Version history: Difference between revisions

From GreaseSpot Wiki
Jump to navigationJump to search
m (→‎0.8.20090123.1: more wiki linkage)
Line 215: Line 215:
[http://www.greasespot.net/2008/01/greasemonkey-security-update.html]
[http://www.greasespot.net/2008/01/greasemonkey-security-update.html]


* Security release where GM_xmlhttpRequest, GM_getValue and GM_setValue were hardened against a privilege escalation attack targeting specific user scripts accessing anything through unsafeWindow, thus gaining content code unrestricted access to those methods (thanks Anthony Lieuallen).
* Security release where [[GM_xmlhttpRequest]], [[GM_getValue]] and [[GM_setValue]] were hardened against a privilege escalation attack targeting specific user scripts accessing anything through [[unsafeWindow]], thus gaining content code unrestricted access to those methods (thanks Anthony Lieuallen).<br/> This change breaks backwards compatibility for scripts granting page code direct or limited access to either method via function references on unsafeWindow; see [[0.7.20080121.0 compatibility]] for available workarounds.
 
This change breaks backwards compatibility for scripts granting page code direct or limited access to either method via function references on unsafeWindow; see [http://wiki.greasespot.net/0.7.20080121.0_compatibility] for available workarounds.


== 0.8 ==
== 0.8 ==

Revision as of 22:29, 5 April 2009

0.2

0.2.5

March 28th, 2005 [1] [2]

Introduced:

Also, the default user scripts that were bundled with Greasemonkey by default until this point were removed.

0.2.6

March 30th, 2005 [3] [4]

Bugfix release.

0.3

0.3 beta

April 23rd, 2005 [5] [6]

Introduced:

0.3.3

May 10th, 2005 [7] [8]

Primarily bugfix release.

0.3.4

May 12th, 2005 [9]

Introduced:

  • ".tld" support in @include/@exclude, allowing things like @include http://www.google.tld/ for all international permutations.
  • Log level option for GM_log
  • Minor enhancements and bugfixes.

0.3.5

July 19th, 2005 [10] [11]

Security flaw release. Contained no fixes, rather removed all vulnerable features. Intended for (limited) continued use while fixes were being performed.

0.4

0.4.x

Details needed.

The 0.4 branch was an internal development version, where experimentation for security fixes happened.

0.5

0.5 beta

July 30th, 2005 [12] [13]

The first release containing security fixes over 0.3.5 intended for public consumption. "Greasemonkey 0.5 is actually the combination of a massive security audit and all the new code which was planned for 0.4."

Introduced:

0.5.1

August 25, 2005 [14] [15]

Introduced:

  • Security fix wherein a user script could elevate itself to chrome privileges.
  • User can select the editor to use for "Edit" in manage, and "New User Script".
  • Unicode support for non-english characters.

0.5.2

September 1st, 2005 [16]

Released to the Greasemonkey mailing list, fixed bugs in the automatic migration system for the changes between the 0.3 and 0.5 branches.

0.5.3

September 3rd, 2005 [17] [18]

0.6

0.6.1

September 9th'ish, 2005

"The Lost Version"

Prerelease showing of:

  • GM_addStyle (From release 0.6.1.4... I probably have this archived somewhere LOL)
  • The Monkey Menu, a context menu for the status bar item added in 0.3 beta.
  • Simplified script installation dialogs.

Some sort of mad scramble occurred on this week when Firefox 1.5b1 was released and this version was lost but not forgotten.

0.6.2

September 12th, 2005 [19]

Introduced:

  • Compatibility with Firefox 1.5.
  • The Monkey Menu, a context menu for the status bar item added in 0.3 beta.
  • Simplified script installation dialogs.

0.6.4

November 30th, 2005 [20] [21]

Introduced: ??

0.6.5

July 28th, 2006 [22]

Multiple versions released in separate places; largely to the Greasemonkey mailing list. Introduced:

  • Compatibility with Firefox 2.0.
  • Foreign language support for Czech, Dutch, and German.

0.6.6

October 16th, 2006 [23]

Introduced:

  • Spiffy new installation dialog which more closely resembles the extension installation dialog, and presents more details in a user-friendly way.
  • Spanish language support.

0.6.7

February 7th, 2007 [24]

Introduced:

  • Fixed the manage dialog so that it doesn't bounce around when you select different user scripts (thanks Anthony Lieuallen)
  • Added Basque translation (thanks 3ARRANO)
  • Updated German translation (thanks Matthias Bauer)
  • Middle-click on monkey icon now opens manage dialog, right-click on scripts in monkey menu opens them in an editor (thanks LouCypher and pile0nades)

0.6.8

March 17th, 2007 [25]

Introduced:

  • Rewrite of 'New Script...' UI. It now pops up a nice UI to get the script details and then generates and opens a script which is already installed that you can edit in one step. This is a huge improvement in the usability of this feature. Thanks to Anthony Lieuallen for the implementation.
  • Improvements to error reporting. Most types of errors in user scripts now give the correct line number in the error message. You can also click on the filename in Firebug to view the script, as with other types of errors in Firefox. Anthony is also responsible for this improvement.
  • Added support for overrideMimeType to GM_xmlhttpRequest. Thanks to Lior Zur for the patch. To use, add overrideMimeType: "yourmimetypehere" to the object you pass to GM_xmlhttpRequest.
  • New translations for Finnish, Japanese, and Russian. The Greasemonkey UI looks particularly cool in Japanese. Thanks to Tommi Rautava, Hisateru Tanaka, and Александр Соколов for their contributions.

0.6.9

May 9th, 2007 [26]

Introduced:

  • You can now reorder the scripts in the manage dialog with drag drop or the arrow keys.
  • You can now use Firebug's console object to debug Greasemonkey if you have Firebug installed.
  • Fix bug where install dialog would pop up when Greasemonkey is disabled.
  • Make Greasemonkey enable/disable keyboard accessible. #9

0.7

0.7.0

May 24th, 2007 [27]

  • Fixed the bug where you can't install scripts if you have never disabled Greasemonkey.
  • Fixed the bug where drag and drop in the manage dialog only works once per view.
  • Fixed the bug where removing a script in the manage dialog also removes the last script.

0.7.20080121.0

Jan 21st, 2008 [28]

  • Security release where GM_xmlhttpRequest, GM_getValue and GM_setValue were hardened against a privilege escalation attack targeting specific user scripts accessing anything through unsafeWindow, thus gaining content code unrestricted access to those methods (thanks Anthony Lieuallen).
    This change breaks backwards compatibility for scripts granting page code direct or limited access to either method via function references on unsafeWindow; see 0.7.20080121.0 compatibility for available workarounds.

0.8

0.8.20080609.0

June 12th, 2008 [29]

0.8.20090123.1

February 18th, 2009 [30]

  • Added translations: ar-SA, bn-IN, hu-HU, id-ID, ro-RO, sr-RS, vi-VN.
  • Fix for ticket #111 (anomalous separators in the monkey menu).
  • Added GM_deleteValue and GM_listValues APIs (#38).
  • Restore the anonymous function wrapper around scripts, and thus the same behavior as versions prior to 0.8 (by default, removable with the @unwrap metadata imperative, #108).
  • Improved interaction with the Firebug console (#122, #204).