White Star Release Notes

White Star 29.4.1

This is a security update.

Changes/fixes:

• Fixed potential crashes. DiD
• Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 DiD, 8 not applicable.
  

White Star 29.4.0.1

This is an out-of-band update to address the following issue:

In 29.4.0, the optional FUEL component (long since deprecated precursor to the Mozilla Add-On SDK) was removed from Pale Moon. This had unexpected impact on a number of popular extensions as well as a few bits of core functionality that went unnoticed in our pre-release testing and unstable channel.

As part of our commitment to resolving issues and giving extension developers some more time to address any problems with this removal of the component from the browser, this update temporarily restores the FUEL component.

If you are an extension developer relying on FUEL components or namespaces (e.g. implicit 'Application'), please update your extension before the next major release.

White Star 29.4.0

This is a development, bugfix and security release. Our release schedule was adjusted here to provide web compatibility improvements and not just a security update this month.

Changes/fixes:

• Implemented promise.allSettled().
• Implemented global origin on windows and workers.
  
• Improved performance of memory allocations.
• Updated libcubeb to the current development version.
  This improves OSS compatibility and addresses potential crashes, performance issues and security issues.
  
• Updated SQLite to 3.36.0.
• Improved thread safety of the web content cache. DiD
• Added several fixes to avoid potential crashes and security issues. DiD
• Unified XUL Platform Mozilla Security Patch Summary: 5 DiD, 12 not applicable.
• Fixed a regression on Big Sur loading OpenGL.

White Star 29.3.0

This is a development, bugfix and security release.

Changes/fixes:

• "Web Developer" is now called "Developer Tools" in the menus.
  
• Updated and aligned about:home, the QuickDial page and logopage styling.
• Re-organized the privacy category in the preferences window.
• Enabled brotli compression for http for sites that support it. See implementation notes.
  
• Implemented EventTarget as a constructor.
• Updated the port blacklist (removed 10080). See implementation notes.
  
• CSS: Implemented calc() and animation support for stroke-dashoffset.
• Added support for checking boolean preferences to chrome CSS style sheets, to support more advanced theming options.
• Added support for dynamic dark color capable themes in CSS.
• Updated ResizeObserver implementation to a more recent specification. See implementation notes.
• Removed obsolete system theme support from the layout engine.
• Fixed several crashes.
• Security issues addressed: CVE-2021-30547 and several other issues that don't have a CVE number.
• Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 DiD, 2 deferred (DiD), 12 not applicable.

Implementation notes:

• Brotli compression (introduced a few years back) has originally been restricted to https only in web browsers because there was some concern about interaction with middleware boxes with poor design trying to transparently recompress data not recognizing the new compression stream type and causing failures. The kind of processing done in those boxes (SDCH) has long since been deprecated. Since then, the segregation for Brotli between http and https has been maintained by Chrome and Firefox as a vessel to further promote https over http by artificially keeping http less efficient (denying the use of the more dense Brotli compression). Since there is no technical reason not to enable Brotli over http, we will accept (by way of Accept-encoding) Brotli over plain http from this version on, offering up to 20% less bandwidth use when servers also support it.
• We maintain a blacklist of ports that should not be addressed from a browser (primarily to prevent scripted abuse). Not too long ago we updated these ports with a number of additional (higher range) ones, including port 10080 (Amanda). Unfortunately there is too much overlap with other common services/devices that also use this (arbitrarily chosen) port, so we've removed this particular port again from our blacklist.
  
• The ResizeObserver implementation was changed to now support the updated specification for this API, including the experimental properties contentBoxSize and borderBoxSize which allows finer control to respond to size changes of elements. The old spec sizing property of contentRect remains supported for web compatibility.

White Star 29.2.1

Changes/fixes:

• Worked around an issue with autocomplete popups sometimes failing to work (and added some debug console logging to it in case it happens to help find the root cause)
• Fixed an issue with DOM mouse scrolling throwing errors.
• Fixed a race with network detection routines firing incorrectly when resuming from standby.
• Fixed a crash when using large uploads through DOM.
• Reduced the number of reported "important preferences" in troubleshooting information, excluding individual printer details.
• Fixed an issue with the JS JIT compiler not tracing debugger environments (DiD).
  

There were no security issues that applied to UXP or White Star this release cycle.

White Star 29.2.0

Changes/fixes:

• When opening tabs from the History side bar, White Star will now warn you about the action if it would result in opening many tabs at once.
• White Star now offers "Open All in Tabs" on bookmark folders even if there is only one sub-item in it, for UI consistency.
• Added media format controls in the Content category of Preferences.
• Added controls for preferred color scheme. See implementation notes.
  
• Updated several site-specific user-agent overrides for web compatibility.
• Removed the ability to accept Firefox IDs for extension installation.
• Updated the AV1 reference library to 2.0.
• Cleaned up more Android code from the platform.
• Updated the embedded emoji font to cater to even more race-dependent profession emoji.
• Fixed an overflow in clip paths, potentially causing them to be rendered incorrectly.
• Added CSS values smooth, high-quality and pixelated to the image-rendering keyword.
• Implemented Intl.NumberFormat.formatToParts() to allow deconstruction of localized number formats by scripts.
• Reinstated the dom.details_element.enabled preference and fixed a rendering issue with summary/details html elements.
• Fixed an issue with CSP .nonce attributes on elements.
• Security issues addressed: CVE-2021-29946 DiD and CVE-2021-23994 DiD .
• Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 14 not applicable.

Implementation notes:

• This version adds support for the prefers-color-scheme CSS keyword. This keyword is a media query keyword that indicates to websites whether your content styling preference is "light" or "dark". Unlike other browsers where this will be tied to your system color scheme and determined automatically (which might be a point on which you can be fingerprinted, so this would be a privacy concern), we've decided to give the user control through Preferences -> Content -> Colors where you will find a new control to indicate your user preference (it defaults to "light" for everyone). While this control also gives you the option to disable this feature and effectively not support the keyword, be aware that this might cause issues on some websites that do not provide styling for "unspecified" color scheme preferences.
  In the future we may add an "automatic" option similar to other browsers in case you regularly switch your system application style from light to dark and v.v.
  

White Star 29.1.1

Changes/fixes:

• Updated NSS to fix certificate import and keygen regressions.
  
• Removed restrictions for units of width/height attributes on SVG elements.
  
• Enabled scrollbar-width CSS keyword by default.
  
• Security issues addressed: CVE-2021-23981 and a DiD fix for potential document parser confusion.
  
• Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 9 not applicable.
  

Copyright © DBSoft 2003-2021 Visits: 21228