uMatrix version history - 23 versions
uMatrix by Raymond Hill
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 1.4.4
Released Jul 20, 2021 - 1.39 MBWorks with firefox 56.0a1 and later, android 120.0 and laterSource code released under GNU General Public License v3.0 only
Download FirefoxYou'll need Firefox to use this extensionOlder versions
Version 1.4.2
Released Jul 19, 2021 - 1.68 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Source code released under GNU General Public License v3.0 only
Version 1.4.0
Released Sep 5, 2019 - 1.63 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Release notes
Changes
A new raw setting has been added:suspendTabsUntilReady
. The purpose is exactly the same as the same setting in uBlock Origin, so you can refer to uBO's documentation. That setting is taken into account only with Chromium-based browsers, as Firefox is properly equipped to deal with network requests fired before uMatrix is ready.
Closed as fixed:
- Cookies missing on very first request if website has service worker with fetch event handler
- Incorrect display of hostnames with numbers in the logger
- Custom recipe does not appear
- Requests bypass uMatrix on Firefox start
Pull requests- Show placeholder for blocked
frame
elements by xofe - More unused code cleaning by rhendric
- Cleaning by rhendric
- Minor fixes by xofe
Commits to master since last release.Source code released under GNU General Public License v3.0 only
Version 1.3.16
Released Dec 27, 2018 - 1.72 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Changes
Logger
The popup panel is now tab selector-bound (rather than logger entry-bound), i.e. it is associated with the tab currently selected.
There is a new UI to allow setting rules on a per logger entry basis (click the 3rd column): it is similar in look and use to the matrix UI, but it is minimalist: rules which are relevant only for the current entry in the logger are shown. [Note that I am having second thoughts about that new UI -- hence why I have held on releasing a new stable version, because it still does not give access to the per-scope switches. Ideally I should reuse the popup panel, but this will require refactoring work. However, I can't keep on holding forever a stable release, so for now this will be the solution for dealing with setting rules for tab-less network requests.]
Two columns have been added:
- a column to provide the scope in which network requests are made;
- a column to provide visual hint for the third-partyness of requests.
The visual to represent tab-less network requests has been modified. Tab-less network requests will now be represented with "curtains" in the 3rd column.
Closed as fixed:
- "Corrupted Content Error"
- Logger not working in sidebar
- When pasting multiple lines into the rules editor they are joined together in a single line
- Is there a way to disable JavaScript in local file:// for firefox?
- The idea for the fix has been borrowed from NoScript: use a DOM-based
<meta http-equiv=...>
tag to inject CSP directives. This will apply only to documents fetched usingfile:
scheme.
- The fix requires the API
browser.contentScripts
, which only Firefox supports.
- The idea for the fix has been borrowed from NoScript: use a DOM-based
- Migrate icons to FontAwesome svg files (from the font file)
- Race condition potentially causing auto-update to be disregarded at launch time
- Behind-the-scene broken at gmail
- Images, videos opened directly in a tab are bypassing respective block rules
- Multiple Redirects Fail
- Some entries are only briefly shown in uMatrix
Source code released under GNU General Public License v3.0 only
Version 1.3.14
Released Aug 27, 2018 - 1.72 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.14 available here.
Closed as fixed:
- uMatrix uses the false domain 1.wyciwyg-scheme instead of the real one
- My rules tab hangs with cloud storage support
Commit history between 1.3.12 and 1.3.14Source code released under GNU General Public License v3.0 only
Version 1.3.12
Released Jul 17, 2018 - 1.72 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.12 available here.
Closed as fixed:
Commit history between 1.3.10 and 1.3.12Source code released under GNU General Public License v3.0 only
Version 1.3.10
Released Jun 11, 2018 - 1.69 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.10 available here.
Closed as fixed:
Commit history between 1.3.8 and 1.3.10Source code released under GNU General Public License v3.0 only
Version 1.3.8
Released Apr 25, 2018 - 1.68 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.8 available here.
Closed as fixed:
- Ruleset pane size miscalculated
- Placeholder in logger "Network error" message is not replaced
- Shared Workers
Commit history between 1.3.6 and 1.3.8Source code released under GNU General Public License v3.0 only
Version 1.3.6
Released Apr 7, 2018 - 1.68 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.6 available here.
Changes:
CodeMirror's MergeView has been integrated into the "My rules" pane, this should make it easier to manage your ruleset.
Improved the visuals and behavior of Recipes icon (the puzzle icon) in popup panel.
Closed as fixed:
Commit history between 1.3.4 and 1.3.6Source code released under GNU General Public License v3.0 only
Version 1.3.4
Released Mar 18, 2018 - 1.55 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.4 available here.
New
[Status: experimental] A new button ("puzzle" piece icon) is available in the popup panel: uMatrix will offer you the ability to import community-contributed ruleset recipes which are relevant to the current page (see #30). Hopefully there will be many contributions to populate ruleset recipes ready to be used to unbreak sites.
A tooltip has been added to the global scope selector (*
) in the popup panel.
A new setting has been added in the Settings pane: "Disable tooltips".
Changes
The setting "Show the number of distinct requests on the icon" has been changed to "Show the number of blocked resources on the icon": the number of blocked resources is much more useful than the number of distinct resources. This will make it clear now that uMatrix is still blocking stuff even after you think you had configured it to no longer block stuff (example: #938).
The icon badge is back to being enabled by default with new installations of uMatrix.
Closed as fixed:
- Ability to enforce
_escaped_fragment_=
- Report more accurately that resources are being blocked following page load
- [Performance] Implement ability to snapshot memory to improve load times
- When first installing uMatrix, the setting "Auto-update hosts files" is disabled by default
Commit history between 1.3.2 and 1.3.4Source code released under GNU General Public License v3.0 only
- Ability to enforce
Version 1.3.2
Released Jan 22, 2018 - 1.54 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.2 available here.
Closed as fixed:
Commit history between 1.3.0 and 1.3.2Source code released under GNU General Public License v3.0 only
Version 1.3.0
Released Jan 21, 2018 - 1.54 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.3.0 available here.
Fixed:
noscript
tags improperly rendered in XML-based HTML documents (report).- No way to configure advanced settings in uMatrix/webext
- Pages can detect uMatrix's presence with pure CSS
Commit history between 1.2.0 and 1.3.0Source code released under GNU General Public License v3.0 only
Version 1.2.0
Released Jan 4, 2018 - 1.43 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Complete release notes for 1.2.0 available here.
Changes
Appearance
More choices of text size for the matrix UI in the Settings pane (text size dictates the popup panel size).
Per-scope switches
New switch: "Forbid web workers"
Purpose should be obvious.
Note that nuisance coin miners typically use web workers, so forbidding web workers globally might be a good idea, though mind that there are legitimate use for web workers. Keep in mind many of these miners are launched as 1st-party, so the new switch allows you to forbid them even when you allow 1st-party scripts.
uMatrix is able to detect when a web worker is being instantiated. However, this does not work for Firefox 57-58, but works fine in Firefox 59 (Nightly). The reason is that SecurityViolationPolicyEvent has been implemented just recently in Nightly.
So this means if you are using uMatrix with Firefox 57-58, uMatrix will be unable to report to you whether web workers are used by a page, though you will be able to block these fine with the new per-scope switch. With Nightly, use (or attempt to use) web workers is properly reported in the logger and in the popup panel.
Per-scope switches redesigned and renamed
"Strict HTTPS" has been renamed "Forbid mixed content": I see too many instances of people thinking this feature is a replacement for HTTPS Everywhere: it is not.
The new visual will now convey whether a switch is relevant for the current document. A dot in the toggle button means that the switch is relevant, i.e. uMatrix may affect the page if the switch is toggled on.
- Forbid mixed content: a dot means that mixed content has been detected on the page.
- Forbid web workers: a dot means that web workers have been detected on the page (as mentioned above, the detection does not work for Firefox 57-58).
- Spoof
referer
header: a dot means that 3rd-party referrer information has been seen in network traffic. - Spoof
<noscript>
tags: a dot means<noscript>
tags have been detected in the current page.
I added info links to each per-scope switch: the links are pages from Mozilla Developer Network, so this gives a chance for the page to load in the user locale.
Logger
Ability to open the logger in the sidebar.
Note that since the logger is unified, should you open additional logger views, these will be left unused, until the first view is closed. By design.
Closed as fixed:
Commit history between 1.1.20 and 1.2.0Source code released under GNU General Public License v3.0 only
Version 1.1.20
Released Dec 13, 2017 - 1.42 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.20
Changes: Settings
A new option in the Settings pane, as requested in #335:
[x] Collapse placeholder of blacklisted elements
Checked by default.
The purpose of this new setting should be obvious: it makes it possible to collapse discriminately elements according to whether they were blocked as a result of a hostname being blacklisted or as a result for a more generic block rule.
For example, 3rd-party iframes are blocked by default. But you may not want embedded Youtube videos to be collapsed, while on the other hand you may want embedded ads from some blacklisted origins to be visually collapsed. The new settings allows to distinguish between blocked and blacklisted.
Changes: Logger
The logger will now inform when uMatrix removes/modifies HTTP headers:
- An uppercase
COOKIE
entry means that an outgoingCookie
header was removed;
- An uppercase
REFERER
entry means that an outgoingReferer
header was modified;
These are reported only for network request of typedoc
, so as to not spam logger output since referrer spoofing and cookie header removal can occur for every single network request.
Accepted pull requests:
Closed as fixed:
- Blocked images download but only briefly display when loaded directly
- Remove
Referer
instead of spoofing it for non-GET
requests
- SVGs not interact properly if scripts are blocked (though it says 0 scripts in the page)
- Script not detected on cgit commit page
- Collapse placeholders for blacklisted hostnames
Commit history between 1.1.18 and 1.1.20Source code released under GNU General Public License v3.0 only
- An uppercase
Version 1.1.18
Released Dec 6, 2017 - 1.42 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.18
Closed as fixed:
- uMatrix dropdown renders as empty and inactive
- This was affecting people who completely forbid cookies on all sites.
- This was affecting people who completely forbid cookies on all sites.
- Completed fix to "
<noscript>
is ignored when uMatrix blocks JavaScript"
- Automatic redirect when there is a
meta http-equiv="refresh" ...>
tag present.
- Automatic redirect when there is a
Commit history between 1.1.16 and 1.1.18Source code released under GNU General Public License v3.0 only
- uMatrix dropdown renders as empty and inactive
Version 1.1.16
Released Dec 4, 2017 - 1.42 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.16
Fixed: uMatrix dropdown renders as empty and inactive
Summary of Release notes for 1.1.14
Changes
The Privacy pane has been merged into the Settings pane in the dashboard.
Privacy-wise flawed user agent switcher removed
User agent spoofing as been removed. This was planned since a long while. The bottom line is that user agent spoofing for privacy purpose is best left to a dedicated extension, and really your best choice privacy-wise is probably to rely on Firefox's recent fingerprinting-resistance feature.<noscript>
tags
A new global setting has been added in the dashboard: "Spoof<noscript>
tags when 1st-party scripts are blocked". Disabled by default so as to not change uMatrix's current behavior.
Since spoofing<noscript>
is not necessarily always desirable, the global setting can be overridden on a per-scope basis with the "<noscript>
tag spoofing" switch.
This feature is most useful to users who block 1st-party scripts by default.
Note that this might be the long term approach used for enabling<noscript>
tags: the approach planned by Firefox is not really suitable to uMatrix, as this would require to completely disable javascript for a site (causing the matrix ruleset to be disregarded), while with the current approach, one can still enable 3rd-party scripts and yet have the<noscript>
tags spoofed.
I have observed that the feature behave slightly differently on Firefox than on Chromium: Firefox will not react to<meta http-equiv="refresh">
tags, while Chromium does. I do believe this can be fixed, and I will experiment more with this.
Blocked root document
Ability to parse the URL of blocked document has been imported from uBO:
Document blocked example
Unlike uBO however, the parsed URL information is expanded by default since uMatrix is meant for advanced users (you can collapse it by clicking on the magnifier).
Logger
Ability to open the logger in its own (popup) window, just as with uBO. If you want the logger to be in its own separate window, pressShift
while clicking the logger icon will cause the logger to always be launched as a separate window. You do not need to press theShift
next time, it's only used to toggle between both attached/detached states.
Closed as fixed:
- uMatrix doesn't keep "show only domains" in Private Window
- Logger's embedded popup panel fails to resize properly
- Bypass redirects
<noscript>
is ignored when uMatrix blocks JavaScript- navigator.platform is exposed despite Spoof User-Agent
Commit history between 1.1.12 and 1.1.14Source code released under GNU General Public License v3.0 only
Version 1.1.14
Released Dec 4, 2017 - 1.42 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.14
Changes
The Privacy pane has been merged into the Settings pane in the dashboard.
Privacy-wise flawed user agent switcher removed
User agent spoofing as been removed. This was planned since a long while. The bottom line is that user agent spoofing for privacy purpose is best left to a dedicated extension, and really your best choice privacy-wise is probably to rely on Firefox's recent fingerprinting-resistance feature.<noscript>
tags
A new global setting has been added in the dashboard: "Spoof<noscript>
tags when 1st-party scripts are blocked". Disabled by default so as to not change uMatrix's current behavior.
Since spoofing<noscript>
is not necessarily always desirable, the global setting can be overridden on a per-scope basis with the "<noscript>
tag spoofing" switch.
This feature is most useful to users who block 1st-party scripts by default.
Note that this might be the long term approach used for enabling<noscript>
tags: the approach planned by Firefox is not really suitable to uMatrix, as this would require to completely disable javascript for a site (causing the matrix ruleset to be disregarded), while with the current approach, one can still enable 3rd-party scripts and yet have the<noscript>
tags spoofed.
I have observed that the feature behave slightly differently on Firefox than on Chromium: Firefox will not react to<meta http-equiv="refresh">
tags, while Chromium does. I do believe this can be fixed, and I will experiment more with this.
Blocked root document
Ability to parse the URL of blocked document has been imported from uBO:
Document blocked example
Unlike uBO however, the parsed URL information is expanded by default since uMatrix is meant for advanced users (you can collapse it by clicking on the magnifier).
Logger
Ability to open the logger in its own (popup) window, just as with uBO. If you want the logger to be in its own separate window, pressShift
while clicking the logger icon will cause the logger to always be launched as a separate window. You do not need to press theShift
next time, it's only used to toggle between both attached/detached states.
Closed as fixed:
- uMatrix doesn't keep "show only domains" in Private Window
- Logger's embedded popup panel fails to resize properly
- Bypass redirects
<noscript>
is ignored when uMatrix blocks JavaScript- navigator.platform is exposed despite Spoof User-Agent
Commit history between 1.1.12 and 1.1.14Source code released under GNU General Public License v3.0 only
Version 1.1.12
Released Nov 26, 2017 - 1.44 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.12
New mini-guides for new users
- The popup panel
- How to create rules which apply everywhere, on all web sites
- How to block 1st-party scripts everywhere by default
- How to work in hard 3rd-party default-deny by default
- How to work with only global rules and all scripts blocked by default
- How to "allow-all" in uMatrix
- How to get past "uMatrix has prevented the following page from loading
Ongoing work
Accepted pull requests:
- @PenguinDad: Fix color-blind friendly mode (dev build regression)
- @shub-nougat: Scopes hover
- @xofe: Minor fixes
- @xofe: Remove some unused resources (holdovers from HTTPSB)
- @StoyanDimitrov: Remove unused l10n string
- @Neui: Use native textarea when editing user rules
- @Pulsera: Commented out unused code
Commit history between 1.1.10 and 1.1.12Source code released under GNU General Public License v3.0 only
Version 1.1.10
Released Nov 22, 2017 - 1.66 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.10
Fixed a minor CSS regression causing the persist/erase buttons to not be properly updated while in the global scope (reported here).
Summary of Release notes for 1.1.8
Changes
You can now set the default scope level in the Settings pane in the dashboard (as requested in #821). The popup panel will always use the selected default scope the first time it is opened (whereas before the last selected scope was used).
The scope selector in the popup panel has been revisited as per suggested solution in #821. It works very well compared to the previous way of selecting a scope (dropdown list). Other virtuous side effects:- it puts the ability to work in global scope in full view -- this will probably help dispel the often heard erroneous conclusion that it is not possible to create global rules.
- it also enables the ability to set the scope to anything in between full hostname and top-level domain (as per Public Suffix List).
Firefox for Android
Tentative support for Firefox for Android. See #828. I was not planning to maintain a version for Android, but contrary to what I thought, it turns out this might be just a trivial task (thanks to webext).
Closed as fixed:
Commit history between 1.1.6 and 1.1.10Source code released under GNU General Public License v3.0 only
Version 1.1.8
Released Nov 22, 2017 - 1.66 MBWorks with firefox 56.0a1 and later, android 56.0a1 to 68.*Summary of Release notes for 1.1.8
Changes
You can now set the default scope level in the Settings pane in the dashboard (as requested in #821). The popup panel will always use the selected default scope the first time it is opened (whereas before the last selected scope was used).
The scope selector in the popup panel has been revisited as per suggested solution in #821. It works very well compared to the previous way of selecting a scope (dropdown list). Other virtuous side effects:
- it puts the ability to work in global scope in full view -- this will probably help dispel the often heard erroneous conclusion that it is not possible to create global rules.
- it also enables the ability to set the scope to anything in between full hostname and top-level domain (as per Public Suffix List).
Firefox for Android
Tentative support for Firefox for Android. See #828. I was not planning to maintain a version for Android, but contrary to what I thought, it turns out this might be just a trivial task (thanks to webext).
Closed as fixed:
Commit history between 1.1.6 and 1.1.8Source code released under GNU General Public License v3.0 only
Version 1.1.6
Released Nov 20, 2017 - 1.69 MBWorks with firefox 56.0a1 and laterSummary of Release notes for 1.1.6
Changes
Important: A new default rule has been added following investigation of that issue. The rule will exist for new installations of uMatrix, but will not be imported for existing installations of uMatrix. In such case, I strongly suggest you add it manually in your My rules pane (don't forget to commit):matrix-off: wyciwyg-scheme true
Closed as fixed:
- frames still blocked after pressing umatrix reload button
- Pressing
Shift
while clicking the reload button will now cause the browser cache to be bypassed, which is sometimes necessary after adding/removing rules.
- Pressing
- Make placeholders in iframes clickable
- The placeholders were already clickable, the clickable item has just been made a bit larger.
- The placeholders were already clickable, the clickable item has just been made a bit larger.
Commit history between 1.1.4 and 1.1.6Source code released under GNU General Public License v3.0 only
- frames still blocked after pressing umatrix reload button
Version 1.1.4
Released Nov 14, 2017 - 1.68 MBWorks with firefox 56.0a1 and laterSummary of Release notes for 1.1.4
Much translation work has been imported from https://crowdin.com/project/umatrix.
Closed as fixed:
- Cloud storage merge button broken
- The pull-and-merge button does not visually render completely properly on Firefox (the plus sign is supposed to be top-right), I still need to investigate this.
- The pull-and-merge button does not visually render completely properly on Firefox (the plus sign is supposed to be top-right), I still need to investigate this.
- "Preferences" in about:addons should lead to the preferences
Commit history between 1.1.0 and 1.1.4Source code released under GNU General Public License v3.0 only
- Cloud storage merge button broken
Version 1.1.0
Released Oct 5, 2017 - 1.68 MBWorks with firefox 56.0a1 and laterSource code released under GNU General Public License v3.0 only