This is a development and security release.
- Added a preference (network.http.upgrade-insecure-requests) to allow disabling requests for opportunistic encryption.
- Removed more telemetry code from the platform.
- Added experimental support for the AV1 video codec for MP4 containers (disabled by default).
- Cleaned up some media handling code, removing obsolete components for older target platforms.
- Ported all applicable security fixes from Gecko/64. Most of these fixes were merely defense-in-depth.
- Fixed a crash when using http pipelining over some broken proxies.
- Enhanced the WebP decoder to properly handle animated lossy and lossless WebP.
- Removed VR hardware support (both display and input types) from the platform.
- Updated the GMP update service URL to improve compatibility with DRM-encumbered media.
- Removed support for Firefox Accounts and changed the Sync client to work with Sync 1.1 (Weave).
The default server for using Sync is now the Pale Moon Sync server.
Please see this announcement on the forum for more details.
- Updated NSPR to 4.20.
- Updated NSS to 3.41, finalizing our platform support for TLS 1.3.
- Fixed a spec compliance issue with the location.protocol setter.