[HTTPS-Everywhere] 2.0.2 stable released
Peter Eckersley
pde at eff.org
Fri Apr 20 10:08:37 PDT 2012
Mike and I pushed this stable bugfix release last night:
https://www.eff.org/files/https-everywhere-2.0.2.xpi
Changelog:
2.0.2 (2012-04-19)
* Fix a weird wrong DOM-origin bug that occurred while redirects were in
progress (this might have security implications, although we are unsure
if it was exploitable).
https://trac.torproject.org/projects/tor/ticket/5477
* By default, use https://google.co.cctld instead of
encrypted.google.com
* Add an optional ruleset to use https://www.google.com
instead of encrypted.google.com, too
* Ruleset fixes: Debian, Kohls, Malwarebytes, Yandex, Wikipedia, Mises.org,
OpenDNS, Wizards of the Coast, Lenovo, Barnes and Noble
https://trac.torproject.org/projects/tor/ticket/5509
https://trac.torproject.org/projects/tor/ticket/5491
https://trac.torproject.org/projects/tor/ticket/5303
* Stumble across more horrible security holes in the Verizon website:
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
* Disable the Gentoo ruleset on non-CAcert platforms
* Disable buggy rulesets: IBM, Scribd, Wunderground :( :( :(
https://trac.torproject.org/projects/tor/ticket/5344
https://trac.torproject.org/projects/tor/ticket/5435
https://trac.torproject.org/projects/tor/ticket/5630
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list