[HTTPS-Everywhere] 2.0.3 stable and 3.0developent.2 released
Peter Eckersley
pde at eff.org
Fri Apr 27 13:58:49 PDT 2012
Two new HTTPS Everywhere releases went out this morning:
(stable) https://www.eff.org/files/https-everywhere-2.0.3.xpi
(development) https://www.eff.org/files/https-everywhere-3.0development.2.xpi
Their respective Changelogs are below:
2.0.3 (2012-04-26)
* Fix a downgrade attack that might allow attackers to deny HTTPS
Everywhere protection for cookies on some domains.
https://trac.torproject.org/projects/tor/ticket/5676
* Minor redirection mechanism fixes
* Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS
* Improvements: Mozilla
* Disable broken: ReadWriteWeb
3.0development.2 (2012-04-27)
* License change: the tree now includes some code from Convergence, which
is GPL v3+. Other code remains licensable as GPLv2+
* Ship 696 new rulesets (!!!), thanks to a lot of amazing work by Negres
* Fix a downgrade attack that might allow attackers to deny HTTPS
Everywhere protection for cookies on some domains.
https://trac.torproject.org/projects/tor/ticket/5676
* Fix a weird wrong DOM-origin bug that occurred while redirects were in
progress (this might have security implications, although we are unsure
if it was exploitable).
https://trac.torproject.org/projects/tor/ticket/5477
* Ruleset fixes: Debian, Kohls, Malwarebytes, Yandex, Wikipedia, Mises.org,
OpenDNS, Wizards of the Coast, Lenovo, Barnes and Noble
https://trac.torproject.org/projects/tor/ticket/5509
https://trac.torproject.org/projects/tor/ticket/5491
https://trac.torproject.org/projects/tor/ticket/5303
* Stumble across more horrible security holes in the Verizon website:
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
* Disable the Gentoo ruleset on non-CAcert platforms
* Disable buggy rulesets: IBM, Scribd, Wunderground, ReadWriteWeb :( :( :(
https://trac.torproject.org/projects/tor/ticket/5344
https://trac.torproject.org/projects/tor/ticket/5435
https://trac.torproject.org/projects/tor/ticket/5630
* Better cohabitation between the Decentralized SSL Observatory and
Convergence
* Separate Observatory option to control self-signed cert submission
* Numerous other ruleset enhancements, fixes, and probably exciting new bugs
in Negres's ruleset changes
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list