Page 1 of 1

Pale Moon 26.0 released!

Posted: 2016-01-26, 14:21
by Moonchild
This is a new milestone release! It's been in the works for a good number of months, and has many hundreds of notable changes, fixes, and improvements that can't possibly all be listed here.

These release notes for this version are a concise summary, lifting out the most prominent and important changes.
Time permitting, I may expand the explanation of some of these points.

General release notes:
  • ImagePale Moon is now building on the new Goanna engine instead of Gecko. Although close relatives in terms of web technology, they are not the same under the hood and any reports of bugs with the layout/rendering engine should be as detailed as possible to allow us to pinpoint the cause of the bugs and fix them (just stating "it works in Firefox" really doesn't help us!). If you wish to report issues, please either use the issue tracker on GitHub or report a detailed description and steps to reproduce.
  • We've had to reduce the number of supported languages for our language packs. With the need to move to our own full localization and lacking translators to support and maintain less common languages in use around the world, we've reduced our number of offered languages to a little over 30. The languages still supported should more than cover the common languages spoken around the globe. You will need to update your language packs!
  • Although we've given this release extensive testing, it is still possible you run into some website compatibility issues (usually because of websites doing useragent sniffing) and e.g. some sites displaying a mobile version if they do not recognize or incorrectly recognize the new browser engine. Please always try contacting the webmasters first before posting support requests at our address, since this is usually not something we can provide solutions for, ourselves, and we end up having to redirect you anyway.
  • Please note that we do not have a synchronized release of the Android version at this time. We will have to investigate if PM4A can be upgraded to use the Goanna engine easily or not, and may for the time being opt to provide security updates on the current 25.* versions of it. We will provide information as it becomes available, but right now we will not have an update for the Android version.
Fixes/changes:
  • The layout parser/renderer has received many updates with this change over to Goanna, improving web compatibility and standards compliance in many areas.
  • The browser user interface has received updates, making it more compatible with Windows 10 in many respects and more in line with the general styles of the operating system version it is run on in terms of the shapes of controls and color setting.
  • Updated graphics/media support: Pale Moon now supports the WebP image format, properly scales EXIF rotated JPEGs, has updated support for different WebGL texture formats, improved scaling of vector images, updated libpng, libjpeg-turbo, libvpx, and misc other upstream libraries/modules, and more!
  • Library changes:
    • The library now has a scope bar (pops up when searching) with the option to select what you want to search in (either bookmarks or history) and the option to save your searches.
    • By default, there will be a history menu drop-down in the browser's user interface next to the bookmarks one.
    • Added "Containing folder" and "Containing folder path" columns so you can see exactly where a bookmark is located at a glance when searching (after enabling the columns).
  • Added support for Ruby annotations. If you need this functionality, set the about:config preference browser.ruby.enabled to true, and restart the browser.
  • Added conservative image decoding: it will now only decode images that are (almost) in view, greatly improving overall memory use and initial loading of graphics-heavy pages.
  • Aligned 3D CSS transforms and perspective with the spec.
  • JavaScript improvements: added basic support for ES6 Promises, added element.matches(), updated property assignments, added Bin/Oct literals in Number(), improved performance of TypeOf calls, improved GC memory shrinking, improved memory allocations, improved RegEx performance and compatibility, and more!
  • Added CSS media queries to determine the OS the browser is running on, allowing theme designers to make specific changes based on OS at run-time.
  • Added a control preference for onunload= events as dom.disable_beforeunload. This allows you to completely disable events fired when leaving a page.
    Please understand that this is a double-edged sword, because the "onunload event" is used both for legitimate and annoying reasons. E.g.: it will prevent you from losing unsaved edits by navigating in a web application, but will also prevent annoyances like "wait, check this offer before you leave" that some websites insist on throwing at visitors. Switch this at your own risk of losing work.
    Note: this is a hidden pref at this time. To set it create a new "boolean" value in about:config from the right-click menu.
  • Changed the memory allocator to the (faster) system allocator on modern operating systems.
  • Improved the handling of very large numbers of tabs.
  • Added Ecosia as a "green" search engine alternative for the environmentally aware surfer.
  • Autoplay of media now has a separate control preference for scripted content as media.autoplay.allowscripted, to block script-initiated autoplay of media.
Security updates:
  • Added support for 128-bit Camellia-GCM ciphers in addition to the existing CBC ciphers to offer a more internationally diverse choice of secure encryption ciphers than just AES.
  • Added an advanced, active XSS (cross-site scripting) filter. Pale Moon will now check for XSS attacks and block XSS content in the resulting pages. This is brand-new technology and feedback on this filter specifically (e.g. bugs, false positives, etc.) should be posted in the dedicated thread for this feature. Please also see that thread for details on how to use and control this filter.
  • Distrusted several root certificates in accordance with security best practice.
  • Aligned cookie acceptance with RFC 6265 ยง4.1.1. We still make an exception for allowing spaces and double quotes in cookie values, but this will be made more strict in the future for full spec compliance. If you are a web designer and use cookies, please verify that you are RFC compliant in terms of both cookie names and cookie values, or the browser may reject them.
  • Removed several hazardous modules like the maintenance service and the identity module.
  • Ported all security updates from Mozilla that are applicable/relevant to our code base (up to and including all security issues made known to us until now). Considering v26 has been kept updated over its long development until release, the list of fixes/CVEs would be too exhaustive to list in these release notes individually.