Windows was released as well as UNIX.
* Perform bounds checking for ints and use correct types for float config inputs.
* Remove all float equality comparisons.
* Verify a DOM node is a valid HTML document in focus code (webkitgtk 2.0.0+ only).
* Fix order of fetching remote cert to prevent incorrect warning.
* Add signal handler to deny all HTML5 geolocation requests.
* Fix shlib hooking on Windows to allow persistent cookies.
* Sync hsts-preload with Chromium.
* Fix memory leak when adding to the force_https whitelist.
* Mention plwl about page in manpage.
* Remove unused directories from Makefiles.
This time Windows was released as well as UNIX.
* Switch link hinting to be case insensitive
* Support :favadd [title] to set a custom title for favorites
* Close tab when press and releasing X, not just a press down
* Fix several memory issues found by clang's static analyzer
* Sync hsts-preload with Chromium
* Cleanup manpage to be more consistent
* Fix Linux and OS X manpages to be more consistent
* Fix build on NetBSD
This time Windows was released as well as UNIX.
* Allow saving cert directly from :cert show page.
* Add support for libsoup's new proxy resolver (supports socks directly, requires libsoup 2.42.2+).
* Fixed HTTPS cert fetching to not send an additional GET request with arguments.
* Plugged many memory leaks and fixed various other memory issues.
* Added IPv6 unicast address to list of addresses excluded from proxy.
* Removed mentions of xombrero from example Google search strings.
* Synced preloaded HSTS with chromium.
* Fixed a privacy leak caused by using a separate gnutls tls
connection to grab remote HTTPS certificates which ignored
* Disabled/removed threading since gnutls sideband thread is no longer
* Added command to increment/decrement page numbers in URLs
* Added enable_cache setting to enable/disable cache (disabled by
* Pluged some memory leaks
* Fixed some warnings and bugs caused by GTK 3.8
* Added initial OS X build support
* Various Makefile fixes for all platforms
* Fixed typo in manpage
* Add regex support to whitelists
* Implement header changes
* Actually track the header files
* Make all new tabs open in new windows in tabless mode
* Use DDG's default site (js) in example config
* Fix for FS273
* Fix for FS387
* Sync preloaded HSTS with chromium
* Install xombrero.desktop. Fixes FS384.
* Initialize cookie whitelist. Fixes FS388.
* Kill whitespace in aliases. Fixes FS240.
* Add a button to the toolbar to toggle the proxy
* add tor icon toggle for proxy
* fix icon apearing when http_proxy is set
* [NEW] Add DragonflyBSD and NetBSD ports
* Unbreak custom URI handling
* Fix display of about:favorites with no favorites
* Prevent using back on an about:secviolation page from returning back
to the exact same page that triggered the cert warning.
* Fix build with glib 2.30.0
* Kill a crash when using older libsoup versions
* Sync the preloaded HSTS list with Chromium's
xombrero 1.3.0 (and 1.3.0 Windows BETA)
* [NEW] force_https setting and https command to force a given domain
to always use HTTPS
* [NEW] Use force_https to provide a preloaded HSTS list to help avoid
the ssl stripping attack. Sites in this list are taken from
Chromium's preloaded HSTS list, and additional domains added by the
* [NEW] Added an about:runtime page and :runtime command to view and
change runtime settings
* [NEW] Added a link to view the cached HTTPS certificate in addition
to the new remote certificate
* [NEW] Added a new setting, gnutls_priority_string, to modify the
GnuTLS priority string that it used by glib-networking. This may be
used to fix sites that break when the browser advertises newer TLS
versions, and enable or disable specific ciphersuites. This has no
effect with glib-networking versions < 2.33.10.
* [NEW] Modify the about:favorites page to remove the X links to
remove links. A new favedit command has been added to show the Rm
* [NEW] Added a special 'unbind' keybinding action to remove any
previously bound actions to a keybinding.
* Add a workaround to fix a GTK focus bug until it has been fixed
upstream (see [url]https://bugzilla.gnome.org/show_bug.cgi?id=677329)[/url]
* Each tab now owns its own session key for internal xombrero links,
instead of a session key for the type of operation. Session keys
are destroyed after they are no longer needed. This prevents rogue
sites from even being able to correctly guess a sesion key to run an
internal xombrero command.
* Fix several issues that were the result of our back/forward
handling. Reloading pages should now always work after loading a
page from an about page (for example, about:favorites).
data:) when following links. This measure is to prevent against
bait-and-switch attacks (see [url]http://lcamtuf.coredump.cx/switch/[/url] for
* Fix the following of clicking links when they attempt to open in a
new tab (target="_blank"), whitelist mode is enabled, and the
* Make middle clicking in the command and hinting prompt paste from
the PRIMARY clipboard
* Make the GTK3 tabs even smaller (like how they were in the GTK2
* Prevent tabs from growing to twice their height when using P
(pasteurinew) to paste a link with a newline at the end.
* Fix the background of insensitive icons in context menues by
coloring their backgrounds transparent.
* Modify the reminder message on about:about so it's clear the browser
must be restarted.
* Modify the about:allthethings output to a more C-like syntax
* Remove the usage of relying on some deprecated webkitgtk signals
* Fix some build issues with FreeBSD and Linux
* Prevent spitting out warnings of deprecated gcrypt functions when
* Prevent a crash when using editsrc on about:blank or any other blank
* Many various code cleanups
The way domains and subdomains of whitelist items are handled has been
changed. In previous versions, whitelisting example.com would
automatically expand to .example.com (which matches example.com and
all subdomains). This has been fixed in this version. If your
xombrero configuration includes whitelists without a leading period,
and you intend for subdomains to also be included in the whitelist,
you will need to manually update your configuration to add the leading
xombrero 1.2.2 (and 1.2.2 Windows BETA)
* [NEW] Implement a new setting, do_not_track, to set the Do Not Track HTTP header. This setting is disabled by default in normal mode and enabled in whitelist mode.
* Make our CSS changes Windows ready and re-enable the default GTK theme on Windows.
* Fix the keybindings in the example config so they properly represent the default values in the source code.
* Add some additional paranoia in the input focus code to prevent a segfault on some sites (most notably, pnc.com).
* Fix a bug where HSTS would never be enabled if referer_mode = always
* Fix the build when debugging is enabled
* Show a warning when the binary could not be run when executing a program based on a MIME type, except for the special "donothing" binary name.
xombrero 1.2.0 (and 1.2.0 Windows BETA)
New features + changes:
* [NEW] Enable GTK3 support. GTK2 is still supported using the
GTK_VERSION=gtk2 environmental variable when building.
* [NEW] Add a show_scrollbars option to optionally disable the showing
of scrollbars. Disable this setting by default for gui_mode =
minimal. Requires GTK3.
* Fix build on old versions of libsoup
* Remove xterm_workaround
* Make y/p/P keybindings work on Windows
* Print mutex warnings to the debugging output instead of showing a
warning to the user.
* Instead of dying at startup with bad configuration settings, show a
warning message at startup.
* Remove the extra padding between the webpage and webpage and the
scrollbar. Requires GTK3.
Current known issues with GTK3:
* Normal tabs elongate slightly when the spinner is shown.
* Lots of Gtk-CRITICAL warnings with fancy_bar = 0.
* If the user theme gives GtkEntry widgets rounded borders, it will be
visible in the statusbar where various statusbar elements begin and
* If the size of statusbar_font is decreased to make the statusbar
height smaller, the page favicon is not resized to fit.
* The sizes of statusbar elements are too large.
* Modifications in xombrero.css do not work well with the default
Windows theme so we have disabled user themes on Windows until this
xombrero 1.1.1 Windows BETA
This release makes xombrero on windows almost on par with UNIX. We will remain in BETA until we fix such things as the external editor feature etc.
The major new features are:
* Switch browser to GTK3 to fix rendering issues
* Fix icons
* Fix HTML5 video support
* Fix yanking and pasting
* Fix crash when opening dialogs
* Fix build on linux
* Make the autofocus code a bit smarter by first saving the original
xombrero 1.1.0 (and 1.1.0 Windows BETA)
* [NEW] Custom keybound prompts (keybinding = :cmd,key)
* [NEW] Custom uri handling (custom_uri)
* [NEW] Custom command aliases (cmd_alias)
* [NEW] Link to edit configuration from about:about
* [NEW] Setting to disable proxy at startup (http_proxy_disable)
* [NEW] Setting to cache HTTPS certificates and present warnings when
certificates change to help prevent MITM attacks (warn_cert_changes)
* [NEW] Tab number and proxy enabled notifications (statusbar_elems)
* [NEW] Setting to change default stylesheet used for the userstyle
and userstyle_global commands (usersytle)
* [NEW] Both userstyle and userstyle_global commands may take an
optional argument to a user-specified stylesheet
* [NEW] Setting to change the style of the statusbar to switch between
the page URL and title (statusbar_style)
* [NEW] Link added to the top of about:history to remove all history
* [NEW] Command to delete all tabs except the currently focused one
* [NEW] Setting to modify or round-robin through different HTTP Accept
headers when making text/html requests
* [NEW] Settings to prevent loading or running of insecure content if
webkit supports these features (allow_insecure_content and
* Runtime settings are unsettable with ':set setting ='
* Fix some display bugs with the statusbar
* HTML escape text before displaying with about:set, <file> now shows
* Fix unsetting the statusbar color when opening the command prompt
* Make copy link context menu items also paste to the PRIMARY
* Replace "%s" manually in the alias and search_string settings to
prevent the format string exploit
* Make fancy_bar a dynamic setting
* Remove the special "Loading", "Downloading", and "Download Failed"
* Custom user agents now rotate per tab instead of globally for every
* Kill many runtime glib errors
* Switch to glib's g_spawn_async() to implement spawning external
processes instead of fork+exec
* Display a warning message if unable to execute run_script
* Use the current tab order when clicking the tab arrow
* Send a click event to text input fields when entering insert_mode
(requires >= WebKitGTK 1.8)
* Attempt to find and use the page's default focused text box instead
of the first when entering insert_mode
* Prevent a switch to command mode on page load if the currently
focused text box was typed into
* Focus and highlight the current tab item when showing the buffers/ls
* Alphabetize settings in about:set
* Fix many other various things
* Fix a bug where not the entire saved cert wouldn't be checked
* Add an include_config setting to load additional configuration settings
* Add option to display when a download completes
* Rewrite mutex implementation to work around some bogus buggy mutex implementation messages
* Make bunch of settings work in runtime vs start-of-day
* Add option to select search engine when used the first time
* Add ctrl-enter to prefix www. and postfix .com
* Add stop keybinding
* Fix a bunch of tiny bugs and general code improvement