Pale Moon has been updated to version 29.3.0. This is a development, bugfix and security release. Linux versions may be slightly delayed since the update was released earlier than planned.
Due to the security patches in this update, it is strongly recommended that those who haven't updated from version 29.1.1 or older due to extension compatibility update now.
Changes/fixes:- "Web Developer" is now called "Developer Tools" in the menus.
- Updated and aligned about:home, the QuickDial page and logopage styling.
- Re-organized the privacy category in the preferences window.
- Enabled brotli compression for http for sites that support it. See implementation notes.
- Implemented EventTarget as a constructor.
- Updated Windows 10 toolkit styling.
- Updated the port blacklist (removed 10080). See implementation notes.
- CSS: Implemented calc() and animation support for stroke-dashoffset.
- Added support for checking boolean preferences to chrome CSS style sheets, to support more advanced theming options.
- Added support for dynamic dark color capable themes in CSS.
- Updated ResizeObserver implementation to a more recent specification. See implementation notes.
- Removed a metric ton of Macintosh code.
- Removed obsolete system theme support from the layout engine.
- Fixed several crashes.
- Linux: blocked particularly old versions of Mesa/Nouveau drivers due to issues.
- Security issues addressed: CVE-2021-30547 and several other issues that don't have a CVE number.
- Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 DiD, 2 deferred (DiD), 12 not applicable.
Implementation notes:
- Brotli compression (introduced a few years back) has originally been restricted to https only in web browsers because there was some concern about interaction with middleware boxes with poor design trying to transparently recompress data not recognizing the new compression stream type and causing failures. The kind of processing done in those boxes (SDCH) has long since been deprecated. Since then, the segregation for Brotli between http and https has been maintained by Chrome and Firefox as a vessel to further promote https over http by artificially keeping http less efficient (denying the use of the more dense Brotli compression). Since there is no technical reason not to enable Brotli over http, we will accept (by way of Accept-encoding) Brotli over plain http from this version on, offering up to 20% less bandwidth use when servers also support it.
- We maintain a blacklist of ports that should not be addressed from a browser (primarily to prevent scripted abuse). Not too long ago we updated these ports with a number of additional (higher range) ones, including port 10080 (Amanda). Unfortunately there is too much overlap with other common services/devices that also use this (arbitrarily chosen) port, so we've removed this particular port again from our blacklist.
- The ResizeObserver implementation was changed to now support the updated specification for this API, including the experimental properties contentBoxSize and borderBoxSize which allows finer control to respond to size changes of elements. The old spec sizing property of contentRect remains supported for web compatibility.
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update
To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment