Softpedia >Linux >Internet >HTTP (WWW) >qutebrowser >  Changelog

qutebrowser Changelog

What's new in qutebrowser 3.1.0

Dec 9, 2023
  • REMOVED:
  • The darkmode settings grayscale.all, grayscale.images and increase_text_contrast got removed, following removals in Chromium.
  • ADDED:
  • New smart-simple value for colors.webpage.darkmode.policy.images, which on QtWebEngine 6.6+ uses a simpler classification algorithm to decide whether to invert images.
  • New content.javascript.legacy_touch_events setting, with those now being disabled by default, following a Chromium change.
  • CHANGED:
  • Upgraded the bundled Qt version to 6.6.1, based on Chromium 112. Note this is only relevant for the macOS/Windows releases, on Linux those will be upgraded via your distribution packages.
  • Upgraded the bundled Python version for macOS/Windows to 3.12
  • The colors.webpage.darkmode.threshold.text setting got renamed to colors.webpage.darkmode.threshold.foreground, following a rename in Chromium.
  • With Qt 6.6, the content.canvas_reading setting now works without a restart and supports URL patterns.
  • FIXED:
  • Some web pages jumping to the top when the statusbar is hidden or (with v3.0.x) when a prompt is hidden.
  • Compatibility with PDF.js v4
  • Added an elaborate workaround for a bug in QtWebEngine 6.6.0 causing crashes on Google Mail/Meet/Chat, and a bug in QtWebEngine 6.5.0/.1/.2 causing crashes there with dark mode.
  • Made a rare crash in QtWebEngine when starting/retrying a download less likely to happen.
  • Graphical glitches in Google sheets and PDF.js, again. Removed the version restriction for the default application of qt.workarounds.disable_accelerated_2d_canvas as the issue was still evident on Qt 6.6.0. (#7489)
  • The colors.webpage.darkmode.threshold.foreground setting (.text in older versions) now works correctly with Qt 6.4+.

New in qutebrowser 3.0.2 (Oct 20, 2023)

  • FIXED:
  • Upgraded the bundled Qt version to 6.5.3. Note this is only relevant for the macOS/Windows releases, on Linux those will be upgraded via your distribution packages. This Qt patch release comes with various important fixes, among them:
  • Fix for crashes on Google Meet / GMail with dark mode enabled
  • Fix for right-click in devtools not working properly
  • Fix for drag & drop not working on Wayland
  • Fix for some XKB key remappings not working
  • Security fixes up to Chromium 116.0.5845.187, including CVE-2023-4863, a critical heap buffer overflow in WebP, for which "Google is aware that an exploit […​] exists in the wild."

New in qutebrowser 3.0.1 (Oct 20, 2023)

  • FIXED:
  • The "restore video" functionality of the view_in_mpv script works again on webengine.
  • Setting url.auto_search to dns works correctly now with Qt 6.
  • Counts passed via keypresses now have a digit limit (4300) to avoid exceptions due to cats sleeping on numpads. (#7834)
  • Navigating via hints to a remote URL from a file:// one works again. (#7847)
  • The timers related to the tab audible indicator and the auto follow timeout no longer accumulate connections over time. (#7888)
  • The workaround for crashes when using drag & drop on Wayland with Qt 6.5.2 now also works correctly when using wayland-egl rather than wayland as Qt platform.
  • Worked around a weird TypeError with QProxyStyle / TabBarStyle on certain platforms with Python 3.12.
  • Removed 1px border for the downloads view, mostly noticeable when it’s transparent.
  • Due to a Qt bug, cloning/undoing a tab which was not fully loaded caused qutebrowser to crash. This is now fixed via a workaround.
  • Graphical glitches in Google sheets and PDF.js via a new setting qt.workarounds.disable_accelerated_2d_canvas to disable the accelerated 2D canvas feature which defaults to enabled on affected Qt versions. (#7489)
  • The download dialog should no longer freeze when browsing to directories with many files. (#7925)
  • The app.slack.com User-Agent quirk now targets chromium 112 on Qt versions lower than 6.6.0 (previously it always targets chromium 99) (#7951)
  • Workaround a Qt issue causing jpeg files to not show up in the upload file picker when it was filtering for image filetypes (#7866)

New in qutebrowser 3.0.0 (Aug 21, 2023)

  • MAJOR CHANGES:
  • qutebrowser now supports Qt 6 and uses it by default. Qt 5.15 is used as a fallback if Qt 6 is unavailable. This behavior can be customized in three ways (in order of precedence):
  • Via --qt-wrapper PyQt5 or --qt-wrapper PyQt6 command-line arguments.
  • Via the QUTE_QT_WRAPPER environment variable, set to PyQt6 or PyQt5.
  • For packagers wanting to provide packages specific to a Qt version, patch qutebrowser/qt/machinery.py and set _WRAPPER_OVERRIDE.
  • Various commands were renamed to better group related commands:
  • set-cmd-text → cmd-set-text
  • repeat → cmd-repeat
  • repeat-command → cmd-repeat-last
  • later → cmd-later
  • edit-command → cmd-edit
  • run-with-count → cmd-run-with-count The old names continue to work for the time being, but are deprecated and show a warning.
  • Releases are now automated on CI, and GPG signed by qutebrowser bot , fingerprint 27F3 BB4F C217 EECB 8585 78AE EF7E E4D0 3969 0B7B. The key is available as follows:
  • On https://qutebrowser.org/pubkey.gpg
  • Via keys.openpgp.org
  • Via WKD for [email protected]
  • Support for old Qt versions (< 5.15), old Python versions (< 3.8) and old macOS (< 11)/Windows (< 10) versions were dropped. See the "Removed" section below for details.
  • ADDED:
  • On invalid commands/settings with a similarly spelled match, qutebrowser now suggests the correct name in its error messages.
  • New :prompt-fileselect-external command which can be used to spawn an external file selector (fileselect.folder.command) from download filename prompts (bound to by default).
  • New qute://start built-in start page (not set as the default start page yet).
  • New content.javascript.log_message.levels setting, allowing to surface JS log messages as qutebrowser messages (rather than only logging them). By default, errors in internal qute: pages and userscripts are shown to the user.
  • New content.javascript.log_message.excludes setting, which allows to exclude certain messages from the content.javascript.log_message.levels setting described above.
  • New tabs.title.elide setting to configure where text should be elided (replaced by …) in tab titles when space runs out.
  • New --quiet switch for :back and :forward, to suppress the error message about already being at beginning/end of history.
  • New qute-1pass userscript using the 1password commandline to fill passwords.
  • On macOS when running with Qt < 6.3, pyobjc-core and pyobjc-framework-Cocoa are now required dependencies. They are not required on other systems or when running with Qt 6.3+, but still listed in the requirements.txt because it’s impossible to tell the two cases apart there.
  • NEW FEATURES IN USERSCRIPT:
  • qutedmenu gained new window and private options.
  • qute-keepassxc now supports unlock-on-demand, multiple account selection via rofi, and inserting TOTP-codes (experimental).
  • qute-pass will now try looking up candidate pass entries based on the calling tab’s verbatim netloc (hostname including port and username) if it can’t find a match with an earlier candidate (FQDN, IPv4 etc).
  • New qt.chromium.experimental_web_platform_features setting, which is enabled on Qt 5 by default, to maximize compatibility with websites despite an aging Chromium backend.
  • New colors.webpage.darkmode.increase_text_contrast setting for Qt 6.3+
  • New fonts.tooltip, colors.tooltip.bg and colors.tooltip.fg settings.
  • New log-qt-events debug flag for -D
  • New --all flags for :bookmark-del and :quickmark-del to delete all quickmarks/bookmarks.
  • REMOVED:
  • Python 3.8.0 or newer is now required.
  • Support for Python 3.6 and 3.7 is dropped, as they both reached their end of life in December 2021 and June 2023, respectively.
  • Support for Qt/PyQt before 5.15.0 and QtWebEngine before 5.15.2 are now dropped, as older Qt versions are end-of-life upstream since mid/late 2020 (5.13/5.14) and late 2021 (5.12 LTS).
  • The --enable-webengine-inspector flag is now dropped. It used to be ignored but still accepted, to allow doing a :restart from versions older than v2.0.0. Thus, switching from v1.x.x directly to v3.0.0 via :restart will not be possible.
  • Support for macOS 10.14 and 10.15 is now dropped, raising the minimum required macOS version to macOS 11 Big Sur.
  • Qt 6.4 was the latest version to support macOS 10.14 and 10.15.
  • It should be possible to build a custom .dmg with Qt 6.4, but this is unsupported and not recommended.
  • Support for Windows 8 and for Windows 10 before 1607 is now dropped.
  • Support for older Windows 10 versions might still be present in Qt 6.0/6.1/6.2
  • Support for Windows 8.1 is still present in Qt 5.15
  • It should be possible to build a custom .exe with those versions, but this is unsupported and not recommended.
  • Support for 32-bit Windows is now dropped.
  • CHANGED:
  • The qutebrowser icons got moved from icons/ to qutebrowser/icons in the repository, so that it’s possible for qutebrowser to load them using Python’s resource system (rather than compiling them into a Qt resource file). Packagers are advised to use misc/Makefile if possible, which has been updated with the new paths.
  • The content.javascript.can_access_clipboard setting got renamed to content.javascript.clipboard and now understands three different values rather than being a boolean: none (formerly false), access (formerly true) and access-paste (additionally allows pasting content, needed for websites like Photopea or GitHub Codespaces).
  • The default hints.selectors now also match the treeitem ARIA roles.
  • The :click-element command now can also click elements based on its ID (id), a CSS selector (css), a position (position), or click the currently focused element (focused).
  • The :click-element command now can select the first found element via --select-first.
  • New search.wrap_messages setting, making it possible to disable search wrapping messages.
  • The :session-save command now has a new --no-history flag, to exclude tab history.
  • New widgets for statusbar.widgets:
  • clock, showing the current time
  • search_match, showing the current match and total count when finding text on a page
  • Messages shown by qutebrowser now don’t automatically get interpreted as rich text anymore. Thus, e.g. :message-info test now shows the given text. To show rich text with :message-* commands, use their new --rich flag. Note this is NOT a security issue, as only a small subset of HTML is interpreted as rich text by Qt, independently from the website.
  • Improved output when loading Greasemonkey scripts.
  • The macOS .app now is registered as a handler for .mhtml files, such as the ones produced by :download --mhtml.
  • The "… called unimplemented GM_…" messages are now logged as info JS messages instead of errors.
  • For QtNetwork downloads (e.g. :adblock-update), various changes were done for how redirects work:
  • Insecure redirects (HTTPS → HTTP) now fail the download.
  • 20 redirects are now allowed before the download fails rather than only 10.
  • A redirect to the same URL will now fail the download with too many redirects instead of being ignored.
  • When a download fails in a way it’d leave an empty file around, the empty file is now deleted.
  • With Qt 6, setting content.headers.referer to always will act as if it was set to same-domain. The documentation is now updated to point that out.
  • With QtWebEngine 5.15.5+, the load finished workaround was dropped, which should make certain operations happen when the page has started loading rather when it fully finished.
  • mkvenv.py has a new --pyqt-snapshot flag, allowing to install certain packages from the Riverbank development snapshots server.
  • When QUTE_QTWEBENGINE_VERSION_OVERRIDE is set, it now always wins, no matter how the version would otherwise have been determined. Note setting this value can break things (if set to a wrong value), and usually isn’t needed.
  • When qutebrowser is run with an older QtWebEngine version as on the previous launch, it now prints an error before starting (which causes the underlying Chromium to remove all browsing data such as cookies).
  • The keys "" and "" are now named "" and "", respectively.
  • The tox.ini now requires at least tox 3.20 (was tox 3.15 previously).
  • :config-diff now has an --include-hidden flag, which also shows internally-set settings.
  • Improved error messages when :spawn can’t find an executable.
  • When a process fails, the error message now suggests using :process PID with the correct PID (rather than always showing the latest process, which might not be the failing one)
  • When a process got killed with SIGTERM, no error message is now displayed anymore (unless started with :spawn --verbose).
  • When a process got killed by a signal, the signal name is now displayed in the message.
  • The js-string-replaceall quirk is now removed from the default content.site_specific_quirks.skip, so that String.replaceAll is now polyfilled on QtWebEngine < 5.15.3, hopefully improving website compaitibility.
  • Hints are now displayed for elements setting an aria-haspopup attribute.
  • qutebrowser now uses SPDX license identifiers in its files. Full support for the REUSE specification (license provided in a machine-readable way for every single file) is not done yet, but planned for a future release.
  • FIXED:
  • When the devtools are clicked but input.insert_mode.auto_enter is set to false, insert mode now isn’t entered anymore.
  • The search wrapping messages are now correctly displayed in (hopefully) all cases with QtWebEngine.
  • When a message with the same text as a currently already displayed one gets shown, qutebrowser used to only show one message. This is now only done when the two messages are completely equivalent (text, level, etc.) instead of doing so when only the text matches.
  • The progress and backforward statusbar widgets now stay removed if you choose to remove them. Previously they would appear again on navigation.
  • Rare crash when running userscripts with crashed renderer processes.
  • Multiple rare crashes when quitting qutebrowser.
  • The asciidoc2html.py script now correctly uses the virtualenv-installed asciidoc rather than requiring a system-wide installation.
  • "Package would be ignored" deprecation warnings when running setup.py.
  • ResourceWarning when using :restart.
  • Crash when shutting down before fully initialized.
  • Crash with some notification servers when the server is quitting.
  • Crash when using QtWebKit with PAC and the file has an invalid encoding.
  • Crash with the "tiramisu" notification server.
  • Crash when the "herbe" notification presenter doesn’t start correctly.
  • Crash when no notification server is installed/available.
  • Warning with recent versions of the "deadd" (aka "linux notification center") notification server.
  • Crash when using :print --pdf with a directory where its parent directory did not exist.
  • The PyQt{5,6}.sip version is now shown correctly in the :version/--version output. Previously that showed the version from the standalone sip module which was only set for PyQt5. (#7805)
  • When a config.py calls .redirect() via a request interceptor (which is unsupported) and supplies an invalid redirect target URL, an exception is now raised for the .redirect() call instead of later inside qutebrowser.
  • Crash when loading invalid history items from a session file.

New in qutebrowser 2.5.4 (Mar 14, 2023)

  • FIXED:
  • Support SQLite with DQS (double quoted string) compile time option turned
  • off.

New in qutebrowser 2.5.3 (Feb 19, 2023)

  • ADDED:
  • New array_at quirk, polyfilling the Array.at method, which is needed by various websites, but only natively available with Qt 6.2.
  • FIXED:
  • Crash when the adblock filter file can’t be read.
  • Inconsistent behavior when using :config-{dict,list}-* commands with an invalid value. Before the fix, using the same command again would complain that the value was already present, despite the error and the value not being actually changed.
  • Incomplete error handling when mutating a dict/list in config.py and setting an invalid value. Before the fix, this would result in either a message in the terminal rather than GUI (startup), or in a crash (:config-source).
  • Wrong type handling when using :config-{dict,list}-* commands with a config option with non-string values. The only affected option is bindings.commands, which is probably rarely used with those commands.
  • The readability userscript now correctly passes the source URL to Breadability, to make relative links work.
  • Update dictcli.py to use the main branch, fixing a 404 error.
  • Crash with some notification servers when the server did quit.
  • Minor documentation fixes

New in qutebrowser 2.5.2 (Jun 22, 2022)

  • FIXED:
  • Packaging-related fixes:
  • The install and stacktrace help pages are now included in the docs
  • shipped with qutebrowser when using the recommended packaging workflow.
  • The Windows installer now more consistently uses the configured Windows
  • colors.
  • The Windows installer now bases the desktop/start menu icon choices on
  • the existing install, if upgrading.
  • The macOS release hopefully doesn't cause macOS to (falsely) claim that it
  • "is damaged and can't be opened" anymore.
  • The notification fixes in v2.5.1 caused new notification crashes (probably
  • more common than the ones being fixed...). Those are now fixed, along with a
  • (rather involved) test case to prevent similar issues in the future.
  • When a text was not found on a page, the associated message would be shown as
  • rich text (e.g. after /). With this release, this is fixed for search
  • messages, while the 3.0.0 release will change the default for all messages to be
  • plain-text. Note this is NOT a security issue, as only a small subset of HTML
  • is interpreted as rich text by Qt, independently from the website.
  • When a Greasemonkey script couldn't be loaded (e.g. due to an unreadable file),
  • qutebrowser would crash. It now shows an error instead.
  • Ever since the v1.2.0 release in 2018, the content.default_encoding setting
  • was not applied on start properly (only when it was changed afterwards). This
  • is now fixed.

New in qutebrowser 2.5.1 (May 26, 2022)

  • FIXED:
  • The qute-pass userscript is marked as executable again.
  • PDF.js now works properly again with the macOS and Windows releases.
  • The MathML workaround for darkmode (e.g. black on black Wikipedia formula)
  • now also works for display (rather than inline) math.
  • The content.proxy setting can now correctly be set to arbitrary values via
  • the qute://settings page again.
  • Fixed issues with Chromium version detection on Archlinux with
  • qt5-webengine 5.15.9-3.
  • Fixed a rare possible crash with invalid Content-Disposition headers.
  • Fixes for various notification-related crashes:
  • With the tiramisu notification server (due to invalid behavior of the server, now a non-fatal error)
  • With the budgie notification server when closing a notification (due to invalid behavior of the server, now worked around)
  • When a server exits with an unsuccessful exit status (now a non-fatal error)
  • When a server couldn't be started successfully (now a non-fatal error)
  • With the herbe notification presenter, when the website tries to close
  • the notification after the user accepting (right-clicking) it.
  • Fixes in userscripts:
  • The qute-bitwarden userscript now correctly searches for entries for
  • sites on a subdomain of an unrecognized TLD. subdomain names. Previously
  • my.site.local would have searched in bitwarden for my.sitelocal,
  • losing the rightmost dot.

New in qutebrowser 2.5.0 (Apr 4, 2022)

  • DEPRECATED:
  • v2.5.x will be the last release of qutebrowser 2. For the upcoming 3.0.0 release, it’s planned to drop support for various legacy platforms and libraries which are unsupported upstream, such as:
  • Qt before 5.15 LTS (plus adding support for Qt 6.2+)
  • Python 3.6
  • The QtWebKit backend
  • macOS 10.14 (via Homebrew)
  • 32-bit Windows (via Qt)
  • Windows 8 (via Qt)
  • Windows 10 before 1809 (via Qt)
  • Possibly other more minor dependency changes
  • The :rl-unix-word-rubout command ( in command/prompt modes) has been deprecated. Use :rl-rubout " " instead.
  • The :rl-unix-filename-rubout command has been deprecated. Use either :rl-rubout "/ " (classic readline behavior) or :rl-filename-rubout (using OS path separator and ignoring spaces) instead.
  • CHANGED:
  • Improved message if a spawned process wasn’t found and a Flatpak container is in use.
  • The :tab-move command now takes start and end as index to move a tab to the first/last position.
  • Tests now automatically pick the backend (QtWebKit/QtWebEngine) based on what’s available. The QUTE_BDD_WEBENGINE environment variable and --qute-bdd-webengine argument got replaced by QUTE_TESTS_BACKEND and --qute-backend respectively, which can be set to either webengine or webkit.
  • Using :tab-give or :tab-take on the last tab in a window now always closes that window, no matter what tabs.last_close is set to.
  • Redesigned qute://settings (:set) page with buttons for options with fixed values.
  • The default hint.selectors now match more ARIA roles (tab, checkbox, menuitem, menuitemcheckbox and menuitemradio).
  • Using e.g. :bind --mode=passthrough now scrolls to the passthrough section on the qute://bindings page.
  • Clicking on a notification now tries to focus the tab where the notification is coming from. Note this might not work properly if there is more than one tab from the same host open.
  • Improvements to userscripts:
  • qute-bitwarden understands a new --password-prompt-invocation, which can be used to specify a tool other than rofi to ask for a password.
  • cast now uses yt-dlp if available (falling back to youtube-dl if not). It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM environment variable.
  • qute-pass now understands a new --prefix argument if used in gopass mode, which gets passed as subfolder prefix to gopass.
  • open_download now supports Flatpak by using its XDG Desktop Portal.
  • open_download now waits for the exit status of xdg-open, causing qutebrowser to report any issues with it.
  • The content.headers.custom setting now accepts empty strings as values, resulting in an empty header being sent.
  • Renamed settings:
  • qt.low_end_device_mode → qt.chromium.low_end_device_mode
  • qt.process_model → qt.chromium.process_model
  • System-wide userscripts are now discovered from the correct location when running via Flatpak (/app/share rather than /usr/share).
  • Filename prompts now don’t display a .. entry in the list of files anymore. To get back to the parent directory, either type ../ manually, or use the new :rl-filename-rubout command, bound to by default.
  • ADDED:
  • New input.match_counts option which allows to turn off count matching for more emacs-like bindings.
  • New {relative_index} field for tabs.title.format (and .pinned_format) which shows relative tab numbers.
  • New input.mode_override option which allows overriding the current mode based on the new URL when navigating or switching tabs.
  • New qt.chromium.sandboxing setting which allows to disable Chromium’s sandboxing (mainly intended for development and testing).
  • New QUTE_TAB_INDEX variable for userscripts, containing the index of the current tab.
  • New editor.remove_file setting which can be set to False to keep all temporary editor files after closing the external editor.
  • New :rl-rubout command replacing :rl-unix-word-rubout (and optionally :rl-unix-filename-rubout), taking a delimiter as argument.
  • New :rl-filename-rubout command, using the OS path separator and ignoring spaces. The command also gets shown in the suggested commands for a download filename prompt now.
  • FIXED:
  • When search.incremental is disabled, searching using /text followed by a backwards search via ?text (or vice-versa) now correctly changes the search direction.
  • Elements getting a hint due to a tabindex now are skipped if it’s set to -1, reducing some false-positives.
  • The audible indicator ([A]) now uses a 2s cooldown when the audio goes silent, equivalent with the behavior of older QtWebEngine versions.
  • With confirm_quit set to downloads, the confirmation dialog is now only shown when closing the last window (rather than closing any window, which would continue running that window’s downloads). Unfortunately, more issues with confirm_quit and multiple windows remain.
  • Crash when a previous crash-log file contains non-ASCII characters (which should never happen unless it was edited manually)
  • Due to changes in Debian, an old workaround (for broken QtWebEngine patching on Debian) caused the inferior qutebrowser error page to be displayed, when Chromium’s would have worked fine. The workaround was now dropped.
  • Crash when using (:completion-item-del) in the :tab-focus list, rather than :tab-select.
  • Work around a Qt issue causing :spawn to run executables from the current directory if no system-wide executable was found. The underlying Qt bug is tracked as CVE-2022-25255, though the impact with typical qutebrowser usage is low: Normally, qutebrowser is run from a fixed location (usually the users home directory), and :spawn is not typically used with executables that don’t exist. The main security impact of this bug is in tools like text editors, which are often executed in untrusted directories and might attempt to run auxiliary tools automatically.
  • When :rl-rubout or :rl-filename-rubout (formerly :rl-unix-word-rubout and :rl-unix-filename-rubout) were used on a string not starting with the given delimiter, they failed to delete the first character, which is now fixed.
  • Fixes in userscripts:
  • ripbang now works again (it got blocked due to a missing user agent and used outdated qutebrowser commands before)
  • keepassxc now has a properly working --insecure flag
  • Speculative fix for an immediate crash at start with the macOS/Windows binaries (in certain rare environments).
  • Speculative fix for a qutebrowser crash when the notification daemon crashes while showing the notification.
  • Fix crash when using :screenshot with an invalid --rect argument.
  • Added a site-specific quirk to make cookie dialogs on StackExchange pages (such as Stack Overflow) work on Qt 5.12.

New in qutebrowser 2.4.0 (Dec 9, 2021)

  • Security:
  • CVE-2021-41146: Fix arbitrary command execution on Windows via URL handler
  • argument injection. See the security advisory for details.
  • Added:
  • New content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.
  • New downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).
  • New --private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.
  • Fixed:
  • Switching tabs via mouse wheel scrolling now works properly on macOS. Set tabs.mousewheel_switching to false if you prefer the previous behavior.
  • Speculative fix for a crash when closing qutebrowser while a systray notification is shown.