bug in a user rules file should produce an error, rather than causing all

rules to fail to load

0.1.1:

* Generalise the Wikipedia rules to other Wikimedia services

* In preferences window, add a link to instructions for writing one's own

rules