13.6.13

x Remove source comments from installable packages
x Replace browser-polyfill.js with an empty stub in Firefox
builds
x Reduce console spam by deferring the logging of messaging
errors due to premature unloading (tor-browser#44673)
x Ensure event hooking does not break window-level listeners

v 13.6.12

x [nscl] Do not limit CSS prefetching to 3rd party / DNS
when used beyond PP0 mitigation
x Better support for debug builds
x Ensure NavCache is awake when used

v 13.6.11

x Remove -webkit-appearance and -moz-appearance occurrences
x [UX] Restore 12px as the base font size on desktop
(related to #529)
x [UX] Fix onboarding page dismissed when clicking on the
background
x Safer version bumping

v 13.6.10

x [nscl] Account for xray being unrelevant and missing in
Worker scope when patching trustedTypes

v 13.6.9

x [nscl] Multiple xray-related fixes (tor-browser#44778)
x Allow building if tree changes are not in the source code

v 13.6.8

x [L10n] Updated el, ru from Localization Lab
x [nscl] Fix XrayWrapper problems with Worker constructor
arguments (tor-browser#44761)
x [XSS] Updated IC_EVENT_PATTERN generation (thanks Security
Research Labs for report)
x [nscl] Use xray to proxify trustedTypes.createPolicy when
needed (fixes tor-browser#44767)=
x [UX] Better approach to ensure customizer is visible on
the bottom of the scrollable area
x [UX] Prevent longer URLs from breaking customizer layout
and force unwanted horizontal scrolling
x [UX][Android] Improved gesture event activation
x [XSS] Unconditionally include acorn.js dependency to
account for some browsers (IronFox?) breaking native
syntax checking (#535)
x Fix misleading CASCADED labels for DEFAULT entries when
full addresses are shown (thanks fatboy for reporting)
x [nscl] Fix breakages on older browser versions not
supporting Trusted Types yet
x Support deployment completion after automatic signing
failure and manual re

v 13.6.6

x [XSS] Fix false positives regression due to the MV3 WIP
(issue #520)

v 13.6.5

x [UX] "S" gesture: change default to disabled
x [UX] "S" gesture on-screen description and lower
activation threshold (issue #519)

v 13.6.3

x [UI] Improved gesture initiation calibration
x [Android] Fixed gesture not opening the popup on Firefox
Nightly

v 13.6.2

x [Android] Auto-close the site UI tab when right-swiping to
home
x Add "S" gesture to open NoScript UI

v 13.6.1

x [nscl] Fix manifest version filter omitting scripts from
html documents (thanks ppxxbu for reporting)

v 13.6

x Hardened subcontext environment modification machinery
x Improved stable/pre channel assignment by version number
matching
x Autoreload extension on UI initialization failure
x Simplify policy fetching
x Refactor and rationalize edge case sync/async policy
fetching
x [Chromium] Fix null origin subdocuments always getting the
fallback locked down policy
x [nscl] [Chromium] Prevent uuid() from polluting Main World
browser contexts (#508)
x [nscl] [Chromium] Cross-browser worklet patching

v 13.5.12

x Convert PNG images to WEBP
x [UX][Android] Improve support for increased font size
configurations
x Make deploy2tor.sh default to latest unpacked firefox
manifest.json
x [UX] Fix first selected preset not being focused
automatically on popup opening (issue #506)
x Prevent mid-session updates on Android in global PMB
(tor-browser#44398)
x [UX] Fix keyboard navigation regression (issue #506)
x [UX] Improved readability of focused icon buttons

v 13.5.10

x [UX] Smoother popup initialization
x [UX] Scrolling area optimization
x [UX] Fickering reduction
x [UX] Various visual tweaks

v 13.5.9

x Fix missing https-only icon regression (thanks Ingo
Brückl for reporting)

v 13.5.8

x Fix site label misalignment (thanks Ingo Brückl for
reporting)

v 13.5.7

x [nscl] Improved document freezing and CSP insertion
x Control manually navigated top-level data: URIs
(tor-browser#44482)

v 13.5.6

x file:// quirk mode compatibility, thanks peterbg for
reporting
x Add option to disable automatic page reloading on
permissions change (fixes issue #42)

v 13.5.5

x [nscl] DocumentFreezer bug fixes and improvements (fixes
#496)
x [nscl] Improved DocRewriter web compatibility (see
tor-browser#44450)

v 13.5.4

x [UX] Fix regression in sites UI live reload (issue #500)

v 13.5.2

x [L10n] Updated zh_CN
x [UX] Fix minor issues with UI titles
x [nscl] Fix cascade restrictions causing empty capabilities
(issue #492)

x [UX] Show onboarding page on settings reset
x [l10n] Lowered Transifex merge threshold to 50%
x [L10n] Updated bn, br, ca, da, el, es, fa, ja, lt, ms, nb,
ro, sv_SE
x [UX] Scary styling for restrictions disablement option
x [UX] Turn on restrictions when a behavior is selected
x [UX] Zoom-in site classification behavior transition
x [UX] More presentation / styling tweaks
x [L10n] Updated de, fi, fr, he, is, it, mk, nl, pl, pt_BR,
pt_PT, ru, sq, tr, uk, zh_CN, zh_TW
x [UX] Improved modifier button styling
x [UX] Colorized site classification behavior options
x [UX] Implement first install onboarding page
x [UX] Further behavior UI synchronization fixes (thanks
fatboy for reporting)
x [UX] Various style tweaks for Android
x Fixed autoAllowTop bug on Chromium
x [UX] Fixed some user-visible messages (thanks Tonnes for
reporting)
x [UX] Fix possible race condition on classification
behavior UI initialization (thanks fatboy for reporting)
x [UX] Classification behavior: improved code formatting and
synchronization
x [UX] Support links
x [UX] Added missing bidirectional UI synchronization step
x [UX] Complete classification behavior wiring
x [UX] Hide classification behavior UI in Tor/Mullvad
browsers
x [L10n] Updated de, fa, fi, fr, it, nl, pl, pt_BR, pt_PT,
x [UX] "Site Classification Behavior" (usability level)
selector
x [UX] Support multiple UI listeners
x [UX] Handle more media placeholder edge cases
x [UX] Localize capabilities in status tooltip
x [UX] Fix DEFAULT wrongly styled as canScript on unsafe
URLs
x [nscl] Fixed DomFreezer regression on first file:// load
due to onbeforescriptexecuted deprecation (thanks Anton K
for reporting)
x [L10n] Updated nl
x build.sh + automatically increments current version
x [UX] Always show the stricter top-level site match on top
of the list (thanks fatboy for suggestion)
x [UX] Do not show CASCADED label for DEFAULT entries
matching the top-level site
x [UX] More cascading permissions bug fixes
x [L10n] Multiple localization updates
x [UX] Improved visual feedback for cascaded permissions
(thanks fatboy for bug reporting)
x [UX] Cascading permissions frontend
x [nscl] [UX] Force artificial placeholders creation on
x.com even if no real media object is in the DOM
x [nscl] Cascading permissions support (backend)
x [nscl] Do not let AUTO-TRUSTED override policies other
than DEFAULT
x [L10n] Updated de, fr, ru
x [UX] Fixed theme configuration caching bug
x [UX] Fix AUTO-TRUSTED preset titles
x [UX] Improved UI labeling for automatically trusted
top-level sites
x [L10n] Updated it
x Imported settings version migration support
x Export settings metadata and versioning support
x Mitigate x-load protection affecting file:// documents
load times (issue #455, thanks Meludall for patch)
x [UX] Better handling of clicks on obstructed placeholders

v 13.4

x [UX] More concise and compact placeholders
x [UX] Include all the suppported capability types in the
tooltip blocked/used report

v 13.2.2

x Work-around for issue #462
x [L10n] Updated fr, pl, zh_CN
x Resolve implicit dependencies from createHTMLElement()
x [Android] Erase temporary permissions when all the tabs
closed (issue #464)
x [Android] Make NoScript Options' top buttons fit in one
row
x Typo in comment in LifeCycle.js

v 13.2.1

x Fix bugs with Tor Browser unknown capabilities handling
x Work-around for Tor Browser Security Levels not being
aware yet of the wasm capability
x [nscl] Make wasm usage attempt notification
Chromium-compatible
x [L10n] Updated de, ru, tr

v 13.1

x New wasm capability to control WebAssembly per site
x [L10n] Updated is, pt_BR
x Adopt the Chromium prefetch CSS CORS work-around on Gecko
(torbrowser#44239 fix)
x Best effort to avoid extra temporary tabs for sidebar
detection

v 13.0.9

x [UX] Increase contrast for non-HTTPS site labels in dark
mode (thanks Soothsayer for reporting)
x [L10n] Updated he, pl, tr, uk
x [Tor] Align Tor/Mullvad Browser integration logic and UI
with "persistent mode" (mullvad-browser#455)
x Switch to ?. operator and tidy up surrounding code

v 13.0.8

x Reduce annoyances and false positives from sidebar content
detection (issue #444)
x Fix automatic top level trust conflict with existing
contextual policies (issue #441)

v 13.0.6

x Use frameAncestors whenever possible for top URL
retrieving

v 12.6

x Make contextual policies override restriction cascading
(tor-browser#43397)
x [Chromium] Fix 12.5.9xx prompt closure regression
x [Chromium] Full x-load checks Chromium support
x Better offscreen placeholders for x-load
x [l10n] [Chromium] Make x-load capability localization
Chromium-compatible
x [L10n] Updated de, fr, he, ru, tr zh_CN
x [UX] Honor non-contextual x-load capability granted from
NoScript Options (thanks barbaz for RFE)
x Prevent data: URIs from messing with srcset parsing
(thanks fatboy for reporting)
x Regard as "mutually safe" for x-load directories sharing a
common ancestor
x [UX] Make x-load capability visible for CUSTOM file:
entries in NoScript Options (thanks barbaz for RFE)
x [UX] Fixed prompt window leaks (tor-browser#43281)
x [UX] Make object unblocking temporary and contextual by
default, with choices in the prompt
x [nscl] Option to clone Permissions without context
x Always honor the "Collapse blocked objects" option
x Refactor top-level auto-trust and make it contextual
(issue #417)
x [nscl] Remove noisy debug statement
x [UX] UI support for extra floating capabilities (x-load)
x Integrate event handlers suppression with blocking if
needed (thanks Adithya Suresh Kumar for reporting)
x [nscl] Refactor xray proxification
x Fix incorrect assumptions about some DOM element
properties reflecting URLs (thanks Adithya Suresh Kumar
for reporting)
x [nscl] Fix race condition between multiple extensions
using MV3/DNR SyncMessage (JShelter#146, thanks polcak for
reporting)
x Suppress some event handlers (tor-browser#43491, thanks
Adithya Suresh Kumar for reporting)
x [build] Publish XPIs only after their signed
x [build] Improved version bump commit logic

v 12.1.1
============================================================
x Fix automatic reloading broken if the background script /
service worker is not already initialized on UI load
x Re-enable signing logging

v 12.1
============================================================
x [nscl] Improved work-around for Youtube placeholder
displacement (tor-browser#43296)
x [L10n] Updated pl
x Avoid synchronous policy fetching if document is already
complete (e.g. on extension updates)
x Remove more MV3-only entries from MV2 manifest
x Remove pre-release version check on signing
x More informative debug logging
x Fixed misplaced update_url in development builds (thanks
DJ-Leith for reporting)
x Switch Firefox development build version format to *.9xx
(like Chromium)
x Cross-browser and cross-manifest compatibility down to
Gecko 115
x Improved cross-browser and cross-manifest development and
build ergonomics
x Fixed RequestGuard on Firefox still using CSP.blocks() as
an instance method
x Improved cross-browser and cross-manifest support
x Do not reload affected tabs before saving XSS user
choices, if any
x [nscl] Several performance and reliability enhancements
from NSCL
x [nscl] Updated to latest NoScript Commons Library
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)

v 11.5.2
============================================================
x [tor-browser#43257] More efficient, flexible and
race-resistant placeholder styling

v 11.5.0
============================================================
x [tor-browser#32668] Use the Security Level as the default
policy for Options Reset on Tor Browser
x [tor] Stateless-compatible Tor Browser integration
x [L10n] Updated pt_BR
x Stateless-compatible temporary permissions
x Switch from deferWebTraffic to Wakening
x Stateless-compatibile TabGuard
x Switch to non-persistent background page
x [xss] Refactor for non-persistence
x Removed Fennec-specific code
x Bump min Gecko compatibility to 115.0 (stateless
background script support)

v 11.4.42
============================================================
x [nscl] Further SyncMessage simplification
x Mitigate race conditions on startup

v 11.4.41
============================================================
x [nscl] Fixed Chromium worker patching regression caused by
failSafe scope
x [nscl] Force service workers to be patched bypassing cache
x [nscl] More robust SyncMessage implementation
x [nscl] Enhanced remote worker patching
x [nscl] Remove missing source map warning for
browser-polyfill.js
x [nscl] Better console handling in execution context
patches
x Reduce console spam on non-debugging instances
x [nscl] Avoid patched workers breakage if console API is
disabled (thanks ayi for reporting)