Fixed

• Packaging-related fixes:
  • The install and stacktrace help pages are now included in the docs shipped with qutebrowser when using the recommended packaging workflow.
  • The Windows installer now more consistently uses the configured Windows colors.
  • The Windows installer now bases the desktop/start menu icon choices on the existing install, if upgrading.
  • The macOS release hopefully doesn't cause macOS to (falsely) claim that it "is damaged and can't be opened" anymore.
• The notification fixes in v2.5.1 caused new notification crashes (probably more common than the ones being fixed...). Those are now fixed, along with a (rather involved) test case to prevent similar issues in the future.
• When a text was not found on a page, the associated message would be shown as rich text (e.g. after /<h1>). With this release, this is fixed for search messages, while the 3.0.0 release will change the default for all messages to be plain-text. Note this is NOT a security issue, as only a small subset of HTML is interpreted as rich text by Qt, independently from the website.
• When a Greasemonkey script couldn't be loaded (e.g. due to an unreadable file), qutebrowser would crash. It now shows an error instead.
• Ever since the v1.2.0 release in 2018, the content.default_encoding setting was not applied on start properly (only when it was changed afterwards). This is now fixed.

Fixed

• The qute-pass userscript is marked as executable again.
• PDF.js now works properly again with the macOS and Windows releases.
• The MathML workaround for darkmode (e.g. black on black Wikipedia formula) now also works for display (rather than inline) math.
• The content.proxy setting can now correctly be set to arbitrary values via the qute://settings page again.
• Fixed issues with Chromium version detection on Archlinux with qt5-webengine 5.15.9-3.
• Fixed a rare possible crash with invalid Content-Disposition headers.
• Fixes for various notification-related crashes:
  • With the tiramisu notification server (due to invalid behavior of the server, now a non-fatal error)
  • With the budgie notification server when closing a notification (due to invalid behavior of the server, now worked around)
  • When a server exits with an unsuccessful exit status (now a non-fatal error)
  • When a server couldn't be started successfully (now a non-fatal error)
  • With the herbe notification presenter, when the website tries to close the notification after the user accepting (right-clicking) it.
• Fixes in userscripts:
  • The qute-bitwarden userscript now correctly searches for entries for sites on a subdomain of an unrecognized TLD. subdomain names. Previously my.site.local would have searched in bitwarden for my.sitelocal, losing the rightmost dot.

Deprecated

• v2.5.x will be the last release of qutebrowser 2. For the upcoming 3.0.0 release, it's planned to drop support for various legacy platforms and libraries which are unsupported upstream, such as:
  • Qt before 5.15 LTS (plus adding support for Qt 6.2+)
  • Python 3.6
  • The QtWebKit backend
  • macOS 10.14 (via Homebrew)
  • 32-bit Windows (via Qt)
  • Windows 8 (via Qt)
  • Windows 10 before 1809 (via Qt)
  • Possibly other more minor dependency changes
• The :rl-unix-word-rubout command (<Ctrl-W> in command/prompt modes) has been deprecated. Use :rl-rubout " " instead.
• The :rl-unix-filename-rubout command has been deprecated. Use either :rl-rubout "/ " (classic readline behavior) or :rl-filename-rubout (using OS path separator and ignoring spaces) instead.

Changed

• Improved message if a spawned process wasn't found and a Flatpak container is in use.
• The :tab-move command now takes start and end as index to move a tab to the first/last position.
• Tests now automatically pick the backend (QtWebKit/QtWebEngine) based on what's available. The QUTE_BDD_WEBENGINE environment variable and --qute-bdd-webengine argument got replaced by QUTE_TESTS_BACKEND and --qute-backend respectively, which can be set to either webengine or webkit.
• Using :tab-give or :tab-take on the last tab in a window now always closes that window, no matter what tabs.last_close is set to.
• Redesigned qute://settings (:set) page with buttons for options with fixed values.
• The default hint.selectors now match more ARIA roles (tab, checkbox, menuitem, menuitemcheckbox and menuitemradio).
• Using e.g. :bind --mode=passthrough now scrolls to the passthrough section on the qute://bindings page.
• Clicking on a notification now tries to focus the tab where the notification is coming from. Note this might not work properly if there is more than one tab from the same host open.
• Improvements to userscripts:
  • qute-bitwarden understands a new --password-prompt-invocation, which can be used to specify a tool other than rofi to ask for a password.
  • cast now uses yt-dlp if available (falling back to youtube-dl if not). It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM environment variable.
  • qute-pass now understands a new --prefix argument if used in gopass mode, which gets passed as subfolder prefix to gopass.
  • open_download now supports Flatpak by using its XDG Desktop Portal.
  • open_download now waits for the exit status of xdg-open, causing qutebrowser to report any issues with it.
• The content.headers.custom setting now accepts empty strings as values, resulting in an empty header being sent.
• Renamed settings:
  • qt.low_end_device_mode -> qt.chromium.low_end_device_mode
  • qt.process_model -> qt.chromium.process_model
• System-wide userscripts are now discovered from the correct location when running via Flatpak (/app/share rather than /usr/share).
• Filename prompts now don't display a .. entry in the list of files anymore. To get back to the parent directory, either type ../ manually, or use the new :rl-filename-rubout command, bound to <Ctrl-Shift-W> by default.

Added

• New input.match_counts option which allows to turn off count matching for more emacs-like bindings.
• New {relative_index} field for tabs.title.format (and .pinned_format) which shows relative tab numbers.
• New input.mode_override option which allows overriding the current mode based on the new URL when navigating or switching tabs.
• New qt.chromium.sandboxing setting which allows to disable Chromium's sandboxing (mainly intended for development and testing).
• New QUTE_TAB_INDEX variable for userscripts, containing the index of the current tab.
• New editor.remove_file setting which can be set to False to keep all temporary editor files after closing the external editor.
• New :rl-rubout command replacing :rl-unix-word-rubout (and optionally :rl-unix-filename-rubout), taking a delimiter as argument.
• New :rl-filename-rubout command, using the OS path separator and ignoring spaces. The command also gets shown in the suggested commands for a download filename prompt now.

Fixed

• When search.incremental is disabled, searching using /text followed by a backwards search via ?text (or vice-versa) now correctly changes the search direction.
• Elements getting a hint due to a tabindex now are skipped if it's set to -1, reducing some false-positives.
• The audible indicator ([A]) now uses a 2s cooldown when the audio goes silent, equivalent with the behavior of older QtWebEngine versions.
• With confirm_quit set to downloads, the confirmation dialog is now only shown when closing the last window (rather than closing any window, which would continue running that window's downloads). Unfortunately, more issues with confirm_quit and multiple windows remain.
• Crash when a previous crash-log file contains non-ASCII characters (which should never happen unless it was edited manually)
• Due to changes in Debian, an old workaround (for broken QtWebEngine patching on Debian) caused the inferior qutebrowser error page to be displayed, when Chromium's would have worked fine. The workaround was now dropped.
• Crash when using <Ctrl-D> (:completion-item-del) in the :tab-focus list, rather than :tab-select.
• Work around a Qt issue causing :spawn to run executables from the current directory if no system-wide executable was found. The underlying Qt bug is tracked as CVE-2022-25255, though the impact with typical qutebrowser usage is low: Normally, qutebrowser is run from a fixed location (usually the users home directory), and :spawn is not typically used with executables that don't exist. The main security impact of this bug is in tools like text editors, which are often executed in untrusted directories and might attempt to run auxiliary tools automatically.
• When :rl-rubout or :rl-filename-rubout (formerly :rl-unix-word-rubout and :rl-unix-filename-rubout) were used on a string not starting with the given delimiter, they failed to delete the first character, which is now fixed.
• Fixes in userscripts:
  • ripbang now works again (it got blocked due to a missing user agent and used outdated qutebrowser commands before)
  • keepassxc now has a properly working --insecure flag
• Speculative fix for an immediate crash at start with the macOS/Windows binaries (in certain rare environments).
• Speculative fix for a qutebrowser crash when the notification daemon crashes while showing the notification.
• Fix crash when using :screenshot with an invalid --rect argument.
• Added a site-specific quirk to make cookie dialogs on StackExchange pages (such as Stack Overflow) work on Qt 5.12.

Security

• CVE-2021-41146: Fix arbitrary command execution on Windows via URL handler argument injection. See the security advisory for details.

Added

• New content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.
• New downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).
• New --private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.

Fixed

• Switching tabs via mouse wheel scrolling now works properly on macOS. Set tabs.mousewheel_switching to false if you prefer the previous behavior.
• Speculative fix for a crash when closing qutebrowser while a systray notification is shown.

Fixes

• Updated the workaround for Google Account log in claiming that this browser isn't secure. For an equivalent workaround on older versions, run: :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:90.0) Gecko/20100101 Firefox/90.0"
• Corrupt cache file exceptions with adblock 0.5.0+ are now handled properly.
• Crash when entering unicode surrogates into the filename prompt.
• UnboundLocalError in qute-keepass when the database couldn't be opened.

Added

• New content.prefers_reduced_motion setting to request websites to reduce non-essential motion/animations.
• New colors.prompts.selected.fg setting to customize the text color for selected items in filename prompts.

Changed

• The hosts-based adblocker (using content.blocking.hosts.lists) now also blocks all requests to any subdomains of blocked hosts.
• The fonts.web.* settings now support URL patterns.
• The :greasemonkey-reload command now shows a list of loaded scripts and has a new --quiet switch to suppress that message.
• When launching a userscript via hints, a new QUTE_CURRENT_URL environment variable now points to the current page (rather than the URL of the selected element, where QUTE_URL points to).

Fixed

• Crash on macOS 10.14+ when logging into Google accounts -- the previous fix was incomplete due wrong information in Apple's documentation.
• Crash when two Greasemonkey scripts have the same name (usually happening because the same file is in both the data and the config directory).
• Deprecation warnings when using the link_pyqt.py script on Python 3.10 (e.g. via tox or mkvenv.py).

Fixed

• Logging into Google accounts or sharing the camera on macOS 10.14+ crashed, which is now fixed.
• The Windows installer now correctly aborts the installation on Windows 7 (rather than attempting an install which won't work, since Windows 7 is unsupported since the v2.0.0 release).
• Using --json-logging without --debug caused qutebrowser to crash since the v1.13.0 release. It now works correctly again.
• Mixing Qt 5.14+ with QtWebEngine 5.12 caused a crash related to qutebrowser's notification support, which is now fixed.
• The documentation now points to the new IRC channels on irc.libera.chat instead of the defunct Freenode channels (due to a hostile takeover by Freenode staff).
• Setting content.headers.user_agent or .accept_language to a value containing non-ascii characters was permitted by qutebrowser, but resulted in a crash when loading a page. Such values are now rejected properly.
• When quitting qutebrowser on the qute://settings page, a crash could happen, which is now fixed.
• When :edit-text is used, but the existing text in the input isn't representable in the configured encoding (editor.encoding), qutebrowser would crash. It now shows a proper error instead.
• The testsuite should now work properly on aarch64.
• When QtWebEngine is in a "stuck" state while :selection-follow was used, this could cause a crash in qutebrowser. This is now fixed (speculatively, due to lack of a reproducer).
• When the brave adblock data (adblock-cache.dat) got corrupted, qutebrowser would crash when trying to load it. It now displays an error instead.
• Combining /S (silent) and /allusers when uninstalling via the Windows installer now works properly.

Fixed

• When awesomewm's "naughty" notification daemon was used with a development version of AwesomeWM and an unknown version number, qutebrowser would crash when trying to parse the version string. This is now fixed.
• Due to a bug with QtWebEngine 5.15.4, old Service Worker data could cause renderer process crashes. This is now worked around by qutebrowser.
• When an (broken) binding to set-cmd-text without any argument existed, using : would crash, which is now fixed.
• New site-specific quirk (again) working around not being able to type accented/composed characters on Google Docs.
• When running with python -OO (which is not recommended), a notification being shown would result in a crash, which is now fixed.

Changed

• When an error occurs in a notification presenter, qutebrowser now shows that error in the statusbar instead of just logging it.
• New site-specific-quirk for Discord logging users out when using vertical tabs (yes, really)

Fixed

• Certain errors from notification daemons are now displayed as non-fatal errors instead of qutebrowser crashing:
  • With the legacy GNOME Flashback notification daemon (not GNOME Shell), when more than 20 notifications are currently shown.
  • With the KDE Plasma notification daemon, when the same notification is shown twice (with <1s delay).
• The mkvenv.py script now works when ldconfig -p is failing.
• Running :spawn -u -o broke in v2.2.0 and now works properly again.
• Fixes in userscripts:
  • The qute-bitwarden userscript now still consumes returned data if the Bitwarden CLI showed a warning but exited with a 0 (successful) exit code.
  • The qute-pass userscript now doesn't try to match a username with --password-only, and error messages with invalid patterns are improved.
  • The qute-pass userscript now avoids running pass twice when --otp-only is used.

Deprecated

• Running qutebrowser with Qt 5.12.0 is now unsupported and logs a warning. It should still work - however, a workaround for issues with the Nvidia graphic driver was dropped. Newer Qt 5.12.x versions are still fully supported.
• The --force argument for :tab-only is deprecated, use --pinned close instead.
• Using :tab-focus without an argument or count is now deprecated, use :tab-next instead.

Added

• New dependency on the QtDBus module. If this requirement is an issue for you or your distribution, please open an issue! Note that a DBus connection at runtime is still optional.
• New input.media_keys setting which can be used to disable Chromium's handling of media keys.
• New :process command (and associated qute://process pages) which can be used to view and terminate/kill external processes spawned by qutebrowser.
• New content.site_specific_quirks.skip setting which can be used to disable individual site-specific quirks.
• New --pinned argument for :tab-only, which replaces --force (with --pinned close), but also can take --pinned keep to keep pinned tabs without prompting.
• New fileselect.folder.command which can be used with fileselect.handler = external to customize the command to use to upload directories (<input type="file" webkitdirectory /> elements, which are non-standard but in wide use).
• New content.notifications.presenter setting with various new ways to show web notifications:
  • auto (default): Automatically detect the best available option
  • qt: Use Qt's built-in mechanism (like before this release)
  • libnotify: Use a libnotify-compatible notification server (i.e. native notifications on Linux)
  • systray: Use a systray icon (very similar to qt but without some of its drawbacks)
  • messages: Use qutebrowser messages
  • herbe: Use herbe
• New content.notifications.show_origin setting, which can be used to decide for which notifications to show the origin (the URL the notification was sent from).

Changed

• The content.ssl_strict setting got renamed to content.tls.certificate_errors, with new values:
  • ask: Prompt on overridable certificate errors (ssl_strict = 'ask')
  • ask-block-thirdparty: See below
  • block: Block the page load (ssl_strict = True)
  • load-insecurely: Load the page despite the error (ssl_strict = False)
• The new content.tls.certificate_errors setting now also understands the value ask-block-thirdparty, which asks for page loads but automatically blocks resource loads on TLS errors. This behavior is consistent with what other browsers do.
• The prompt text shown on certificate errors has been improved to make it clearer what kind of error occurred exactly.
• The content.site_specific_quirks setting got renamed to content.site_specific_quirks.enabled.
• The content.notifications option got renamed to content.notifications.enabled.
• The completion now also shows bindings starting with set-cmd-text in its third column, such as o for :open.
• When :spawn is used with the -m / --output-messages flag, the output now appears live, while the process is running.
• When a shown message replaces an existing related one (e.g. for zoom levels), the replacing now also works even if a different message was shown in between.
• The .redirect(...) method on interceptors now supports an ignore_unsupported=True argument which supresses exceptions if a request could not be redirected. Note, however, that it is still not public API.
• When the --config-py argument is used, no warning about a missing config.load_autoconfig is shown anymore, as the argument is typically used for temporarily testing a config.
• The internal _autosave session used for crash recovery is now only saved once per minute, since saving it for every page load is a noticable performance issue.
• The readability-js userscript now displays a small header with page information.
• When an external file selector is used, some additional validation is done on the picked files now, so that errors are shown if e.g. a directory is selected when a file was expected.
• The default binding for T (:tab-focus) got changed so that it fills the command line with :tab-focus if used without a count (instead of being equivalent to :tab-next in that case).
• The :config-unset command now understands the --pattern (-u) flag to unset options customized for a given URL pattern (such as after answering a prompt with "always"/"never").
• The :config-unset command now shows an error when used on an option which is valid, but was never customized.
• The statusbar.widgets setting now understands text:... entries which allows adding a hard-coded text to the statusbar.
• The polyfill for String.replaceAll (required for Nextcloud Calendar < 2.2.0 with QtWebEngine < 5.15.3) is now disabled by default, as it's not fully compliant to the ECMAScript spec and might cause issues on other websites. If you still need it (e.g. if you're still on an old Nextcloud Calendar version), remove js-string-replaceall from content.site_specific_quirks.skip.

Fixed

• When an editor exits with a != 0 exit status, the temporary editor file is now persisted. This already was the case when the editor crashed.
• When a nonexistent file gets passed to --config-py, qutebrowser now complains instead of silently not loading it.
• With some (rare) setups, opening the report dialog or using a PAC proxy with QtWebKit could result in qutebrowser hanging due to a PyQt bug. There's now a workaround which prevents the hang.
• QtWebEngine version detection (influencing things like dark mode settings or certain workarounds) now works correctly on OpenBSD.
• Certain version number formats in /etc/os-release caused qutebrowser to crash. Those are now handled correctly.
• The macOS releases now properly support Dark Mode for UI elements by setting NSRequiresAquaSystemAppearance to false.

Removed

• The qute://spawn-output page used by :spawn -o is now removed, as it's replaced by the new qute://process pages.

Added

• Site-specific quirk for krunker.io, which shows a "Socket Error" with qutebrowser's default Accept-Language header. The workaround is equivalent to doing :set -u matchmaker.krunker.io content.headers.accept_language "".

Changed

• Clicking the 'x' in the devtools window to hide it now also leaves insert mode.

Fixed

• The workaround for black on (almost) black formula images in dark mode now also works with Qt 5.12 and 5.13.
• When running in Flatpak or with the Windows/macOS releases, the QtWebEngine version is now detected properly. Before, a wrong version was assumed, breaking dark mode and certain workarounds (resulting in crashes on websites like LinkedIn or TradingView).
• When the metainfo in the completion database doesn't have the expected structure, qutebrowser now tries to gracefully recover from the situation instead of crashing.
• When qutebrowser displays an error during initialization, opening a second instance would lead to a crash. Instead, qutebrowser now ignores the attempt to open a new page as long as it's not fully initialized yet.
• When the Brave adblock cache folder was unreadable, qutebrowser crashed. It now displays an error instead.
• Fixes in the qute-pass userscript for gopass:
  • Generating OTP tokens now works correctly.
  • Storing the username as part of the secret broke in v2.0.0 and now works again.
• When using bindings.key_mappings to map a key to multiple other keys, qutebrowser would crash. This is now handled correctly - however, note that it's usually better to map keys to commands instead.
• When a minimized window is selected via :tab-select, it's now un-minimized properly.
• When a format string in the config (e.g. tabs.title_format) used a value like {current_url.host} (instead of {current_url:host}), qutebrowser would crash. It now correctly reports an invalid config value instead.
• In rare circumstances, sending URLs/commands to existing instances would result in a crash, which is now fixed.
• Running the testsuite should now fully work without internet access again.
• The --asciidoc script for mkvenv.py broke with v1.14.0. It now works correctly again.
• Various other fixes for running in Flatpak (backported in the Flatpak release even before this qutebrowser release).
• We are the Knights Who Say... ':Ni!'

Removed

• The following command aliases were deprecated in v2.0.0 and are now removed:
  • run-macro -> macro-run
  • record-macro -> macro-record
  • buffer -> tab-select
  • open-editor -> edit-text
  • toggle-selection -> selection-toggle
  • drop-selection -> selection-drop
  • reverse-selection -> selection-reverse
  • follow-selected -> selection-follow
  • follow-hint -> hint-follow
  • enter-mode -> mode-enter
  • leave-mode -> mode-leave

Added

• New :screenshot command which can be used to screenshot the visible part of the page.
• New optional dependency on the importlib_metadata project on Python 3.7 and below. This is only relevant when PyQtWebEngine is installed via pip - thus, this dependency usually isn't relevant for packagers.
• New qute-keepassxc userscript integrating with the KeePassXC browser API.

Changed

• Initial support for QtWebEngine 5.15.3 and PyQt 5.15.3/.4
• The colors.webpage.prefers_color_scheme_dark setting got renamed to colors.webpage.preferred_color_scheme and now takes the values auto, light and dark (instead of being True for dark and False for auto). Note that the light value is only supported with Qt 5.15.2+, falling back to the same behavior as auto on older versions.
• On Linux, qutebrowser now tries harder to find details about the installed QtWebEngine version by inspecting the QtWebEngine binary. This should reduce issues with dark mode (and some workarounds) not working when using differing versions of QtWebEngine/PyQtWebEngine/Qt. This change also prepares qutebrowser for QtWebEngine 5.15.3, which will get released without an updated Qt.
• When PyQtWebEngine >= 5.15.3 is installed via pip (as is e.g. the case with mkvenv.py), qutebrowser now queries the associated metadata to find out the QtWebEngine version.
• When doing :hint links yank --rapid, the messages shown now replace each other, thus being less noisy.
• Newlines in JavaScript messages (confirm, prompt and alert) are now preserved.
• Messages in prompts are now word-wrapped rather than displaying them in one long line.
• If a command stats with space (e.g. : open ..., it's now not saved to command history anymore (similar to how some shells work).
• When a tab is pinned, running :open will now open a new tab instead of displaying an error.
• The fileselect.*.command settings now support file selectors writing the selected paths to stdout, which is used if no {} placeholder is contained in the configured command.
• The --debug-flag argument now understands a new log-sensitive-keys value which logs all keypresses (including those in insert/passthrough/prompt/... mode) for debugging.
• The readability and readability-js userscripts now add a qute-readability CSS class to the page, so that it can be styled easily via a user stylesheet.

Fixed

• With QtWebEngine 5.15.3 and some locales, Chromium can't start its subprocesses. As a result, qutebrowser only shows a blank page and logs "Network service crashed, restarting service.". This release adds a qt.workarounds.locale setting working around the issue. It is disabled by default since distributions shipping 5.15.3 will probably have a proper patch for it backported very soon.
• The colors.webpage.preferred_color_scheme and colors.webpage.darkmode.* settings now work correctly with QtWebEngine 5.15.3 (and Gentoo, which at the time of writing packages 5.15.3 disguised as 5.15.2).
• When dark mode settings were set, existing blink-features arguments in qt.args (or --qt-flag) were overridden. They are now combined properly.
• On QtWebEngine 5.15.2, auto detection for the prefers-color-scheme media query is broken and always returns no-preference, which was removed from the CSS WG Specification. This release contains a workaround to always return light instead (as per the spec).
• When an external file selector deletes the temporary file (like nnn does when quitting the terminal), qutebrowser would crash. It now displays an error instead. The same applies if the temporary file is unreadable for any other reason.
• On macOS, a change in v2.0.x caused certain shortcuts to not work with Cmd anymore, using Ctrl instead. They now work correctly using Cmd (like usual on macOS) again.
• On macOS, using F (hint all tab) sometimes would open a context menu instead of following a link. This is now fixed.
• The quirk added for a missing String.replaceAll did not handle special regexp characters correctly, thus breaking some sites. It now handles them properly.
• The "try again" button on error pages now works correctly with JavaScript disabled.
• If a GreaseMonkey script doesn't have a "@run-at" comment, qutebrowser accidentally treated that as "@run-at document-idle". However, other GreaseMonkey implementations default to "@run-at document-end" instead, which is what qutebrowser now does, too.
• The hist_importer.py script didn't work correctly after qutebrowser v2.0.0 and resulted in a history database qutebrowser couldn't read properly. It now works properly again.
• With certain QtWebEngine versions (5.15.0 based on Chromium 80 and 5.15.3 based on Chromium 87), Chromium's dark mode doesn't invert certain SVG images, even with colors.wegpage.darkmode.policy.images set to smart. Most notably, this causes formulae on Wikipedia to display black on (almost) black. If content.site_specific_quirks is enabled, qutebrowser now injects some CSS as a workaround, which inverts all math formula images on Wikipedia (and potentially other sites, if they use the same CSS class).
• When a hint label text started with an apostrophe, it would show an escaped text until the hints first character has been pressed. It now shows up correctly.

Fixed

• When right-clicking an empty part of the downloads bar, qutebrowser v2.0.x would crash. This is now fixed.
• Setting content.cookies.store to false only worked properly when this was done after qutebrowser was already started due to a regression in v2.0.0. It now works as expected again.
• If qutebrowser was installed as a Python egg with Python 3.8 or 3.9, requesting unavailable resource files (such as PDF.js not being bundled, or a missing changelog file) caused in a crash due to an inconsistent behavior in those versions of Python. This is now handled properly by qutebrowser.
• In v2.0.0, support for importing the sip dependency as sip rather than PyQt5.sip was dropped, since upstream claims it should be used as PyQt5.sip ever since PyQt 5.11. However, some distributions still package sip as a global sip package. Thus, support for a global sip package is now reintroduced.
• The changelog for v2.0.0 claimed that hints.leave_on_load was set to true by default. However, the input.insert_mode.leave_on_load setting was instead set to true accidentally. This is now fixed by actually setting hints.leave_on_load to true, and reversing the change to input.insert_mode.leave_on_load so it is set to false by default again.
• When the importlib_resources package is required but was missing, users would get a Python stacktrace rather than a proper error message. This is now fixed.
• Site-specific quirk JavaScript files were loaded lazily rather than preloaded at the start of qutebrowser, causing a crash when e.g. switching between versions while qutebrowser is open. Now they are preloaded at the start of qutebrowser again.
• The link to the keybinding cheatsheet on the internal :help page wasn't displayed correctly. This is now fixed.
• When the completion rebuilding process was interrupted, qutebrowser did not detect this condition on the next start, thus resulting in a completion with inconsistent data. This is now fixed, with another rebuild being forced with this update, to ensure the data is consistent for all users.
• In certain scenarios, qutebrowser v2.0.x warned about config.load_autoconfig(...) being missing when loading a secondary config (e.g. via config.source(...)). It now only shows those warnings for the main config.py file.
• The --enable-webengine-inspector flag is now accepted again, however it's unused and undocumented. It purely exists to make it possible to use :restart between pre-v2.0.x and v2.0.2+ versions.
• When hints.dictionary pointed to a file not encoded as UTF-8, this resulted in a crash (also in versions before v2.0.0). It now properly displays an error instead.
• When running qutebrowser with a single empty commandline argument, such as done by open_url_in_instance.sh, this would result in a partially initialized window. Interacting with that window results in a crash (also in versions before v2.0.0). Instead, the startpage is now shown properly.

Fixed

• If qutebrowser was installed as a Python egg (similar to a .zip file, via setup.py install under certain conditions), a change in v2.0.0 caused it to not start properly. This is now fixed.
• If qutebrowser was set up (or packaged) in an unclean environment, this could result in a stale qutebrowser/components/adblock.py file being picked up. That file is not part of the release anymore, but if an old version is still around, causes qutebrowser to crash. It's now explicitly blocked inside qutebrowser so it gets ignored even if it still exists.
• When the adblocking method was switched using :set, and the adblock dependency was unavailable when qutebrowser started (but was installed while qutebrowser was open), this resulted in a crash. Now a warning prompting for a restart of qutebrowser is shown instead.

Changed

• The format_json userscript now uses sh instead of bash again.
• The add-nextcloud-bookmarks, add-nextcloud-cookbook, readability and ripbang userscripts now use a python3 rather than plain python shebang.
• When QTWEBENGINE_CHROMIUM_FLAGS is set in the environment, this causes flag handling (including workarounds for QtWebEngine crashes) inside qutebrowser to break. This will be handled properly in a future version, but this release now shows a warning on standard output if this is the case.
• The config completion for fileselect.*.command now also includes the "nnn" terminal file manager.

Major changes

• If the Python adblock library is available, it is now used to integrate Brave's Rust adblocker library for improved adblocking based on ABP-like filter lists (such as EasyList). If it is unavailable, qutebrowser falls back to host-blocking, i.e. the same blocking technique it used before this release. As part of this, various settings got renamed, see "Changed" below. Note: If the adblock dependency is available, qutebrowser will ignore custom host blocking via the blocked-hosts config file or file:/// URLs supplied as host blocking lists. You will need to either migrate those to ABP-like lists, or set content.blocking.method to both.
• Various dependency upgrades - a quick checklist for packagers (see "Changed" below for details):
  • Ensure you're providing at least Python 3.6.1.
  • Ensure you're providing at least Qt 5.12 and PyQt 5.12.
  • Add a new optional dependency on the Python adblock library (if packaged - if not, consider packaging it, albeit optional it's very useful for users).
  • Remove the cssutils optional dependency (if present).
  • Remove the attrs (attr) dependency.
  • Remove the pypeg2 dependency (and perhaps consider dropping the package if not used elsewhere - it's inactive upstream and the repository was removed by Bitbucket).
  • Move the pygments dependency from required to optional.
  • Move the setuptools dependency from runtime (for pkg_resources) to build-time.
  • For Python 3.6, 3.7 or 3.8, add a dependency on the importlib_resources backport.
  • For Python 3.6 only, add a dependency on the dataclasses backport.
• Dropped support for old OS versions in binary releases:
  • Support for Windows 7 is dropped in the Windows binaries, the minimum required Windows version is now Windows 8.1.
  • Support for macOS 10.13 High Sierra is dropped in the macOS binaries, the minimum required macOS version is now macOS 10.14 Mojave.
• Various renamed settings and commands, see "Deprecated" and "Changed" below.

Removed

• The --enable-webengine-inspector flag (which was only needed for Qt 5.10 and below) is now dropped. With Qt 5.11 and newer, the inspector/devtools are enabled unconditionally.
• Support for moving qutebrowser data from versions before v1.0.0 has been removed.
• The --old flag for :config-diff has been removed. It used to show customized options for the old pre-v1.0 config files (in order to aid migration to v1.0).
• The :inspector command which was deprecated in v1.13.0 (in favor of :devtools) is now removed.

Deprecated

• Several commands have been renamed for consistency and/or easier grouping of related commands. Their old names are still available, but deprecated and will be removed in qutebrowser v2.1.0.
  • run-macro -> macro-run
  • record-macro -> macro-record
  • buffer -> tab-select
  • open-editor -> edit-text
  • toggle-selection -> selection-toggle
  • drop-selection -> selection-drop
  • reverse-selection -> selection-reverse
  • follow-selected -> selection-follow
  • follow-hint -> hint-follow
  • enter-mode -> mode-enter
  • leave-mode -> mode-leave

Added

• New settings for the ABP-based adblocker:
  • content.blocking.method to decide which blocker(s) should be used.
  • content.blocking.adblock.lists to configure ABP-like lists to use.
• New qt.environ setting which makes it easier to set/unset environment variables for qutebrowser.
• New settings to use an external file picker (such as ranger or vifm):
  • fileselect.handler (default or external)
  • fileselect.multiple_files.command
  • fileselect.single_file.command
• When QtWebEngine has been updated but PyQtWebEngine hasn't yet, the dark mode settings might stop working. As a (currently undocumented) escape hatch, this version adds a QUTE_DARKMODE_VARIANT=qt_515_2 environment variable which can be set to get the correct behavior in (transitive) situations like this.
• New --desktop-file-name commandline argument, which can be used to customize the desktop filename passed to Qt (which is used to set the app_id on Wayland).
• The :open completion now also completes local file paths and file:// URLs, via a new filesystem entry in completion.open_categories. Also, a new completion.favorite_paths setting was added which can be used to add paths to show when :open is used without any input.
• New QUTE_VERSION variable for userscripts, which can be used to read qutebrowser's version.
• New "Copy URL" entry in the context menu for downloads.
• New :bookmark-list command which lists all bookmarks/quickmarks. The corresponding qute://bookmarks URL already existed since v0.8.0, but it was never exposed as a command.
• New qt.workarounds.remove_service_workers setting which can be used to remove the "Service Workers" directory on every start. Usage of this option is generally discouraged, except in situations where the underlying QtWebEngine bug is a known cause for crashes.
• Changelogs are now shown after qutebrowser was upgraded. By default, the changelog is only shown after minor upgrades (feature releases) but not patch releases. This can be adjusted (or disabled entirely) via a new changelog_after_upgrade setting.
• New userscripts:
  • kodi to play videos in Kodi
  • qr to generate a QR code of the current URL
  • add-nextcloud-bookmarks to create bookmarks in Nextcloud's Bookmarks app
  • add-nextcloud-cookbook to add recipes to Nextcloud's Cookbook app

Changed

• config.py files now are required to have either config.load_autoconfig(False) (don't load autoconfig.yml) or config.load_autoconfig() (do load autoconfig.yml) in them.
• Various host-blocking settings have been renamed to accomodate the new ABP-like adblocker:
  • content.host_blocking.enabled -> content.blocking.enabled (controlling both blockers)
  • content.host_blocking.whitelist -> content.blocking.whitelist (controlling both blockers)
  • content.host_blocking.lists -> content.blocking.hosts.lists
• Changes to default settings:
  • tabs.background is now true by default, so that new tabs get opened in the background.
  • input.partial_timeout is now set to 0 by default, so that partially typed key strings are never cleared.
  • hints.leave_on_load is now false by default, so that hint mode doesn't get left when a page finishes loading. This can lead to stale hints persisting in rare circumstances, but is better than leaving hint mode when the user entered it before loading was completed.
  • The default for tabs.width (tab bar width if vertical) is now 15% of the window width rather than 20%.
  • The default bindings for moving tabs (tab-move - and tab-move +) were changed from gl and gr to gK and gJ, to be consistent with the tab switching bindings.
  • The text color for warning messages is now black instead of white, for increased contrast and thus readability.
  • The default timeout for messages is now raised from 2s to 3s.
• On the first start, the history completion database is regenerated to remove a few problematic entries (such as long qute://pdfjs URLs). This might take a couple of minutes, but is a one-time operation. This should result in a performance improvement for the completion for affected users.
• qutebrowser now shows an error if its history database version is newer than expected. This currently should never happen, but allows for potentially backwards-incompatible changes in future versions.
• At least Python 3.6.1 is now required to run qutebrowser, support for Python 3.5 (and 3.6.0) is dropped. Note that Python 3.5 is no longer supported upstream since September 2020.
• At least Qt/PyQt 5.12 is now required to run qutebrowser, support for 5.7 to 5.11 (inclusive) is dropped. While Debian Buster ships Qt 5.11, it's based on a Chromium version from 2018 with no Debian security support and unsupported upstream since May 2019. It also has compatibility issues with various websites (GitHub, Twitch, Android Developer documentation, YouTube, ...). Since no newer Debian Stable is released at the time of writing, it's recommended to install qutebrowser in a virtualenv with a newer version of Qt/PyQt.
• New optional dependency on the Python adblock library (see above for details).
• The (formerly optional) cssutils dependency is now removed. It was only needed for improved behavior in corner cases when using :download --mhtml with the (non-default) QtWebKit backend, and as such it's unlikely anyone is still relying on it. The cssutils project is also dead upstream, with its repository being gone after Bitbucket removed Mercurial support.
• The (formerly required) pygments dependency is now optional. It is only used when using :view-source with QtWebKit, or when forcing it via :view-source --pygments on QtWebEngine. If it is unavailable, an unhighlighted fallback version of the page's source is shown.
• The former runtime dependency on the pkg_resources module (part of the setuptools project) got dropped. Note that setuptools is still required to run setup.py.
• A new dependency on the importlib_resources module got introduced for Python versions up to and including 3.8. Note that the stdlib importlib.resources module for Python 3.7 and 3.8 is missing the needed APIs, thus requiring the backports for those versions as well.
• The former dependency on the attrs/attr package is now dropped in favour of dataclasses in the Python standard library. On Python 3.6, a new dependency on the dataclasses backport is now required.
• The former dependency on the pypeg2 package is now dropped. This might cause some changes for certain corner-cases for suggested filenames when downloading files with the QtWebKit backend.
• Windows and macOS releases now ship Python 3.9 rather than 3.7.
• The colors.webpage.darkmode.* settings are now also supported with older Qt versions (Qt 5.12 and 5.13) rather than just with Qt 5.14 and above.
• For regexes in the config (hints.{prev,next}_regexes), certain patterns which will change meanings in future Python versions are now disallowed. This is the case for character sets starting with a literal [ or containing literal character sequences --, &&, ~~, or ||. To avoid a warning, remove the duplicate characters or escape them with a backslash.
• If prompt(..., "default") is used via JS, the default text is now pre-selected in the prompt shown by qutebrowser.
• URLs such as ::1/foo are now handled as a search term or local file rather than IPv6. Use [::1]/foo to force parsing as IPv6 instead.
• The mkvenv.py script now runs a "smoke test" after setting up the virtual environment to ensure it's working as expected. If necessary, the test can be skipped via a new --skip-smoke-test flag.
• Both qutebrowser userscripts and Greasemonkey scripts are now additionally picked up from qutebrowser's config directory (the userscripts and greasemonkey subdirectories of e.g. ~/.config/qutebrowser/) rather than only the data directory (the same subdirectories of e.g. ~/.local/share/qutebrowser/).
• The :later command now understands a time specification like 5m or 1h5m2s, rather than just taking milliseconds.
• The importer.py script doesn't use a browser argument anymore; instead its --input-format switch can be used to configure the input format. The help also was expanded to explain how to use it properly.
• If tabs.tabs_are_windows is set, the tabs.last_close setting is now ignored and the window is always closed when using :close (d).
• With the (default) QtWebEngine backend, if a custom accept header is set via content.headers.custom, the custom value is now ignored for XHR (XMLHttpRequest) requests. Instead, the sent value is now */* or the header set from JavaScript, as it would be if content.headers.custom wasn't set.
• The :tab-select completion now shows the underlying renderer process PID if doing so is supported (on QtWebEngine 5.15).
• If tabs.favicons.show is set to never, favicons aren't unnecessarily downloaded anymore. Thus, disabling favicons can help with a possible fingerprinting vector.
• "Super" is now understood as a modifier (i.e. as alias to "Meta").
• Initial support for Python 3.10 (currently in Alpha stage).
• Various performance improvements, including for the startup time.

Fixed

• With interpolated color settings (colors.tabs.indicator.* and colors.downloads.*), the alpha channel is now handled correctly.
• Fixes to userscripts:
  • format_json now uses env in its shebang, making it work correctly on systems where bash isn't located in /bin.
  • qute-pass now handles the MIME output format introduced in gopass 1.10.0.
  • qute-lastpass now types multiple < or > characters correctly.
• The :undo completion now sorts its entries correctly (by the numerical index rather than lexicographically).
• The completion.web_history.ignore setting now works properly when set in config.py (rather than via :set). Additionally, a :config-source will not result in a history rebuild if the value wasn't actually changed.
• When downloading a data: URL, the suggested filename is now improved and contains a proper extension. Before this fix, qutebrowser would use the URL's data contents as filename with QtWebEngine; or "binary blob" with the Qt network stack.
• When :tab-only is run before a tab is available, an error is now shown instead of crashing.
• A couple of long URLs (such as qute://pdfjs URLs) are now not added to the history database anymore.
• A bug in QtWebEngine 5.15.2 causes "renderer process killed" errors on websites like LinkedIn and TradingView. There is now a workaround in qutebrowser to prevent this from happening.
• Nextcloud Calendars started using String.replaceAll which was only added to Chromium recently (Chrome 85), so won't work with current QtWebEngine versions. This release includes a workaround (a polyfill as a site-specific-quirk).

Added

• With v1.14.0, qutebrowser configures the main window to be transparent, so that it's possible to configure a translucent tab- or statusbar. However, that change introduced various issues, such as performance degradation on some systems or breaking dmenu window embedding with its -w option. To avoid those issues for people who are not using transparency, the default behavior is reverted to versions before v1.14.0 in this release. A new window.transparent setting can be set to true to restore the behavior of v1.14.0.

Changed

• Windows and macOS releases now ship Qt 5.15.2, which is based on Chromium 83.0.4103.122 with security fixes up to 86.0.4240.183. This includes CVE-2020-15999 in the bundled freetype library, which is known to be exploited in the wild. It also includes various other bugfixes/features compared to Qt 5.15.0 included in qutebrowser v1.14.0, such as:
  • Correct handling of AltGr on Windows
  • Fix for content.cookies.accept not working properly
  • Fixes for screen sharing (some websites are still broken until an upcoming Qt 5.15.3)
  • Support for FIDO U2F / WebAuth
  • Fix for the unwanted creation of directories such as databases-incognito in the home directory
  • Proper autocompletion in the devtools console
  • Proper signalisation of a tab's audible status ([A])
  • Fix for a hang when opening the context menu on macOS Big Sur (11.0)
  • Hardware accelerated graphics on macOS

Fixed

• Setting the content.headers.referer setting to same-domain (the default) was supposed to truncate referers to only the host with QtWebEngine. Unfortunately, this functionality broke in Qt 5.14. It works properly again with this release, including a test so this won't happen again.
• With QtWebEngine 5.15, setting the content.headers.referer setting to never did still send referers. This is now fixed as well.
• In v1.14.0, a regression was introduced, causing a crash when qutebrowser was closed after opening a download with PDF.js. This is now fixed.
• With Qt 5.12, the Object.fromEntries JavaScript API is unavailable (it was introduced in Chromium 73, while Qt 5.12 is based on 69). This caused https://www.vr.fi/en and possibly other websites to break when accessed with Qt 5.12. A suitable polyfill is now included with qutebrowser if content.site_specific_quirks is enabled (which is the default).
• While XDG startup notifications (e.g. launch feedback via the bouncy cursor in KDE Plasma) were supported ever since Qt 5.1, qutebrowser's desktop file accidentally declared that it wasn't supported. This is now fixed.
• The dmenu_qutebrowser and qutedmenu userscripts now correctly read the qutebrowser sqlite history which has been in use since v1.0.0.
• With Python 3.8+ and vertical tabs, a deprecation warning for an implicit int conversion was shown. This is now fixed.
• Ever since Qt 5.11, fetching more completion data when that data is loaded lazily (such as with history) and the last visible item is selected was broken. The exact reason is currently unknown, but this release adds a tenative fix.
• When PgUp/PgDown were used to go beyond the last visible item, the above issue caused a crash, which is now also fixed.
• As a workaround for an overzealous Microsoft Defender false-positive detecting a "trojan" in the (unprocessed) adblock list, :adblock-update now doesn't cache the HTTP response anymore.
• With the QtWebKit backend and content.headers set to same-domain (the default), origins with the same domain but different schemes or ports were treated as the same domain. They now are correctly treated as different domains.
• When a URL path uses percent escapes (such as https://example.com/embedded%2Fpath), using :navigate up would treat the %2F as a path separator and replace any remaining percent escapes by their unescaped equivalents. Those are now handled correctly.
• On macOS 11.0 (Big Sur), the default monospace font name caused a parsing error, thus resulting in broken styling for the completion, hints, and other UI components. They now look properly again.
• Due to a Qt bug, installing Qt/PyQt from prebuilt binaries on systems with a very old libxcb-utils version (notably, Debian Stable, but not Ubuntu since 16.04 LTS) results in a setup which fails to start. This also affects the mkvenv.py script, which now includes a workaround for this case.
• The open_url_instance.sh userscript now complains when socat is not installed, rather than silencing the error.
• The example AppArmor profile in misc/ was outdated and written for the older QtWebKit backend. It is now updated to serve as an useful starting point with QtWebEngine.
• When running :devtools on Fedora without the needed (optional) dependency installed, it was suggested to install qt5-webengine-devtools, which does not, in fact, exist. It's now correctly suggested to install qt5-qtwebengine-devtools instead.
• With Qt 5.15.2, lines/borders coming from the readability-js userscript were invisible. This is now fixed by changing the border color to grey (with all Qt versions).
• Due to changes in the underlying Chromium, the colors.webpage.prefers_color_scheme_dark setting broke with Qt 5.15.2. It now works properly again.
• A bug in the pkg_resources module used by qutebrowser caused deprecation warnings to appear on start with Python 3.9 on some setups. Those are now hidden.
• Minor performance improvements.
• Fix for various functionality breaking in private windows with v1.14.0, after the last private window is closed. This includes:
  • Ad blocking
  • Downloads
  • Site-specific quirks (e.g. for Google login)
  • Certain settings such as content.javascript.enabled

Note: The QtWebEngine version bundled with the Windows/macOS releases is still based on Qt 5.15.0 (like with qutebrowser v1.12.0 and v1.13.0) rather than Qt 5.15.1 because of a Qt bug causing frequent renderer process crashes. When Qt 5.15.2 is released (planned for November 3rd, 2020), a qutebrowser v1.14.x patch release with an updated QtWebEngine will be released.

Furthermore, this release still only contains partial session support for QtWebEngine 5.15. It's still recommended to run against Qt 5.15 due to the security patches contained in it -- for most users, the added workarounds seem to work out fine. A rewritten session support will be part of qutebrowser v2.0.0, tentatively planned for the end of the year or early 2021.

Changed

• The content.media_capture setting got split up into three more fine-grained settings, content.media.audio_capture, .video_capture and .audio_video_capture. Before this change, answering "always" to a prompt about e.g. audio capturing would set the content.media_capture setting, which would also allow the same website to capture video on a future visit. Now every prompt will set the appropriate setting, though existing content.media_capture settings in autoconfig.yml will be migrated to set all three settings. To review/change previously granted permissions, use :config-diff and e.g. :config-unset -u example.org content.media.video_capture.
• The main window's (invisible) background color is now set to transparent. This allows using the alpha channel in statusbar/tabbar colors to get a partially transparent qutebrowser window on a setup which supports doing so.
• If QtWebEngine is compiled with PipeWire support and libpipewire is installed, qutebrowser will now support screen sharing on Wayland. Note that QtWebEngine 5.15.1 is needed.
• When :undo is used with a count, it now reopens the count-th to last tab instead of the last one. The depth can instead be passed as an argument, which is also completed.
• The default completion.timestamp_format now also shows the time.
• :back and :forward now take an optional index which is completed using the current tab's history.
• The time a website in a tab was visited is now saved/restored in sessions.
• When attempting to download a file to a location for which there's already a still-running download, a confirmation prompt is now displayed.
• :completion-item-focus now understands next-page and prev-page with corresponding <PgDown> / <PgUp> default bindings.
• When the last private window is closed, all private browsing data is now cleared.
• When config.source(...) is used with a --config-py argument given, qutebrowser used to search relative files in the config basedir, leading to them not being found when using a shared config.py for different basedirs. Instead, they are now searched relative to the given config.py file.
• navigate prev ([[) and navigate next (]]) now recognize links with nav-prev and nav-next classes, such as those used by the Hugo static site generator.
• When tabs.favicons is disabled but tabs.tabs_are_windows is set, the window icon is still set to the page's favicon now.
• The --asciidoc argument to src2asciidoc.py and build_release.py now only takes the path to asciidoc.py, using the current Python interpreter by default. To configure the Python interpreter as well, use --asciidoc-python path/to/python --asciidoc path/to/asciidoc.py instead of the former --asciidoc path/to/python path/to/asciidoc.py.
• Dark mode (colors.webpage.darkmode.*) is now supported with Qt 5.15.2 (which is not released yet).
• The default for the darkmode policy.images setting is now set to smart which fixes issues with e.g. formulas on Wikipedia.
• The readability-js userscript now adds some CSS to improve the reader mode styling in various scenarios:
  • Images are now shrinked to the page width, similarly to what Firefox' reader mode does.
  • Some images ore now displayed as block (rather than inline) which is what Firefox' reader mode does as well.
  • Blockquotes are now styled more distinctively, again based on the Firefox reader mode.
  • Code blocks are now easier to distinguish from text and tables have visible cell margins.
• The readability-js userscript now supports hint userscript mode.

Added

• New argument strip for :navigate which removes queries and fragments from the current URL.
• :undo now has a new -w / --window argument, which can be used to restore closed windows (rather than tabs). This is bound to U by default.
• :jseval can now take javascript:... URLs via a new --url flag.
• New replacement {aligned_index} for tabs.title.format and format_pinned which behaves like {index}, but space-pads the index based on the total numbers of tabs. This can be used to get aligned tab texts with vertical tabs.
• New command :devtools-focus (bound to wIf) to toggle keyboard focus between the devtools and web page.
• The --target argument to qutebrowser now understands a new private-window value, which can be used to open a private window in an existing instance from the commandline.
• The :download-open command now has a new --dir flag, which can be used to open the directory containing the downloaded file. An entry to do the same was also added to the context menu.
• Messages are now wrapped when they are too long to be displayed on a single line.
• New possible --debug-flag values:
  • wait-renderer-process waits for a SIGUSR1 in the renderer process so a debugger can be attached.
  • avoid-chromium-init allows using --version without needing a working QtWebEngine/Chromium.

Fixed

• A URL pattern with a *. host was considered valid and matched all hosts. Due to keybindings like tsH toggling scripts for *://*.{url:host}/*, invoking them on pages without a host (e.g. about:blank) could result in accidentally allowing/blocking JavaScript for all pages. Such patterns are now considered invalid, with existing patterns being automatically removed from autoconfig.yml.
• When scrolling.bar was set to overlay (the default), qutebrowser would internally override any enable-features=... flags passed via qt.args or --qt-flag. It now correctly combines existing enable-feature flags with internal ones.
• Elements with an inherited contenteditable attribute now trigger insert mode and get hints assigned correctly.
• When checkmarks, radio buttons and some other elements are styled via the Bootstrap CSS framework, they now get hints correctly.
• When the session file isn't writable when qutebrowser exits, an error is now logged instead of crashing.
• When using -m with the qute-lastpass userscript, it accidentally matched URLs containing the match as substring. This is now fixed.
• When a filename is derived from a page's title, it's now shortened to the maximum filename length permitted by the filesystem.
• :enter-mode register crashed since v1.13.0, it now displays an error instead.
• With the QtWebKit backend, webpage resources loading certain invalid URLs could cause a crash, which is now fixed.
• When :config-edit is used but no config.py exists yet, the file is now created (and watched for changes properly) before spawning the external editor.
• When hint mode was entered from outside normal mode, the status bar was empty instead of displaying the proper text. This is now fixed.
• When entering different modes too quickly (e.g. pressing fV), the statusbar could end up in a confusing state. This is now fixed.
• When qutebrowser quits, running downloads are now cancelled properly.
• The site-specific quirk for web.whatsapp.com has been updated to work after recent changes in WhatsApp.
• Highlighting in the completion now works properly when UTF-16 surrogate pairs (such as emoji) are involved.
• When a windowed inspector is clicked, insert mode now isn't entered anymore.
• When :undo is used to re-open a tab, but tabs.tabs_are_windows was set between closing and undoing the close, qutebrowser crashed. This is now fixed.
• With QtWebEngine 5.15.0, setting the darkmode image policy to smart leads to renderer process crashes. The offending setting value is now ignored with a warning.
• Fixes for the qute-pass userscript:
  • With newer gopass versions, a deprecation notice was copied as password due to qute-pass using it in a deprecated way.
  • The --password-store argument didn't actually set PASSWORD_STORE_DIR for pass, resulting in qute-pass finding matches but the underlying pass not finding matching passwords.

Fixed

• With Qt 5.14, shared workers are now disabled. This works around a crash in QtWebEngine on certain sites (like the Epic Games Store or the Unreal Engine page).
• When a window is closed, the tab it contains are now correctly shut down (closing e.g. any dialogs which are still open for those tabs).
• The Qt 5.15 session workaround now loads the correct (rather than the last) page when :back was used before saving a session.
• In certain situations on Windows, qutebrowser fails to find the username of the user launching qutebrowser (most likely due to a bug in the application launching it). When this happens, an error is now displayed instead of crashing.
• Certain autoconfig.yml with an invalid structure could lead to crashes, which are now fixed.
• Generating docs with asciidoc2html.py (e.g. via mkvenv.py) now works correctly without Pygments being installed system-wide.
• Ever since Qt 5.9, when input.mouse.rocker_gestures was enabled, the context menu still was shown when clicking the right mouse button, thus preventing the rocker gestures. This is now fixed.
• Clicking the inspector switched from existing modes (such as passthrough) to normal mode since v1.13.0. Now insert mode is only entered when the inspector is clicked in normal mode.
• Pulseaudio now shows qutebrowser's audio streams as qutebrowser correctly, rather than showing them as Chromium with some Qt versions.
• If :help was called with a deprecated command (e.g. :help :inspector), the help page would show despite deprecated commands not being documented. This now shows an error instead.
• The qute-lastpass userscript now filters out duplicate entries with --merge-candidates.

Deprecated

• The :inspector command is deprecated and has been replaced by a new :devtools command (see below).

Removed

• The :debug-log-level command was removed as it's replaced by the new logging.level.console setting.
• The qute://plainlog special page got replaced by qute://log?plain - the names of those pages is considered an implementation detail, and :messages --plain should be used instead.

Changed

• Changes to commands:
  • :config-write-py now adds a note about config.py files being targeted at advanced users.
  • :report now takes two optional arguments for bug/contact information, so that it can be used without the report window popping up.
  • :message now takes a --logfilter / -f argument, which is a list of logging categories to show.
  • :debug-log-filter now understands the full logfilter syntax.
• Changes to settings:
  • fonts.tabs has been split into fonts.tabs.{selected,unselected} (see below).
  • statusbar.hide has been renamed to statusbar.show with the possible values being always (hide = False), never (hide = True) or in-mode (new, only show statusbar outside of normal mode.
  • The QtFont config type formerly used for fonts.tabs and fonts.debug_console is now removed and entirely replaced by Font. The former distinction was mainly an implementation detail, and the accepted values shouldn't have changed.
  • input.rocker_gestures has been renamed to input.mouse.rocker_gestures.
  • content.dns_prefetch is now enabled by default again, since the crashes it caused are now fixed (Qt 5.15) or worked around.
  • scrolling.bar supports a new overlay value to show an overlay scrollbar, which is now the default. On unsupported configurations (on Qt < 5.11, with QtWebKit or on macOS), the value falls back to when-searching or never (QtWebKit).
  • url.auto_search supports a new schemeless value which always opens a search unless the given URL includes an explicit scheme.
• New handling of bindings in hint mode which fixes various bugs and allows for single-letter keybindings in hint mode.
• The statusbar now shows partial keychains in all modes (e.g. while hinting).
• New t[Cc][Hh] default bindings which work similarly to the t[Ss][Hh] bindings for JavaScript but toggle cookie permissions.
• The tor_identity userscript now takes the password via a -p flag and has a new -c flag to customize the Tor control port.
• Small performance improvements.

Added

• New settings:
  • logging.level.ram and logging.level.console to configure the default logging levels via the config.
  • fonts.tabs.selected and fonts.tabs.unselected to set the font of the selected tab independently from unselected tabs (e.g. to make it bold).
  • input.mouse.back_forward_buttons which can be set to false to disable back/forward mouse buttons.
• New :devtools command (replacing :inspector) with various improved functionality:
  • The devtools can now be docked to the main window, by running :devtools left (wIh), bottom (wIj), top (wIk) or right (wIl). To show them in a new window, use :devtools window (wIw). Using :devtools (wi) will open them at the last used position.
  • The devtool window now has a "qutebrowser developer tools" window title.
  • When a resource is opened from the devtools, it now opens in a proper qutebrowser tab.
  • On Fedora, when the qt5-webengine-devtools package is missing, an error is now shown instead of a blank inspector window.
  • If opened as a window, the devtools are now closed properly when the associated tab is closed.
  • When the devtools are clicked, insert mode is entered automatically.

Fixed

• Crash when tabs.focus_stack_size is set to -1.
• Crash when a pdf.js file for PDF.js exists, but viewer.html does not.
• Crash when :completion-item-yank --sel is used on a platform without primary selection support (e.g. Windows/macOS).
• Crash when there's a feature permission request from Qt with an invalid URL (which happens due to a Qt bug with Qt 5.15 in private browsing mode).
• Crash in rare cases where QtWebKit/QtWebEngine imports fail in unexpected ways.
• Crash when something removed qutebrowser's IPC socket file and it's been running for 6 hours.
• :config-write-py now works with paths starting with ~/... again.
• New site-specific quirk for a missing globalThis in Qt <= 5.12 on Reddit and Spotify.
• When ; is added to hints.chars, using hint labels containing ;; now works properly.
• Hint letters outside of ASCII should now work.
• When bindings.key_mappings is used with hints, it now works properly with letters outside of ASCII as well.
• With Qt 5.15, the audible/muted indicators are not updated properly due to a Qt bug. This release adds a workaround so that at least the muted indicator is shown properly.
• As a workaround for crashes with QtWebEngine versions between 5.12 and 5.14 (inclusive), changing the user agent (content.headers.user_agent) exposed to JS now requires a restart. The corresponding HTTP header is not affected.

Removed

• tox -e mkvenv which was deprecated in qutebrowser v1.10.0 is now removed. Use the mkvenv.py script instead.
• Support for using config.bind(key, None) in config.py to unbind a key was deprecated in v1.8.2 and is now removed. Use config.unbind(key) instead.
• :yank markdown was deprecated in v1.7.0 and is now removed. Use :yank inline [{title}]({url}) instead.

Added

• New :debug-keytester command, which shows a "key tester" widget. Previously, that was only available as a separate application via python3 -m scripts.keytester.
• New :config-diff command which opens the qute://configdiff page.
• New --debug-flag log-cookies to log cookies to the debug log.
• New colors.contextmenu.disabled.{fg,bg} settings to customize colors for disabled items in the context menu.
• New line selection mode (:toggle-selection --line), bound to Shift-V in caret mode.
• New colors.webpage.darkmode.* settings to control Chromium's dark mode. Note that those settings only work with QtWebEngine on Qt >= 5.14 and require a restart of qutebrowser.

Changed

• Windows and macOS releases now ship Qt 5.15, which is based on Chromium 80.0.3987.163 with security fixes up to 81.0.4044.138.
• The content.cookies.accept setting now accepts URL patterns.
• Tests are now included in release tarballs. Note that only running them with the exact dependencies listed in misc/requirements/requirements-tests.txt{,-raw} is supported.
• The :tab-focus command now has completion for tabs in the current window.
• The bindings.key_mappings setting now maps <Ctrl+I> to the tab key by default.
• :tab-give --private now detaches a tab into a new private window.

Fixed

• Using :open -s now only rewrites http:// in URLs to https://, not other schemes like qute://.
• When an unhandled exception happens in certain parts of the code (outside of the main thread), qutebrowser did crash or freeze when trying to show its exception handler. This is now fixed.
• :inspector now works correctly when cookies are disabled globally.
• Added workaround for a (Gentoo?) PyQt/packaging issue related to the QWebEngineFindTextResult handling added in v1.11.0.
• When entering caret selection mode (v, v) very early before a page is loaded, an error is now shown instead of a crash happening.
• The workaround for session loading with Qt 5.15 now handles sessions.lazy_restore so that the saved page is loaded instead of the "stub" page with no possibility to get to the web page.
• A site specific quirk to allow typing accented characters on Google Docs was active for docs.google.com, but not drive.google.com. It is now applied for both subdomains.
• With older graphics hardware (OpenGL < 4.3) with Qt 5.14 on Wayland, WebGL causes segfaults. Now qutebrowser detects that combination and suggests to disable WebGL or use XWayland.

Security

• CVE-2020-11054: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false which is not recommended), this could still provide a false sense of security. This is now fixed.

Note: The original source release accidentally contained a Python virtual environment in misc/requirements/testenv as well as some other files (doc/changelog.html, doc/faq.html, misc/requirements/requirements-pyqt-5.15.txt-raw). In the post1 release, those files are deleted, with no other changes.

Added

• New settings:
  • search.wrap which can be set to false to prevent wrapping around the page when searching. With QtWebEngine, Qt 5.14 or newer is required.
  • content.unknown_url_scheme_policy which allows controlling when an external application is opened for external links (never, from user interaction, always).
  • content.fullscreen.overlay_timeout to configure how long the fullscreen overlay should be displayed. If set to 0, no overlay is displayed.
  • hints.padding to add additional padding for hints.
  • hints.radius to set a border radius for hints (set to 3 by default).
• New placeholders for url.searchengines values:
  • {unquoted} inserts the search term without any quoting.
  • {semiquoted} (same as {}) quotes most special characters, but slashes remain unquoted.
  • {quoted} (same as {} in earlier releases) also quotes slashes.

Changed

• First adaptions to Qt 5.15, including a stop-gap measure for session loading not working properly with it.
• Searching now wraps around the page by default with QtWebKit (where it didn't before). Set search.wrap to false to restore the old behavior.
• The {} placeholder for search engines (the url.searchengines setting) now does not quote slashes anymore, but other characters typically encoded in URLs still get encoded. This matches the behavior of search engines in Chromium. To revert to the old behavior, use {quoted} instead.
• The content.windowed_fullscreen setting got renamed to content.fullscreen.window.
• Mouse-wheel scrolling is now prevented while hints are active.
• Changes to userscripts:
  • qute-bitwarden now has an optional --totp flag which can be used to copy TOTP codes to clipboard (requires the pyperclip module).
  • readability-js now opens readability tabs next to the original tab (using the :open --related flag).
  • readability-js now displays a favicon for readability tabs.
  • password_fill now triggers a change JavaScript event after filling the data.
• The dictcli.py script now shows better error messages.
• Various improvements to the mkvenv.py script (mainly useful for development).
• Minor performance improvements.

Deprecated

• A warning about old Qt versions is now also shown with Qt 5.9 and 5.10, as support for Qt < 5.11 will be dropped in qutebrowser v2.0.

Fixed

• unsafeWindow is now defined for Greasemonkey scripts with QtWebKit.
• The proxied window global is now shared between different Greasemonkey scripts (but still separate from the page's window), to match the original Greasemonkey implementation.
• The --output-messages (-m) flag added in v1.9.0 now also works correctly when using :spawn --userscript.
• :version and --version now don't crash if there's an (invalid) /etc/os-release file which has non-comment lines without a = character.
• Scripts in scripts/ now report errors to stderr correctly, instead of using stdout.

Changed

• Windows and macOS releases now bundle Qt 5.14.2, including security fixes up to Chromium 80.0.3987.132.

Fixed

• The WhatsApp workaround now also works when using WhatsApp in languages other than English.
• The mkvenv.py script now also works properly on Windows.

Fixed

• Crash when saving data fails during shutdown (which was a regression introduced in v1.9.0).
• Error while reading config.py when fonts.tabs or fonts.debug_console is set to a value including default_size.
• When a state file contains invalid UTF-8 data, a proper error is now displayed.

Changed

• When the Qt version changes (and also on the first start of v1.10.1 on Qt 5.14), service workers registered by websites are now deleted. This is done as a workaround for QtWebEngine issues causing crashes when visiting pages using service workers (such as Google Mail/Drive). No persistent data should be affected as websites can re-register their service workers, but a (single) backup is kept at webengine/Service Worker-bak in qutebrowser's data directory.
• Better output on stdout when config errors occur.
• The mkvenv.py now ensures the latest versions of setuptools and wheel are installed in the virtual environment, which should speed up installation and fix install issues.
• The default for colors.statusbar.command.private.bg has been changed to a slightly different gray, as a workaround for a Qt issue where the cursor was invisible in that case.

Added

• New colors.webpage.prefers_color_scheme_dark setting which allows forcing prefers-color-scheme: dark colors for websites (QtWebEngine with Qt 5.14 or newer).
• New fonts.default_size setting which can be used to set a bigger font size for all UI fonts.

Changed

• The fonts.monospace setting has been removed and replaced by fonts.default_family. The new default_family setting is improved in various ways:
  • It accepts a list of font families (or a single font family) rather than a comma-separated string. As an example, instead of fonts.monospace = "Courier, Monaco", use fonts.default_family = ["Courier", "Monaco"].
  • Since a list is now accepted as value, no quoting of font names with spaces is required anymore. As an example, instead of fonts.monospace = '"xos4 Terminus"', use fonts.default_family = 'xos4 Terminus'.
  • It is now empty by default rather than having a long list of font names in the default config. When the value is empty, the system's default monospaced font is used.
• If monospace is now used in a font value, it's used literally and not replaced anymore. Instead, default_family is replaced as explained above.
• The default content.headers.accept_language value now adds a ;q=0.9 classifier which should make the value sent more in-line with what other browsers do.
• The qute-pass userscript now has a new --mode gopass switch which uses gopass rather than pass.
• The tox -e mkvenv (or mkvenv-pypi) way of installing qutebrowser is now replaced by a mkvenv.py script. See the updated link:install{outfilesuffix}#tox[install instructions] for details.
• macOS and Windows releases now ship with Qt/QtWebEngine 5.14.1
  • Based on Chromium 77.0.3865.129 with security fixes up to Chromium 79.0.3945.117.
  • Sandboxing is now enabled on Windows.
  • Monospace fonts are now used when a website requests them on macOS 10.15.
  • Web notifications are now supported.

Fixed

• When quitting qutebrowser, components are now cleaned up differently. This should fix certain (rare) segmentation faults and exceptions when quitting, especially with the new exit scheme introduced in in PyQt5 5.13.1.
• Added a workaround for per-domain settings (e.g. a JavaScript whitelist) not being applied in some scenarios with Qt 5.13 and above.
• Added additional site-specific quirk for WhatsApp Web.
• The qute-pass userscript now works correctly when a PASSWORD_STORE_DIR ending with a trailing slash is given.

Added

• Initial support for Qt 5.14.
• New content.site_specific_quirks setting which enables workarounds for websites with broken user agent parsing (enabled by default, see the "Fixed" section for fixed websites).
• New qt.force_platformtheme setting to force Qt to use a given platform theme.
• New tabs.tooltips setting which can be used to disable hover tooltips for tabs.
• New settings to configure the appearance of context menus:
  • fonts.contextmenu
  • colors.contextmenu.menu.bg
  • colors.contextmenu.menu.fg
  • colors.contextmenu.selected.bg
  • colors.contextmenu.selected.fg

Changed

• The macOS binaries now require macOS 10.13 High Sierra or newer. Support for macOS 10.12 Sierra has been dropped.
• The content.headers.user_agent setting now is a format string with the default value resembling the behavior of it being set to null before. This slightly changes the sent user agent for QtWebKit: Instead of mentioning qutebrowser and its version it now mentions the Qt version.
• The qute-pass userscript now has a new --extra-url-suffixes (-s) argument which passes extra URL suffixes to the tldextract library.
• A stack is now used for :tab-focus last rather than just saving one tab. Additionally, :tab-focus now understands stack-prev and stack-next arguments to traverse that stack.
• :hint now has a new right-click target which allows right-clicking elements via hints.
• The Terminus font has been removed from the default monospace fonts since it caused trouble with HighDPI setups. To get it back, add either "xos4 Terminus" or Terminus (depending on fontconfig version) to the beginning of the fonts.monospace setting.
• As a workaround for a Qt bug causing a segfault, desktop sharing is now automatically rejected on Qt versions before 5.13.2. Note that screen sharing still won't work on Linux before Qt 5.14.
• Comment lines in quickmarks/bookmarks files are now ignored. However, note that qutebrowser will overwrite those files if bookmark/quickmark commands are used.
• Reopening PDF.js pages from e.g. a session file will now re-download and display those PDFs.
• Improved behavior when using :open-download in a sandboxed environment (KDE Flatpak).
• qutebrowser now enables the new PyQt exit scheme, which should result in things being cleaned up more properly (e.g. cookies being saved even without a timeout) on PyQt 5.13.1 and newer.
• The :spawn command has a new -m / --output-messages argument which shows qutebrowser messages based on a command's standard output/error.
• Improved insert mode detection for some CodeMirror usages (e.g. in JupyterLab and Jupyter Notebook).
• If JavaScript is disabled globally, file://* now doesn't automatically have it enabled anymore. Run :set -u file://* content.javascript.enabled true to restore the previous behavior.
• Settings with URL patterns can now be used to affect the behavior of the QtWebEngine inspector. Note that the underlying URL is chrome-devtools://* from Qt 5.11 to Qt 5.13, but devtools://* with Qt 5.14.
• Improvements when tabs.tabs_are_windows is set:
  • Using :tab-take and :tab-give now shows an error, as the effect of doing so would be equal to :tab-clone.
  • The :buffer completion doesn't show any window sections anymore, only a flat list of tabs.
• Improved parsing in some corner cases for the QtFont type (used for fonts.tabs and fonts.debug_console).
• Performance improvements for the following areas:
  • Adding settings with URL patterns
  • Matching of settings using URL patterns

Fixed

• Downloads (e.g. via :download) now see the same user agent header as webpages, which fixes cases where overly restrictive servers/WAFs closed the connection before.
• dictcli.py now works correctly on Windows again.
• The logic for :restart has been revisited, which should fix issues with relative basedirs.
• Remaining issues related to Python 3.8 are now fixed (mostly warnings, especially on QtWebKit).
• Workaround for a Qt bug where a page never finishes loading with a non-overridable TLS error (e.g. due to HSTS).
• The qute://configdiff page now doesn't show built-in settings (e.g. javascript being enabled for qute:// and chrome:// pages) anymore.
• The qute-lastpass userscript now stops prompting for passwords when cancelling the password input.
• The tab hover text now shows ampersands (&) correctly.
• With QtWebEngine and Qt >= 5.11, the inspector now shows its icons correctly even if loading of images is disabled via the content.images setting.
• Entering a very long string (over 50k characters) in the completion used to crash, now it shows an error message instead.
• Various improvements for URL/searchengine detection:
  • Strings with a dot but with characters not allowed in a URL (e.g. an underscore) are now not treated as URL anymore.
  • Strings like "5/8" are now not treated as IP anymore.
  • URLs with an explicit scheme and a space (%20) are correctly treated as URLs.
  • Mail addresses are now treated as search terms.
  • With url.open_base_url set, searching for a search engine name now works.
  • url.open_base_url = True together with url.auto_search = 'never' is now handled correctly.
  • Fixed crash when a search engine URL turns out to be invalid.
• New "site specific quirks", which work around some broken websites:
  • WhatsApp Web
  • Google Accounts
  • Slack (with older QtWebEngine versions)
  • Dell.com support pages (with Qt 5.7)
  • Google Docs (fixes broken IME/compose key)

Fixed

• Segmentation fault introduced in v1.8.2 when a tab gets closed immediately after it has finished loading (e.g. with certain login flows).

Changed

• Windows/macOS releases now ship with Qt 5.12.6. This includes security fixes up to Chromium 77.0.3865.120 plus a security fix for CVE-2019-13720 from Chromium 78.

Fixed

• Unbinding keys via config.bind(key, None) accidentally worked in v1.7.0 but raises an exception in v1.8.0. It now works again, but is deprecated and shows an error. Note that :config-py-write did write such invalid lines before v1.8.0, so existing config files might need adjustments.
• The readability-js userscript now handles encodings correctly (which it didn't before for some websites).
• can now be used to paste text starting with a hyphen.
• Following hints via the number keypad now works properly again.
• Errors while reading the state file are now displayed instead of causing a crash.
• Crash when using :debug-log-level without a console attached.
• Downloads are now hidden properly when the browser is in fullscreen mode.
• Crash when setting colors.webpage.bg to an empty value with QtWebKit.
• Crash when the history database file is not a proper sqlite database.
• Workaround for missing/broken error pages on Debian.
• A deprecation warning (caused by pywin32) about the imp module on Windows is now hidden.

• No code changes - this release only repackages the Windows/macOS releases due to issues with the v1.8.0 release.
• Updated dependencies for Windows/macOS releases:
  • macOS and Windows releases now ship with Qt/QtWebEngine 5.12.5. Those are based on Chromium 69.0.3497.128 with security fixes up to Chromium 76.0.3809.87.
  • Qt 5.13 couldn't be used yet due to various bugs in Qt 5.13.0 and .1.

The Windows/macOS releases were pulled because of issues with the bundled Qt versions. Use the v1.8.1 release there instead.

Added

• New userscripts:
  • readability-js which uses Mozilla's node.js readability library.
  • qute-bitwarden which integrates the Bitwarden CLI.

Changed

• Updated dependencies for Windows/macOS releases:
  • macOS releases now ship with Qt 5.13.0 and QtWebEngine 5.13.1. Those are based on Chromium 73.0.3683.105 with security fixes up to Chromium 76.0.3809.87.
  • Windows releases now ship with Qt/QtWebEngine 5.12.5. Those are based on Chromium 69.0.3497.128 with security fixes up to Chromium 76.0.3809.87.
  • Those specific combinations were chosen due to various issues with newer Qt releases. Hopefully, those will be unified again with Qt 5.13.2.
• The statusbar text for passthrough mode now shows all configured bindings to leave the mode, not only one.
• When :config-source is used with a relative filename, the file is now searched in the config directory instead of the current working directory.
• HTML5 inputs with date/time types now enter insert mode when selected.
• dictcli.py now shows where dictionaries are installed to and complains when running it as root if doing so would result in a wrong installation path.
• The Makefile now can also run setup.py build when invoked without a target.
• Changes to userscripts:
  • qute-pass: Don't run pass if only a username is requested.
  • qute-pass: Support private domains like myrouter.local.
  • readability: Improved CSS styling.
• Performance improvements in various areas:
  • Loading config files
  • Typing without any completion matches
  • General keyboard handling
  • Scrolling
• :version now shows details about the loaded autoconfig.yml/config.py.
• Hosts are now additionally looked up including their ports in netrc files.
• With Qt 5.10 or newer, qutebrowser now doesn't force software rendering with Nouveau drivers anymore. However, QtWebEngine/Chromium still do so.
• The XSS Auditor is now disabled by default (content.xss_auditing = false). This reflects a similar change in Chromium, see their XSS Auditor Design Document for details.

Fixed

• :config-write-py now correctly writes config.unbind(...) lines (instead of config.bind(..., None)) when unbinding a default keybinding.
• Prevent repeat keyup events for JavaScript when a key is held down.
• The Makefile now rebuilds the manpage correctly.
• ~/.config/qutebrowser/blocked-hosts can now also contain /etc/hosts-like lines, not just simple hostnames.
• Restored compatibility with Jinja2 2.8 (e.g. used on Debian Stretch or Ubuntu 16.04 LTS).
• Fixed implicit type conversion warning with Python 3.8.
• The desktop file now sets StartupWMClass correctly, so the qutebrowser icon is no longer shown twice in the Gnome dock when pinned.
• Bindings involving keys which need the AltGr key now work properly.
• Fixed crash (caused by a Qt bug) when typing characters above the Unicode BMP (such as certain emoji or CJK characters).
• dictcli.py now works properly again.
• Shift can now be used while typing hint keystrings, which e.g. allows typing number hints on French keyboards.
• With rapid hinting in number mode, backspace now edits the filter text after following a hint.
• A certain type of error ("locking protocol") while initializing sqlite now isn't handled as crash anymore.
• Crash when showing a permission request in certain scenarios.

Removed

• At least Python 3.5.2 is now required to run qutebrowser, support for 3.5.0 and 3.5.1 was dropped.