v 11.0.32
============================================================
x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance

v 11.0.31
============================================================
x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode

v 11.0.30
============================================================
x Discoverable option to force site-leaking UI in
PBM/Incognito
x [L10n] Updated he
x Easier keyboard navigation of preset configuration
x Yellow-less UI palette

v 11.0.29
============================================================
x Consistent focus appearance across desktop and mobile
x Fixed regression on Firefox 68 for Android: UI cannot be
closed (thanks swalchko for report)

v 11.0.28
============================================================
x Don't enforce Incognito UI restrictions if the "Override
Tor Browser Security Level preset" option is checked
x Incognito-aware permissions persistence and UI
(https://trac.torproject.org/projects/tor/ticket/29957)
x Removed inline preset options relics
x Reset non-secure site matches to DEFAULT unless setting
UNTRUSTED to avoid confusion on preset changes
x [A11y] Keyboard-based UI navigation
x Updated TLDs
x Work-around Gecko 77 cached CSP issues (thanks acat for
https://trac.torproject.org/projects/tor/ticket/34305)

v 11.0.26
============================================================
x UI adjustments for better mobile experience (thanks Bram
Pitoyo for suggestions)
x Updated HTML 5 events archive
x Updated TLDs
x Fixed hard reload needed after releasing restrictions
(regression on Firefox Beta)
x Fixed 3rd party scripts blocking regression on Firefox
Trunk due to XBL removal (thanks guardao for reporting)
x Fixed typo in unused yet code

v 11.0.25
============================================================
x [XSS] Fixed false positives and timeouts (thanks riaggren
for report)

v 11.0.24
============================================================
x Fixed SoundCloud login broken by NoScript being enabled
x [XSS] Updated HTML5 events
x Updated TLDs

v 11.0.23
============================================================
x Updated TLDs
x Further refresh syntax parsing leniency (thanks
insertscript)

v 11.0.22
============================================================
x Updated TLDs
x [L10n] Updated he
x Uniform refresh url matching across HTTP and DOM checks
(thanks insertscript)

v 11.0.21rc1
============================================================
x Fixed URL matching regexp (thanks insertscript)

v 11.0.20
============================================================
x More aggressive blocking for data: refresh attempts
(thanks insertscript)

v 11.0.19
============================================================
x Prevent ANY redirection to data: URIs in documents

v 11.0.18
============================================================
x Automated "Updated TLDs" commit
x Updated TLDs
x Apply "font-family: Inter" to the mobile stylesheet only
x Support synonims for "release"

v 11.0.17
============================================================
x Updated TLDs
x Force CSP inheritance for redirections to data: URIs on
Gecko pre-69
x Added CSS reference to Inter font to improve UI look on
Fenix

v 11.0.15
============================================================
x Fixed CapsCSP bug allowing data: URLs to bypass font
blocking (thanks dcent and skriptimaahinen)
x [XSS] Prevent DOS detection from being triggered for
already aborted requests (thanks barbaz)
x [L10n] Updated es and added bn
x [XSS] More accurate base64 checks on hash
x Updated TLDs
x Minor adjustments for Firefox Preview (Fenix)
compatibility
x Refactored XSS filter into an asynchronous worker to
better handle DOS attempts
x [XSS] Abort on InjectionChecker timeouts
x [XSS] Updated recognized HTML events
x Fixed autoreload after popup closing broken on Vivaldi

11.0.13
============================================================
x [Chromium] Fix SyncMessage broken by feature-policy
headers
x Remove "application" manifest.json key from Chromium
packages

v 11.0.12
============================================================
x [L10n] Updated ru
x Unrestricted tab support for service workers and their
included 3rd party scripts
x Record document origins in TabStatus
x Support for reporting service workers and their imported
scripts in UI
x Cross-browser request properties normalization
x Updated TLDs
x Fixed initial requst URL lost across redirections
x Updated copyright statement
x Fixed settings export button broken on Vivaldi (issue
#124)
x Fixed UNTRUSTED domains accidentally set in "match HTTPS
only" mode (issue #126)

v 11.0.11
============================================================
x [L10n] Updated da, de, fr, he, it, mk, nl, ru, sq, tr,
zh_TW
x Fixed UI not working on pages were sessionStorage
is disabled
x Updated TLDs
x Added "ping" (beacon/ping) capability control

v 11.0.10
============================================================
x [Chromium] Fixed no permissions given on first page load
in a session
x Order change in html5 events source
x Updated TLDs
x Removed unused "privacy" permission
x Fixed shortcut and context menu doing nothing unless
browserAction icon is visible on Firefox (issue 58)
x [L10n] Updated de, fr, he, nl, tr
x Updated TLDs
x Fix minor typo regarding appearance redundancy (issue 61)
x Fixed scripts could not be enabled on file: SVG documents

v 11.0.9
============================================================
x [Chromium] Prevent duplicated MSE placeholders (e.g. on
Youtube)
x Fixed external scripts included in HEAD of file:// pages
failing (issue #115)
x [XSS] Updated HTML 5 events inventory
x Best effort to make media placeholders visible and
clickable
x Placeholders for MSE on Chromium too
x Use invalid IP rather than domain name to prevent offline
status from breaking sync messaging in Chromium
x Removed empty exportFunction() Chromium shim
x Updated TLDs

x [L10n] Updated da, ja, lt, mk, nl
x Fixed onionSecure setting persistence issue (Tor ticket
#32362)
x Fixed CSP DOM injection breaking XML documents rendering

v 11.0.7
============================================================
x Use fragments to reinsert and run previously blocked
scripts
x Fetch policies asynchronously for about: and javascript:
URLs
x Remove loop around XHR

v 11.0.6
============================================================
x Compute the correct origin for the policy to be fetched
from about:blank and javascript: URLs
x Work-around for Youtube video elements positioned
off-display at replacement time
x Version numbers for Chromium dev builds compatible with
Chromestore requirements
x Script blocking before policy is fetched only for
synchronous loads
x Make tests not to run automatically on dev mode startup
anymore

v 11.0.4
============================================================
x [Tor] Treat .onion sites whose protocol is HTTP as if it
was HTTPS
x [Mobile] Blocked scripts count displayed in the browser
action menu item
x Consolidated missing endpoint error detection in Messages
x More compatible Messages abstraction
x Progressive count of debug messages to better trace
asynchronous execution
x [XSS] Fixed false positive (property assignment)
x Fixed typo causing initializing promise not being cached
x Avoid unnecessary page reloads on extension updates
x Fixed undefined variable error when in debugging mode
x [Tor] Display .onion sites as "secure" in the UI (tickets
#27313 and #27307)
x Support for splitting sync storage items into chunks, to
allow synchronization of big policies across devices
x IPv4 subnet shortcut matching
x Fallback to local storage for any item exceeding limits
(fixes persistence problems on Chromium)
x Alternate version numbering for Chromium pre-releases
x Simplified, less noisy and more resilient Messages
abstraction implementation (thanks barbaz for reporting)
x Handle edge-case policy retrieval for file:// pages loaded
by session restore on startup and alike
x Improved Chromium development-build workflow
x Fix CSP violation reporting management of "fake"
blocked-uri like "eval"
x Recursive webgl context monkeypatching across same origin
windows (thanks skriptimaahinen for concept and patch)
x Replaced cookie-based hacks with synchronous messaging
(currently shimmed) to retrieve fallback and
per-tab restriction policies
x Work-around for Chromium not supporting frameAncestors
in webRequest
x [L10n] Updated Transifex-managed ca, da, it, nl, ru, sv_SE
x [XSS] Updated HTML5 events
x Updated TLDs
x Fixed "Cascade top document restrictions" option not always
applied to embedded elements (thanks barbaz for reporting)
x Removed XSS prompt for timeouts