qutebrowser

NOTE: This release is a source-only release, to fix a recent issue with changed sqlite options on FreeBSD. For Windows/macOS binary releases (and any environment where sqlite accepts double-quoted string literals), this release is equivalent to v2.5.3, thus no new binaries were uploaded here.

Fixed

• Support SQLite with DQS (double quoted string) compile time option turned
  off.

Added

• New array_at quirk, polyfilling the Array.at method, which is needed by various websites, but only natively available with Qt 6.2.

Fixed

• Crash when the adblock filter file can't be read.
• Inconsistent behavior when using :config-{dict,list}-* commands with an
  invalid value. Before the fix, using the same command again would complain that
  the value was already present, despite the error and the value not being
  actually changed.
• Incomplete error handling when mutating a dict/list in config.py and setting
  an invalid value. Before the fix, this would result in either a message in the
  terminal rather than GUI (startup), or in a crash (:config-source).
• Wrong type handling when using :config-{dict,list}-* commands with a config
  option with non-string values. The only affected option is bindings.commands,
  which is probably rarely used with those commands.
• The readability userscript now correctly passes the source URL to
  Breadability, to make relative links work.
• Update dictcli.py to use the main branch, fixing a 404 error.
• Crash with some notification servers when the server did quit.
• Minor documentation fixes

Fixed

• Packaging-related fixes:
  • The install and stacktrace help pages are now included in the docs
    shipped with qutebrowser when using the recommended packaging workflow.
  • The Windows installer now more consistently uses the configured Windows
    colors.
  • The Windows installer now bases the desktop/start menu icon choices on
    the existing install, if upgrading.
  • The macOS release hopefully doesn't cause macOS to (falsely) claim that it
    "is damaged and can't be opened" anymore.
• The notification fixes in v2.5.1 caused new notification crashes (probably
  more common than the ones being fixed...). Those are now fixed, along with a
  (rather involved) test case to prevent similar issues in the future.
• When a text was not found on a page, the associated message would be shown as
  rich text (e.g. after /<h1>). With this release, this is fixed for search
  messages, while the 3.0.0 release will change the default for all messages to be
  plain-text. Note this is NOT a security issue, as only a small subset of HTML
  is interpreted as rich text by Qt, independently from the website.
• When a Greasemonkey script couldn't be loaded (e.g. due to an unreadable file),
  qutebrowser would crash. It now shows an error instead.
• Ever since the v1.2.0 release in 2018, the content.default_encoding setting
  was not applied on start properly (only when it was changed afterwards). This
  is now fixed.

Fixed

• The qute-pass userscript is marked as executable again.
• PDF.js now works properly again with the macOS and Windows releases.
• The MathML workaround for darkmode (e.g. black on black Wikipedia formula)
  now also works for display (rather than inline) math.
• The content.proxy setting can now correctly be set to arbitrary values via
  the qute://settings page again.
• Fixed issues with Chromium version detection on Archlinux with
  qt5-webengine 5.15.9-3.
• Fixed a rare possible crash with invalid Content-Disposition headers.
• Fixes for various notification-related crashes:
  • With the tiramisu notification server (due to invalid behavior of the server, now a non-fatal error)
  • With the budgie notification server when closing a notification (due to invalid behavior of the server, now worked around)
  • When a server exits with an unsuccessful exit status (now a non-fatal error)
  • When a server couldn't be started successfully (now a non-fatal error)
  • With the herbe notification presenter, when the website tries to close
    the notification after the user accepting (right-clicking) it.
• Fixes in userscripts:
  • The qute-bitwarden userscript now correctly searches for entries for
    sites on a subdomain of an unrecognized TLD. subdomain names. Previously
    my.site.local would have searched in bitwarden for my.sitelocal,
    losing the rightmost dot.

Deprecated

• v2.5.x will be the last release of qutebrowser 2.
  For the upcoming 3.0.0 release, it's planned to drop support for various
  legacy platforms and libraries which are unsupported upstream, such as:
  • Qt before 5.15 LTS (plus adding support for Qt 6.2+)
  • Python 3.6
  • The QtWebKit backend
  • macOS 10.14 (via Homebrew)
  • 32-bit Windows (via Qt)
  • Windows 8 (via Qt)
  • Windows 10 before 1809 (via Qt)
  • Possibly other more minor dependency changes
• The :rl-unix-word-rubout command (<Ctrl-W> in command/prompt modes) has
  been deprecated. Use :rl-rubout " " instead.
• The :rl-unix-filename-rubout command has been deprecated. Use either
  :rl-rubout "/ " (classic readline behavior) or :rl-filename-rubout (using
  OS path separator and ignoring spaces) instead.

Changed

• Improved message if a spawned process wasn't found and a Flatpak container is
  in use.
• The :tab-move command now takes start and end as index to move a tab
  to the first/last position.
• Tests now automatically pick the backend (QtWebKit/QtWebEngine) based on
  what's available. The QUTE_BDD_WEBENGINE environment variable and
  --qute-bdd-webengine argument got replaced by QUTE_TESTS_BACKEND and
  --qute-backend respectively, which can be set to either webengine or
  webkit.
• Using :tab-give or :tab-take on the last tab in a window now always
  closes that window, no matter what tabs.last_close is set to.
• Redesigned qute://settings (:set) page with buttons for options with
  fixed values.
• The default hint.selectors now match more ARIA roles (tab, checkbox,
  menuitem, menuitemcheckbox and menuitemradio).
• Using e.g. :bind --mode=passthrough now scrolls to the passthrough section
  on the qute://bindings page.
• Clicking on a notification now tries to focus the tab where the notification
  is coming from. Note this might not work properly if there is more than one
  tab from the same host open.
• Improvements to userscripts:
  • qute-bitwarden understands a new --password-prompt-invocation, which can
    be used to specify a tool other than rofi to ask for a password.
  • cast now uses yt-dlp if available (falling back to youtube-dl if not).
    It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM
    environment variable.
  • qute-pass now understands a new --prefix argument if used in gopass
    mode, which gets passed as subfolder prefix to gopass.
  • open_download now supports Flatpak by using its XDG Desktop Portal.
  • open_download now waits for the exit status of xdg-open, causing
    qutebrowser to report any issues with it.
• The content.headers.custom setting now accepts empty strings as values,
  resulting in an empty header being sent.
• Renamed settings:
  • qt.low_end_device_mode -> qt.chromium.low_end_device_mode
  • qt.process_model -> qt.chromium.process_model
• System-wide userscripts are now discovered from the correct location when
  running via Flatpak (/app/share rather than /usr/share).
• Filename prompts now don't display a .. entry in the list of files anymore.
  To get back to the parent directory, either type ../ manually, or use the new
  :rl-filename-rubout command, bound to <Ctrl-Shift-W> by default.

Added

• New input.match_counts option which allows to turn off count matching for
  more emacs-like bindings.
• New {relative_index} field for tabs.title.format (and .pinned_format)
  which shows relative tab numbers.
• New input.mode_override option which allows overriding the current mode
  based on the new URL when navigating or switching tabs.
• New qt.chromium.sandboxing setting which allows to disable Chromium's
  sandboxing (mainly intended for development and testing).
• New QUTE_TAB_INDEX variable for userscripts, containing the index of the
  current tab.
• New editor.remove_file setting which can be set to False to keep all
  temporary editor files after closing the external editor.
• New :rl-rubout command replacing :rl-unix-word-rubout (and optionally
  :rl-unix-filename-rubout), taking a delimiter as argument.
• New :rl-filename-rubout command, using the OS path separator and ignoring
  spaces. The command also gets shown in the suggested commands for a download
  filename prompt now.

Fixed

• When search.incremental is disabled, searching using /text followed by a
  backwards search via ?text (or vice-versa) now correctly changes the search
  direction.
• Elements getting a hint due to a tabindex now are skipped if it's set to
  -1, reducing some false-positives.
• The audible indicator ([A]) now uses a 2s cooldown when the audio goes
  silent, equivalent with the behavior of older QtWebEngine versions.
• With confirm_quit set to downloads, the confirmation dialog is now only
  shown when closing the last window (rather than closing any window, which
  would continue running that window's downloads). Unfortunately, more issues
  with confirm_quit and multiple windows remain.
• Crash when a previous crash-log file contains non-ASCII characters (which
  should never happen unless it was edited manually)
• Due to changes in Debian, an old workaround (for broken QtWebEngine patching
  on Debian) caused the inferior qutebrowser error page to be displayed, when
  Chromium's would have worked fine. The workaround was now dropped.
• Crash when using <Ctrl-D> (:completion-item-del) in the :tab-focus
  list, rather than :tab-select.
• Work around a Qt issue causing :spawn to run executables from the current
  directory if no system-wide executable was found. The underlying Qt bug is
  tracked as CVE-2022-25255,
  though the impact with typical qutebrowser usage is low: Normally,
  qutebrowser is run from a fixed location (usually the users home directory),
  and :spawn is not typically used with executables that don't exist. The main
  security impact of this bug is in tools like text editors, which are often
  executed in untrusted directories and might attempt to run auxiliary tools
  automatically.
• When :rl-rubout or :rl-filename-rubout (formerly :rl-unix-word-rubout
  and :rl-unix-filename-rubout) were used on a string not starting with the
  given delimiter, they failed to delete the first character, which is now fixed.
• Fixes in userscripts:
  • ripbang now works again (it got blocked due to a missing user agent and
    used outdated qutebrowser commands before)
  • keepassxc now has a properly working --insecure flag
• Speculative fix for an immediate crash at start with the macOS/Windows
  binaries (in certain rare environments).
• Speculative fix for a qutebrowser crash when the notification daemon crashes
  while showing the notification.
• Fix crash when using :screenshot with an invalid --rect argument.
• Added a site-specific quirk to make cookie dialogs on StackExchange pages
  (such as Stack Overflow) work on Qt 5.12.

Security

• CVE-2021-41146: Fix arbitrary command execution on Windows via URL handler
  argument injection. See the security advisory for details.

Added

• New content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.
• New downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).
• New --private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.

Fixed

• Switching tabs via mouse wheel scrolling now works properly on macOS. Set tabs.mousewheel_switching to false if you prefer the previous behavior.
• Speculative fix for a crash when closing qutebrowser while a systray notification is shown.

Fixes

• Updated the workaround for Google Account log in claiming that this browser
  isn't secure. For an equivalent workaround on older versions, run:
  :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:90.0) Gecko/20100101 Firefox/90.0"
• Corrupt cache file exceptions with adblock 0.5.0+ are now handled properly.
• Crash when entering unicode surrogates into the filename prompt.
• UnboundLocalError in qute-keepass when the database couldn't be opened.

Added

• New content.prefers_reduced_motion setting to request websites to reduce
  non-essential motion/animations.
• New colors.prompts.selected.fg setting to customize the text color for
  selected items in filename prompts.

Changed

• The hosts-based adblocker (using content.blocking.hosts.lists) now also
  blocks all requests to any subdomains of blocked hosts.
• The fonts.web.* settings now support URL patterns.
• The :greasemonkey-reload command now shows a list of loaded scripts and has
  a new --quiet switch to suppress that message.
• When launching a userscript via hints, a new QUTE_CURRENT_URL environment
  variable now points to the current page (rather than the URL of the selected
  element, where QUTE_URL points to).

Fixed

• Crash on macOS 10.14+ when logging into Google accounts -- the previous fix
  was incomplete due wrong information in Apple's documentation.
• Crash when two Greasemonkey scripts have the same name (usually happening
  because the same file is in both the data and the config directory).
• Deprecation warnings when using the link_pyqt.py script on Python 3.10
  (e.g. via tox or mkvenv.py).

Fixed

• Logging into Google accounts or sharing the camera on macOS 10.14+ crashed,
  which is now fixed.
• The Windows installer now correctly aborts the installation on Windows 7
  (rather than attempting an install which won't work, since Windows 7 is
  unsupported since the v2.0.0 release).
• Using --json-logging without --debug caused qutebrowser to crash since the
  v1.13.0 release. It now works correctly again.
• Mixing Qt 5.14+ with QtWebEngine 5.12 caused a crash related to qutebrowser's
  notification support, which is now fixed.
• The documentation now points to the new IRC channels on irc.libera.chat
  instead of the defunct Freenode channels (due to a hostile takeover by
  Freenode staff).
• Setting content.headers.user_agent or .accept_language to a value
  containing non-ascii characters was permitted by qutebrowser, but resulted in
  a crash when loading a page. Such values are now rejected properly.
• When quitting qutebrowser on the qute://settings page, a crash could happen, which is now fixed.
• When :edit-text is used, but the existing text in the input isn't
  representable in the configured encoding (editor.encoding), qutebrowser would
  crash. It now shows a proper error instead.
• The testsuite should now work properly on aarch64.
• When QtWebEngine is in a "stuck" state while :selection-follow was used,
  this could cause a crash in qutebrowser. This is now fixed (speculatively, due
  to lack of a reproducer).
• When the brave adblock data (adblock-cache.dat) got corrupted, qutebrowser
  would crash when trying to load it. It now displays an error instead.
• Combining /S (silent) and /allusers when uninstalling via the Windows
  installer now works properly.

Fixed

• When awesomewm's "naughty" notification daemon was used with a development
  version of AwesomeWM and an unknown version number, qutebrowser would crash
  when trying to parse the version string. This is now fixed.
• Due to a bug with QtWebEngine 5.15.4, old Service Worker data could cause
  renderer process crashes. This is now worked around by qutebrowser.
• When an (broken) binding to set-cmd-text without any argument existed,
  using : would crash, which is now fixed.
• New site-specific quirk (again) working around not being able to type
  accented/composed characters on Google Docs.
• When running with python -OO (which is not recommended), a notification
  being shown would result in a crash, which is now fixed.

Changed

• When an error occurs in a notification presenter, qutebrowser now shows that
  error in the statusbar instead of just logging it.
• New site-specific-quirk for Discord logging users out when using vertical
  tabs (yes, really)

Fixed

• Certain errors from notification daemons are now displayed as non-fatal
  errors instead of qutebrowser crashing:
  • With the legacy GNOME Flashback notification daemon (not GNOME Shell), when
    more than 20 notifications are currently shown.
  • With the KDE Plasma notification daemon, when the same notification is
    shown twice (with <1s delay).
• The mkvenv.py script now works when ldconfig -p is failing.
• Running :spawn -u -o broke in v2.2.0 and now works properly again.
• Fixes in userscripts:
  • The qute-bitwarden userscript now still consumes returned data if the
    Bitwarden CLI showed a warning but exited with a 0 (successful) exit code.
  • The qute-pass userscript now doesn't try to match a username with
    --password-only, and error messages with invalid patterns are improved.
  • The qute-pass userscript now avoids running pass twice when --otp-only
    is used.

Deprecated

• Running qutebrowser with Qt 5.12.0 is now unsupported and logs a warning. It
  should still work - however, a workaround for issues with the Nvidia graphic
  driver was dropped. Newer Qt 5.12.x versions are still fully supported.
• The --force argument for :tab-only is deprecated, use --pinned close
  instead.
• Using :tab-focus without an argument or count is now deprecated, use
  :tab-next instead.

Added

• New dependency on the QtDBus module. If this requirement is an issue for you
  or your distribution, please open an issue! Note that a DBus connection at
  runtime is still optional.
• New input.media_keys setting which can be used to disable Chromium's
  handling of media keys.
• New :process command (and associated qute://process pages) which can be
  used to view and terminate/kill external processes spawned by qutebrowser.
• New content.site_specific_quirks.skip setting which can be used to disable
  individual site-specific quirks.
• New --pinned argument for :tab-only, which replaces --force (with
  --pinned close), but also can take --pinned keep to keep pinned tabs
  without prompting.
• New fileselect.folder.command which can be used with
  fileselect.handler = external to customize the command to use to upload
  directories (<input type="file" webkitdirectory /> elements, which are
  non-standard but in wide use).
• New content.notifications.presenter setting with various new ways to show
  web notifications:
  • auto (default): Automatically detect the best available option
  • qt: Use Qt's built-in mechanism (like before this release)
  • libnotify: Use a libnotify-compatible notification server (i.e. native
    notifications on Linux)
  • systray: Use a systray icon (very similar to qt but without some of
    its drawbacks)
  • messages: Use qutebrowser messages
  • herbe: Use herbe
• New content.notifications.show_origin setting, which can be used to decide
  for which notifications to show the origin (the URL the notification was sent
  from).

Changed

• The content.ssl_strict setting got renamed to
  content.tls.certificate_errors, with new values:
  • ask: Prompt on overridable certificate errors (ssl_strict = 'ask')
  • ask-block-thirdparty: See below
  • block: Block the page load (ssl_strict = True)
  • load-insecurely: Load the page despite the error (ssl_strict = False)
• The new content.tls.certificate_errors setting now also understands the
  value ask-block-thirdparty, which asks for page loads but automatically blocks
  resource loads on TLS errors. This behavior is consistent with what other
  browsers do.
• The prompt text shown on certificate errors has been improved to make it
  clearer what kind of error occurred exactly.
• The content.site_specific_quirks setting got renamed to
  content.site_specific_quirks.enabled.
• The content.notifications option got renamed to
  content.notifications.enabled.
• The completion now also shows bindings starting with set-cmd-text in its
  third column, such as o for :open.
• When :spawn is used with the -m / --output-messages flag, the output now
  appears live, while the process is running.
• When a shown message replaces an existing related one (e.g. for zoom levels),
  the replacing now also works even if a different message was shown in between.
• The .redirect(...) method on interceptors now supports an
  ignore_unsupported=True argument which supresses exceptions if a request could
  not be redirected. Note, however, that it is still not public API.
• When the --config-py argument is used, no warning about a missing
  config.load_autoconfig is shown anymore, as the argument is typically used
  for temporarily testing a config.
• The internal _autosave session used for crash recovery is now only saved
  once per minute, since saving it for every page load is a noticable performance
  issue.
• The readability-js userscript now displays a small header with page
  information.
• When an external file selector is used, some additional validation is done on
  the picked files now, so that errors are shown if e.g. a directory is selected
  when a file was expected.
• The default binding for T (:tab-focus) got changed so that it fills the
  command line with :tab-focus if used without a count (instead of being
  equivalent to :tab-next in that case).
• The :config-unset command now understands the --pattern (-u) flag to
  unset options customized for a given URL pattern (such as after answering a
  prompt with "always"/"never").
• The :config-unset command now shows an error when used on an option which is
  valid, but was never customized.
• The statusbar.widgets setting now understands text:... entries which
  allows adding a hard-coded text to the statusbar.
• The polyfill for String.replaceAll (required for Nextcloud Calendar < 2.2.0
  with QtWebEngine < 5.15.3) is now disabled by default, as it's not fully
  compliant to the ECMAScript spec and might cause issues on other websites.
  If you still need it (e.g. if you're still on an old Nextcloud Calendar
  version), remove js-string-replaceall from
  content.site_specific_quirks.skip.

Fixed

• When an editor exits with a != 0 exit status, the temporary editor file is now
  persisted. This already was the case when the editor crashed.
• When a nonexistent file gets passed to --config-py, qutebrowser now
  complains instead of silently not loading it.
• With some (rare) setups, opening the report dialog or using a PAC proxy with
  QtWebKit could result in qutebrowser hanging due to a PyQt bug. There's now a
  workaround which prevents the hang.
• QtWebEngine version detection (influencing things like dark mode settings or
  certain workarounds) now works correctly on OpenBSD.
• Certain version number formats in /etc/os-release caused qutebrowser to
  crash. Those are now handled correctly.
• The macOS releases now properly support Dark Mode for UI elements by setting
  NSRequiresAquaSystemAppearance to false.

Removed

• The qute://spawn-output page used by :spawn -o is now removed, as it's
  replaced by the new qute://process pages.

Added

• Site-specific quirk for krunker.io, which shows a "Socket Error" with
  qutebrowser's default Accept-Language header. The workaround is equivalent to
  doing :set -u matchmaker.krunker.io content.headers.accept_language "".

Changed

• Clicking the 'x' in the devtools window to hide it now also leaves insert
  mode.

Fixed

• The workaround for black on (almost) black formula images in dark mode now
  also works with Qt 5.12 and 5.13.
• When running in Flatpak or with the Windows/macOS releases, the QtWebEngine
  version is now detected properly. Before, a wrong version was assumed, breaking
  dark mode and certain workarounds (resulting in crashes on websites like
  LinkedIn or TradingView).
• When the metainfo in the completion database doesn't have the expected
  structure, qutebrowser now tries to gracefully recover from the situation
  instead of crashing.
• When qutebrowser displays an error during initialization, opening a second
  instance would lead to a crash. Instead, qutebrowser now ignores the attempt
  to open a new page as long as it's not fully initialized yet.
• When the Brave adblock cache folder was unreadable, qutebrowser crashed. It
  now displays an error instead.
• Fixes in the qute-pass userscript for gopass:
  • Generating OTP tokens now works correctly.
  • Storing the username as part of the secret broke in v2.0.0 and now works
    again.
• When using bindings.key_mappings to map a key to multiple other keys,
  qutebrowser would crash. This is now handled correctly - however, note that
  it's usually better to map keys to commands instead.
• When a minimized window is selected via :tab-select, it's now un-minimized
  properly.
• When a format string in the config (e.g. tabs.title_format) used a value
  like {current_url.host} (instead of {current_url:host}), qutebrowser
  would crash. It now correctly reports an invalid config value instead.
• In rare circumstances, sending URLs/commands to existing instances would
  result in a crash, which is now fixed.
• Running the testsuite should now fully work without internet access again.
• The --asciidoc script for mkvenv.py broke with v1.14.0. It now works
  correctly again.
• Various other fixes for running in Flatpak (backported in the Flatpak release
  even before this qutebrowser release).
• We are the Knights Who Say... ':Ni!'

Removed

• The following command aliases were deprecated in v2.0.0 and are now removed:
  • run-macro -> macro-run
  • record-macro -> macro-record
  • buffer -> tab-select
  • open-editor -> edit-text
  • toggle-selection -> selection-toggle
  • drop-selection -> selection-drop
  • reverse-selection -> selection-reverse
  • follow-selected -> selection-follow
  • follow-hint -> hint-follow
  • enter-mode -> mode-enter
  • leave-mode -> mode-leave

Added

• New :screenshot command which can be used to screenshot the visible part of
  the page.
• New optional dependency on the importlib_metadata project on Python 3.7 and
  below. This is only relevant when PyQtWebEngine is installed via pip - thus,
  this dependency usually isn't relevant for packagers.
• New qute-keepassxc userscript integrating with the KeePassXC browser API.

Changed

• Initial support for QtWebEngine 5.15.3 and PyQt 5.15.3/.4
• The colors.webpage.prefers_color_scheme_dark setting got renamed to
  colors.webpage.preferred_color_scheme and now takes the values auto, light
  and dark (instead of being True for dark and False for auto).
  Note that the light value is only supported with Qt 5.15.2+, falling back to
  the same behavior as auto on older versions.
• On Linux, qutebrowser now tries harder to find details about the installed
  QtWebEngine version by inspecting the QtWebEngine binary. This should reduce
  issues with dark mode (and some workarounds) not working when using differing
  versions of QtWebEngine/PyQtWebEngine/Qt.
  This change also prepares qutebrowser for QtWebEngine 5.15.3, which will get
  released without an updated Qt.
• When PyQtWebEngine >= 5.15.3 is installed via pip (as is e.g. the case with
  mkvenv.py), qutebrowser now queries the associated metadata to find out the
  QtWebEngine version.
• When doing :hint links yank --rapid, the messages shown now replace each
  other, thus being less noisy.
• Newlines in JavaScript messages (confirm, prompt and alert) are now
  preserved.
• Messages in prompts are now word-wrapped rather than displaying them in one
  long line.
• If a command stats with space (e.g. : open ..., it's now not saved to
  command history anymore (similar to how some shells work).
• When a tab is pinned, running :open will now open a new tab instead of
  displaying an error.
• The fileselect.*.command settings now support file selectors writing the
  selected paths to stdout, which is used if no {} placeholder is contained in
  the configured command.
• The --debug-flag argument now understands a new log-sensitive-keys value
  which logs all keypresses (including those in insert/passthrough/prompt/...
  mode) for debugging.
• The readability and readability-js userscripts now add a
  qute-readability CSS class to the page, so that it can be styled easily via
  a user stylesheet.

Fixed

• With QtWebEngine 5.15.3 and some locales, Chromium can't start its
  subprocesses. As a result, qutebrowser only shows a blank page and logs
  "Network service crashed, restarting service.". This release adds a
  qt.workarounds.locale setting working around the issue. It is disabled by
  default since distributions shipping 5.15.3 will probably have a proper patch
  for it backported very soon.
• The colors.webpage.preferred_color_scheme and colors.webpage.darkmode.*
  settings now work correctly with QtWebEngine 5.15.3 (and Gentoo, which at the
  time of writing packages 5.15.3 disguised as 5.15.2).
• When dark mode settings were set, existing blink-features arguments in
  qt.args (or --qt-flag) were overridden. They are now combined properly.
• On QtWebEngine 5.15.2, auto detection for the prefers-color-scheme media
  query is broken and always returns no-preference, which was removed from the
  CSS WG Specification. This release contains a workaround to always return
  light instead (as per the spec).
• When an external file selector deletes the temporary file (like nnn does
  when quitting the terminal), qutebrowser would crash. It now displays an
  error instead. The same applies if the temporary file is unreadable for any
  other reason.
• On macOS, a change in v2.0.x caused certain shortcuts to not work with Cmd
  anymore, using Ctrl instead. They now work correctly using Cmd (like usual on
  macOS) again.
• On macOS, using F (hint all tab) sometimes would open a context menu
  instead of following a link. This is now fixed.
• The quirk added for a missing String.replaceAll did not handle special
  regexp characters correctly, thus breaking some sites. It now handles them
  properly.
• The "try again" button on error pages now works correctly with JavaScript
  disabled.
• If a GreaseMonkey script doesn't have a "@run-at" comment, qutebrowser
  accidentally treated that as "@run-at document-idle". However, other
  GreaseMonkey implementations default to "@run-at document-end" instead, which
  is what qutebrowser now does, too.
• The hist_importer.py script didn't work correctly after qutebrowser v2.0.0
  and resulted in a history database qutebrowser couldn't read properly. It now
  works properly again.
• With certain QtWebEngine versions (5.15.0 based on Chromium 80 and 5.15.3
  based on Chromium 87), Chromium's dark mode doesn't invert certain SVG images,
  even with colors.wegpage.darkmode.policy.images set to smart.
  Most notably, this causes formulae on Wikipedia to display black on (almost)
  black. If content.site_specific_quirks is enabled, qutebrowser now injects
  some CSS as a workaround, which inverts all math formula images on Wikipedia
  (and potentially other sites, if they use the same CSS class).
• When a hint label text started with an apostrophe, it would show an escaped
  text until the hints first character has been pressed. It now shows up
  correctly.

Fixed

• When right-clicking an empty part of the downloads bar, qutebrowser v2.0.x
  would crash. This is now fixed.
• Setting content.cookies.store to false only worked properly when this was
  done after qutebrowser was already started due to a regression in v2.0.0. It now
  works as expected again.
• If qutebrowser was installed as a Python egg with Python 3.8 or 3.9,
  requesting unavailable resource files (such as PDF.js not being bundled, or a
  missing changelog file) caused in a crash due to an inconsistent behavior in
  those versions of Python. This is now handled properly by qutebrowser.
• In v2.0.0, support for importing the sip dependency as sip rather than
  PyQt5.sip was dropped, since upstream claims it should be used as PyQt5.sip
  ever since PyQt 5.11. However, some distributions still package sip as a global
  sip package. Thus, support for a global sip package is now reintroduced.
• The changelog for v2.0.0 claimed that hints.leave_on_load was set to true
  by default. However, the input.insert_mode.leave_on_load setting was instead
  set to true accidentally. This is now fixed by actually setting
  hints.leave_on_load to true, and reversing the change to
  input.insert_mode.leave_on_load so it is set to false by default again.
• When the importlib_resources package is required but was missing, users
  would get a Python stacktrace rather than a proper error message. This is now
  fixed.
• Site-specific quirk JavaScript files were loaded lazily rather than preloaded
  at the start of qutebrowser, causing a crash when e.g. switching between
  versions while qutebrowser is open. Now they are preloaded at the start of
  qutebrowser again.
• The link to the keybinding cheatsheet on the internal :help page wasn't
  displayed correctly. This is now fixed.
• When the completion rebuilding process was interrupted, qutebrowser did not
  detect this condition on the next start, thus resulting in a completion with
  inconsistent data. This is now fixed, with another rebuild being forced with
  this update, to ensure the data is consistent for all users.
• In certain scenarios, qutebrowser v2.0.x warned about
  config.load_autoconfig(...) being missing when loading a secondary config
  (e.g. via config.source(...)). It now only shows those warnings for the main
  config.py file.
• The --enable-webengine-inspector flag is now accepted again, however it's
  unused and undocumented. It purely exists to make it possible to use :restart
  between pre-v2.0.x and v2.0.2+ versions.
• When hints.dictionary pointed to a file not encoded as UTF-8, this resulted
  in a crash (also in versions before v2.0.0). It now properly displays an error
  instead.
• When running qutebrowser with a single empty commandline argument, such as
  done by open_url_in_instance.sh, this would result in a partially initialized
  window. Interacting with that window results in a crash (also in versions before
  v2.0.0). Instead, the startpage is now shown properly.

Fixed

• If qutebrowser was installed as a Python egg (similar to a .zip file, via
  setup.py install under certain conditions), a change in v2.0.0 caused it to
  not start properly. This is now fixed.
• If qutebrowser was set up (or packaged) in an unclean environment, this could
  result in a stale qutebrowser/components/adblock.py file being picked up. That
  file is not part of the release anymore, but if an old version is still around,
  causes qutebrowser to crash. It's now explicitly blocked inside qutebrowser so
  it gets ignored even if it still exists.
• When the adblocking method was switched using :set, and the adblock
  dependency was unavailable when qutebrowser started (but was installed while
  qutebrowser was open), this resulted in a crash. Now a warning prompting for a
  restart of qutebrowser is shown instead.

Changed

• The format_json userscript now uses sh instead of bash again.
• The add-nextcloud-bookmarks, add-nextcloud-cookbook, readability and
  ripbang userscripts now use a python3 rather than plain python shebang.
• When QTWEBENGINE_CHROMIUM_FLAGS is set in the environment, this causes flag
  handling (including workarounds for QtWebEngine crashes) inside qutebrowser to
  break. This will be handled properly in a future version, but this release now
  shows a warning on standard output if this is the case.
• The config completion for fileselect.*.command now also includes the "nnn"
  terminal file manager.

Major changes

• If the Python adblock library is available, it is now used to integrate Brave's Rust adblocker library for improved adblocking based on ABP-like filter lists (such as EasyList).
  If it is unavailable, qutebrowser falls back to host-blocking, i.e. the same blocking technique it used before this release. As part of this, various settings got renamed, see "Changed" below.
  Note: If the adblock dependency is available, qutebrowser will ignore custom host blocking via the blocked-hosts config file or file:/// URLs supplied as host blocking lists. You will need to either migrate those to ABP-like lists, or set content.blocking.method to both.
• Various dependency upgrades - a quick checklist for packagers (see "Changed" below for details):
  • Ensure you're providing at least Python 3.6.1.
  • Ensure you're providing at least Qt 5.12 and PyQt 5.12.
  • Add a new optional dependency on the Python adblock library (if packaged - if not, consider packaging it, albeit optional it's very useful for users).
  • Remove the cssutils optional dependency (if present).
  • Remove the attrs (attr) dependency.
  • Remove the pypeg2 dependency (and perhaps consider dropping the package if not used elsewhere - it's inactive upstream and the repository was removed by Bitbucket).
  • Move the pygments dependency from required to optional.
  • Move the setuptools dependency from runtime (for pkg_resources) to build-time.
  • For Python 3.6, 3.7 or 3.8, add a dependency on the importlib_resources backport.
  • For Python 3.6 only, add a dependency on the dataclasses backport.
• Dropped support for old OS versions in binary releases:
  • Support for Windows 7 is dropped in the Windows binaries, the minimum required Windows version is now Windows 8.1.
  • Support for macOS 10.13 High Sierra is dropped in the macOS binaries, the minimum required macOS version is now macOS 10.14 Mojave.
• Various renamed settings and commands, see "Deprecated" and "Changed" below.

Removed

• The --enable-webengine-inspector flag (which was only needed for Qt 5.10 and below) is now dropped. With Qt 5.11 and newer, the inspector/devtools are enabled unconditionally.
• Support for moving qutebrowser data from versions before v1.0.0 has been removed.
• The --old flag for :config-diff has been removed. It used to show customized options for the old pre-v1.0 config files (in order to aid migration to v1.0).
• The :inspector command which was deprecated in v1.13.0 (in favor of :devtools) is now removed.

Deprecated

• Several commands have been renamed for consistency and/or easier grouping of related commands. Their old names are still available, but deprecated and will be removed in qutebrowser v2.1.0.
  • run-macro -> macro-run
  • record-macro -> macro-record
  • buffer -> tab-select
  • open-editor -> edit-text
  • toggle-selection -> selection-toggle
  • drop-selection -> selection-drop
  • reverse-selection -> selection-reverse
  • follow-selected -> selection-follow
  • follow-hint -> hint-follow
  • enter-mode -> mode-enter
  • leave-mode -> mode-leave

Added

• New settings for the ABP-based adblocker:
  • content.blocking.method to decide which blocker(s) should be used.
  • content.blocking.adblock.lists to configure ABP-like lists to use.
• New qt.environ setting which makes it easier to set/unset environment variables for qutebrowser.
• New settings to use an external file picker (such as ranger or vifm):
  • fileselect.handler (default or external)
  • fileselect.multiple_files.command
  • fileselect.single_file.command
• When QtWebEngine has been updated but PyQtWebEngine hasn't yet, the dark mode settings might stop working. As a (currently undocumented) escape hatch, this version adds a QUTE_DARKMODE_VARIANT=qt_515_2 environment variable which can be set to get the correct behavior in (transitive) situations like this.
• New --desktop-file-name commandline argument, which can be used to customize the desktop filename passed to Qt (which is used to set the app_id on Wayland).
• The :open completion now also completes local file paths and file:// URLs, via a new filesystem entry in completion.open_categories. Also, a new completion.favorite_paths setting was added which can be used to add paths to show when :open is used without any input.
• New QUTE_VERSION variable for userscripts, which can be used to read qutebrowser's version.
• New "Copy URL" entry in the context menu for downloads.
• New :bookmark-list command which lists all bookmarks/quickmarks. The corresponding qute://bookmarks URL already existed since v0.8.0, but it was never exposed as a command.
• New qt.workarounds.remove_service_workers setting which can be used to remove the "Service Workers" directory on every start. Usage of this option is generally discouraged, except in situations where the underlying QtWebEngine bug is a known cause for crashes.
• Changelogs are now shown after qutebrowser was upgraded. By default, the changelog is only shown after minor upgrades (feature releases) but not patch releases. This can be adjusted (or disabled entirely) via a new changelog_after_upgrade setting.
• New userscripts:
  • kodi to play videos in Kodi
  • qr to generate a QR code of the current URL
  • add-nextcloud-bookmarks to create bookmarks in Nextcloud's Bookmarks app
  • add-nextcloud-cookbook to add recipes to Nextcloud's Cookbook app

Changed

• config.py files now are required to have either config.load_autoconfig(False) (don't load autoconfig.yml) or config.load_autoconfig() (do load autoconfig.yml) in them.
• Various host-blocking settings have been renamed to accomodate the new ABP-like adblocker:
  • content.host_blocking.enabled -> content.blocking.enabled (controlling both blockers)
  • content.host_blocking.whitelist -> content.blocking.whitelist (controlling both blockers)
  • content.host_blocking.lists -> content.blocking.hosts.lists
• Changes to default settings:
  • tabs.background is now true by default, so that new tabs get opened in the background.
  • input.partial_timeout is now set to 0 by default, so that partially typed key strings are never cleared.
  • hints.leave_on_load is now false by default, so that hint mode doesn't get left when a page finishes loading. This can lead to stale hints persisting in rare circumstances, but is better than leaving hint mode when the user entered it before loading was completed.
  • The default for tabs.width (tab bar width if vertical) is now 15% of the window width rather than 20%.
  • The default bindings for moving tabs (tab-move - and tab-move +) were changed from gl and gr to gK and gJ, to be consistent with the tab switching bindings.
  • The text color for warning messages is now black instead of white, for increased contrast and thus readability.
  • The default timeout for messages is now raised from 2s to 3s.
• On the first start, the history completion database is regenerated to remove a few problematic entries (such as long qute://pdfjs URLs). This might take a couple of minutes, but is a one-time operation. This should result in a performance improvement for the completion for affected users.
• qutebrowser now shows an error if its history database version is newer than expected. This currently should never happen, but allows for potentially backwards-incompatible changes in future versions.
• At least Python 3.6.1 is now required to run qutebrowser, support for Python 3.5 (and 3.6.0) is dropped. Note that Python 3.5 is no longer supported upstream since September 2020.
• At least Qt/PyQt 5.12 is now required to run qutebrowser, support for 5.7 to 5.11 (inclusive) is dropped. While Debian Buster ships Qt 5.11, it's based on a Chromium version from 2018 with no Debian security support and unsupported upstream since May 2019.
  It also has compatibility issues with various websites (GitHub, Twitch, Android Developer documentation, YouTube, ...). Since no newer Debian Stable is released at the time of writing, it's recommended to
  install qutebrowser in a virtualenv with a newer version of Qt/PyQt.
• New optional dependency on the Python adblock library (see above for details).
• The (formerly optional) cssutils dependency is now removed. It was only needed for improved behavior in corner cases when using :download --mhtml with the (non-default) QtWebKit backend, and as such it's unlikely anyone is still relying on it. The cssutils project is also dead upstream, with its repository being gone after Bitbucket removed Mercurial support.
• The (formerly required) pygments dependency is now optional. It is only used when using :view-source with QtWebKit, or when forcing it via :view-source --pygments on QtWebEngine. If it is unavailable, an unhighlighted fallback version of the page's source is shown.
• The former runtime dependency on the pkg_resources module (part of the setuptools project) got dropped. Note that setuptools is still required to run setup.py.
• A new dependency on the importlib_resources module got introduced for Python versions up to and including 3.8. Note that the stdlib importlib.resources module for Python 3.7 and 3.8 is missing the needed APIs, thus requiring the backports for those versions as well.
• The former dependency on the attrs/attr package is now dropped in favour of dataclasses in the Python standard library. On Python 3.6, a new dependency on the dataclasses backport is now required.
• The former dependency on the pypeg2 package is now dropped. This might cause some changes for certain corner-cases for suggested filenames when downloading files with the QtWebKit backend.
• Windows and macOS releases now ship Python 3.9 rather than 3.7.
• The colors.webpage.darkmode.* settings are now also supported with older Qt versions (Qt 5.12 and 5.13) rather than just with Qt 5.14 and above.
• For regexes in the config (hints.{prev,next}_regexes), certain patterns which will change meanings in future Python versions are now disallowed. This is the case for character sets starting with a literal [ or containing literal character sequences --, &&, ~~, or ||. To avoid a warning, remove the duplicate characters or escape them with a backslash.
• If prompt(..., "default") is used via JS, the default text is now pre-selected in the prompt shown by qutebrowser.
• URLs such as ::1/foo are now handled as a search term or local file rather than IPv6. Use [::1]/foo to force parsing as IPv6 instead.
• The mkvenv.py script now runs a "smoke test" after setting up the virtual environment to ensure it's working as expected. If necessary, the test can be skipped via a new --skip-smoke-test flag.
• Both qutebrowser userscripts and Greasemonkey scripts are now additionally picked up from qutebrowser's config directory (the userscripts and greasemonkey subdirectories of e.g. ~/.config/qutebrowser/) rather than only the data directory (the same subdirectories of e.g. ~/.local/share/qutebrowser/).
• The :later command now understands a time specification like 5m or 1h5m2s, rather than just taking milliseconds.
• The importer.py script doesn't use a browser argument anymore; instead its --input-format switch can be used to configure the input format. The help also was expanded to explain how to use it properly.
• If tabs.tabs_are_windows is set, the tabs.last_close setting is now ignored and the window is always closed when using :close (d).
• With the (default) QtWebEngine backend, if a custom accept header is set via content.headers.custom, the custom value is now ignored for XHR (XMLHttpRequest) requests. Instead, the sent value is now */* or the header set from JavaScript, as it would be if content.headers.custom wasn't set.
• The :tab-select completion now shows the underlying renderer process PID if doing so is supported (on QtWebEngine 5.15).
• If tabs.favicons.show is set to never, favicons aren't unnecessarily downloaded anymore. Thus, disabling favicons can help with a possible fingerprinting vector.
• "Super" is now understood as a modifier (i.e. as alias to "Meta").
• Initial support for Python 3.10 (currently in Alpha stage).
• Various performance improvements, including for the startup time.

Fixed

• With interpolated color settings (colors.tabs.indicator.* and colors.downloads.*), the alpha channel is now handled correctly.
• Fixes to userscripts:
  • format_json now uses env in its shebang, making it work correctly on systems where bash isn't located in /bin.
  • qute-pass now handles the MIME output format introduced in gopass 1.10.0.
  • qute-lastpass now types multiple < or > characters correctly.
• The :undo completion now sorts its entries correctly (by the numerical index rather than lexicographically).
• The completion.web_history.ignore setting now works properly when set in config.py (rather than via :set). Additionally, a :config-source will not result in a history rebuild if the value wasn't actually changed.
• When downloading a data: URL, the suggested filename is now improved and contains a proper extension. Before this fix, qutebrowser would use the URL's data contents as filename with QtWebEngine; or "binary blob" with the Qt network stack.
• When :tab-only is run before a tab is available, an error is now shown instead of crashing.
• A couple of long URLs (such as qute://pdfjs URLs) are now not added to the history database anymore.
• A bug in QtWebEngine 5.15.2 causes "renderer process killed" errors on websites like LinkedIn and TradingView. There is now a workaround in qutebrowser to prevent this from happening.
• Nextcloud Calendars started using String.replaceAll which was only added to Chromium recently (Chrome 85), so won't work with current QtWebEngine versions. This release includes a workaround (a polyfill as a site-specific-quirk).

Added

• With v1.14.0, qutebrowser configures the main window to be transparent, so
  that it's possible to configure a translucent tab- or statusbar. However, that
  change introduced various issues, such as performance degradation on some
  systems or breaking dmenu window embedding with its -w option. To avoid those
  issues for people who are not using transparency, the default behavior is
  reverted to versions before v1.14.0 in this release. A new window.transparent
  setting can be set to true to restore the behavior of v1.14.0.

Changed

• Windows and macOS releases now ship Qt 5.15.2, which is based on
  Chromium 83.0.4103.122 with security fixes up to 86.0.4240.183. This includes
  CVE-2020-15999 in the bundled freetype library, which is known to be exploited
  in the wild. It also includes various other bugfixes/features compared to
  Qt 5.15.0 included in qutebrowser v1.14.0, such as:
  • Correct handling of AltGr on Windows
  • Fix for content.cookies.accept not working properly
  • Fixes for screen sharing (some websites are still broken until an upcoming Qt
    5.15.3)
  • Support for FIDO U2F / WebAuth
  • Fix for the unwanted creation of directories such as databases-incognito in
    the home directory
  • Proper autocompletion in the devtools console
  • Proper signalisation of a tab's audible status ([A])
  • Fix for a hang when opening the context menu on macOS Big Sur (11.0)
  • Hardware accelerated graphics on macOS

Fixed

• Setting the content.headers.referer setting to same-domain (the default)
  was supposed to truncate referers to only the host with QtWebEngine.
  Unfortunately, this functionality broke in Qt 5.14. It works properly again
  with this release, including a test so this won't happen again.
• With QtWebEngine 5.15, setting the content.headers.referer setting to
  never did still send referers. This is now fixed as well.
• In v1.14.0, a regression was introduced, causing a crash when qutebrowser was
  closed after opening a download with PDF.js. This is now fixed.
• With Qt 5.12, the Object.fromEntries JavaScript API is unavailable (it was
  introduced in Chromium 73, while Qt 5.12 is based on 69). This caused
  https://www.vr.fi/en and possibly other websites to break when accessed with Qt
  5.12. A suitable polyfill is now included with qutebrowser if
  content.site_specific_quirks is enabled (which is the default).
• While XDG startup notifications (e.g. launch feedback via the bouncy cursor
  in KDE Plasma) were supported ever since Qt 5.1, qutebrowser's desktop file
  accidentally declared that it wasn't supported. This is now fixed.
• The dmenu_qutebrowser and qutedmenu userscripts now correctly read the
  qutebrowser sqlite history which has been in use since v1.0.0.
• With Python 3.8+ and vertical tabs, a deprecation warning for an implicit int
  conversion was shown. This is now fixed.
• Ever since Qt 5.11, fetching more completion data when that data is loaded
  lazily (such as with history) and the last visible item is selected was broken.
  The exact reason is currently unknown, but this release adds a tenative fix.
• When PgUp/PgDown were used to go beyond the last visible item, the above issue
  caused a crash, which is now also fixed.
• As a workaround for an overzealous Microsoft Defender false-positive detecting
  a "trojan" in the (unprocessed) adblock list, :adblock-update now doesn't
  cache the HTTP response anymore.
• With the QtWebKit backend and content.headers set to same-domain (the
  default), origins with the same domain but different schemes or ports were
  treated as the same domain. They now are correctly treated as different domains.
• When a URL path uses percent escapes (such as
  https://example.com/embedded%2Fpath), using :navigate up would treat the
  %2F as a path separator and replace any remaining percent escapes by their
  unescaped equivalents. Those are now handled correctly.
• On macOS 11.0 (Big Sur), the default monospace font name caused a parsing error, thus
  resulting in broken styling for the completion, hints, and other UI components.
  They now look properly again.
• Due to a Qt bug, installing Qt/PyQt from prebuilt binaries on systems with a
  very old libxcb-utils version (notably, Debian Stable, but not Ubuntu since
  16.04 LTS) results in a setup which fails to start. This also affects the
  mkvenv.py script, which now includes a workaround for this case.
• The open_url_instance.sh userscript now complains when socat is not
  installed, rather than silencing the error.
• The example AppArmor profile in misc/ was outdated and written for the
  older QtWebKit backend. It is now updated to serve as an useful starting
  point with QtWebEngine.
• When running :devtools on Fedora without the needed (optional) dependency
  installed, it was suggested to install qt5-webengine-devtools, which does
  not, in fact, exist. It's now correctly suggested to install
  qt5-qtwebengine-devtools instead.
• With Qt 5.15.2, lines/borders coming from the readability-js userscript
  were invisible. This is now fixed by changing the border color to grey (with all
  Qt versions).
• Due to changes in the underlying Chromium, the
  colors.webpage.prefers_color_scheme_dark setting broke with Qt 5.15.2. It now
  works properly again.
• A bug in the pkg_resources module used by qutebrowser caused deprecation
  warnings to appear on start with Python 3.9 on some setups. Those are now
  hidden.
• Minor performance improvements.
• Fix for various functionality breaking in private windows with v1.14.0,
  after the last private window is closed. This includes:
  • Ad blocking
  • Downloads
  • Site-specific quirks (e.g. for Google login)
  • Certain settings such as content.javascript.enabled

Note: The QtWebEngine version bundled with the Windows/macOS releases is still based on Qt 5.15.0 (like with qutebrowser v1.12.0 and
v1.13.0) rather than Qt 5.15.1 because of a Qt bug causing frequent renderer process crashes. When Qt 5.15.2 is released (planned for November 3rd, 2020), a qutebrowser v1.14.x patch release with an updated QtWebEngine will be released.

Furthermore, this release still only contains partial session support for QtWebEngine 5.15. It's still recommended to run against Qt 5.15 due to the security patches contained in it -- for most users, the added workarounds seem to work out fine. A rewritten session support will be part of qutebrowser v2.0.0, tentatively planned for the end of the year or early 2021.

Changed

• The content.media_capture setting got split up into three more fine-grained
  settings, content.media.audio_capture, .video_capture and
  .audio_video_capture. Before this change, answering "always" to a prompt
  about e.g. audio capturing would set the content.media_capture setting,
  which would also allow the same website to capture video on a future visit.
  Now every prompt will set the appropriate setting, though existing
  content.media_capture settings in autoconfig.yml will be migrated to set
  all three settings. To review/change previously granted permissions, use
  :config-diff and e.g.
  :config-unset -u example.org content.media.video_capture.
• The main window's (invisible) background color is now set to transparent.
  This allows using the alpha channel in statusbar/tabbar colors to get a
  partially transparent qutebrowser window on a setup which supports doing so.
• If QtWebEngine is compiled with PipeWire support and libpipewire is
  installed, qutebrowser will now support screen sharing on Wayland. Note that
  QtWebEngine 5.15.1 is needed.
• When :undo is used with a count, it now reopens the count-th to last tab
  instead of the last one. The depth can instead be passed as an argument,
  which is also completed.
• The default completion.timestamp_format now also shows the time.
• :back and :forward now take an optional index which is completed using
  the current tab's history.
• The time a website in a tab was visited is now saved/restored in sessions.
• When attempting to download a file to a location for which there's already a
  still-running download, a confirmation prompt is now displayed.
• :completion-item-focus now understands next-page and prev-page with
  corresponding <PgDown> / <PgUp> default bindings.
• When the last private window is closed, all private browsing data is now cleared.
• When config.source(...) is used with a --config-py argument given,
  qutebrowser used to search relative files in the config basedir, leading to them
  not being found when using a shared config.py for different basedirs. Instead,
  they are now searched relative to the given config.py file.
• navigate prev ([[) and navigate next (]]) now recognize links with
  nav-prev and nav-next classes, such as those used by the Hugo static site
  generator.
• When tabs.favicons is disabled but tabs.tabs_are_windows is set, the
  window icon is still set to the page's favicon now.
• The --asciidoc argument to src2asciidoc.py and build_release.py now
  only takes the path to asciidoc.py, using the current Python interpreter by
  default. To configure the Python interpreter as well, use
  --asciidoc-python path/to/python --asciidoc path/to/asciidoc.py
  instead of the former
  --asciidoc path/to/python path/to/asciidoc.py.
• Dark mode (colors.webpage.darkmode.*) is now supported with Qt 5.15.2 (which
  is not released yet).
• The default for the darkmode policy.images setting is now set to smart
  which fixes issues with e.g. formulas on Wikipedia.
• The readability-js userscript now adds some CSS to improve the reader mode
  styling in various scenarios:
  • Images are now shrinked to the page width, similarly to what Firefox' reader
    mode does.
  • Some images ore now displayed as block (rather than inline) which is what
    Firefox' reader mode does as well.
  • Blockquotes are now styled more distinctively, again based on the Firefox
    reader mode.
  • Code blocks are now easier to distinguish from text and tables have visible
    cell margins.
• The readability-js userscript now supports hint userscript mode.

Added

• New argument strip for :navigate which removes queries and
  fragments from the current URL.
• :undo now has a new -w / --window argument, which can be used to
  restore closed windows (rather than tabs). This is bound to U by default.
• :jseval can now take javascript:... URLs via a new --url flag.
• New replacement {aligned_index} for tabs.title.format and format_pinned
  which behaves like {index}, but space-pads the index based on the total
  numbers of tabs. This can be used to get aligned tab texts with vertical
  tabs.
• New command :devtools-focus (bound to wIf) to toggle keyboard focus
  between the devtools and web page.
• The --target argument to qutebrowser now understands a new private-window
  value, which can be used to open a private window in an existing instance
  from the commandline.
• The :download-open command now has a new --dir flag, which can be used to
  open the directory containing the downloaded file. An entry to do the same
  was also added to the context menu.
• Messages are now wrapped when they are too long to be displayed on a single line.
• New possible --debug-flag values:
  • wait-renderer-process waits for a SIGUSR1 in the renderer process so a
    debugger can be attached.
  • avoid-chromium-init allows using --version without needing a working
    QtWebEngine/Chromium.

Fixed

• A URL pattern with a *. host was considered valid and matched all hosts.
  Due to keybindings like tsH toggling scripts for *://*.{url:host}/*,
  invoking them on pages without a host (e.g. about:blank) could result in
  accidentally allowing/blocking JavaScript for all pages. Such patterns are
  now considered invalid, with existing patterns being automatically removed
  from autoconfig.yml.
• When scrolling.bar was set to overlay (the default), qutebrowser would
  internally override any enable-features=... flags passed via qt.args or
  --qt-flag. It now correctly combines existing enable-feature flags with
  internal ones.
• Elements with an inherited contenteditable attribute now trigger insert
  mode and get hints assigned correctly.
• When checkmarks, radio buttons and some other elements are styled via the
  Bootstrap CSS framework, they now get hints correctly.
• When the session file isn't writable when qutebrowser exits, an error is now
  logged instead of crashing.
• When using -m with the qute-lastpass userscript, it accidentally matched
  URLs containing the match as substring. This is now fixed.
• When a filename is derived from a page's title, it's now shortened to the
  maximum filename length permitted by the filesystem.
• :enter-mode register crashed since v1.13.0, it now displays an error
  instead.
• With the QtWebKit backend, webpage resources loading certain invalid URLs
  could cause a crash, which is now fixed.
• When :config-edit is used but no config.py exists yet, the file is now
  created (and watched for changes properly) before spawning the external
  editor.
• When hint mode was entered from outside normal mode, the status bar was empty
  instead of displaying the proper text. This is now fixed.
• When entering different modes too quickly (e.g. pressing fV), the statusbar
  could end up in a confusing state. This is now fixed.
• When qutebrowser quits, running downloads are now cancelled properly.
• The site-specific quirk for web.whatsapp.com has been updated to work after recent
  changes in WhatsApp.
• Highlighting in the completion now works properly when UTF-16 surrogate pairs (such as
  emoji) are involved.
• When a windowed inspector is clicked, insert mode now isn't entered anymore.
• When :undo is used to re-open a tab, but tabs.tabs_are_windows was set between
  closing and undoing the close, qutebrowser crashed. This is now fixed.
• With QtWebEngine 5.15.0, setting the darkmode image policy to smart leads to
  renderer process crashes. The offending setting value is now ignored with a
  warning.
• Fixes for the qute-pass userscript:
  • With newer gopass versions, a deprecation notice was copied as
    password due to qute-pass using it in a deprecated way.
  • The --password-store argument didn't actually set
    PASSWORD_STORE_DIR for pass, resulting in qute-pass finding matches but the
    underlying pass not finding matching passwords.

Fixed

• With Qt 5.14, shared workers are now disabled. This works around a crash in
  QtWebEngine on certain sites (like the Epic Games Store or the Unreal Engine
  page).
• When a window is closed, the tab it contains are now correctly shut down
  (closing e.g. any dialogs which are still open for those tabs).
• The Qt 5.15 session workaround now loads the correct (rather than the last)
  page when :back was used before saving a session.
• In certain situations on Windows, qutebrowser fails to find the username of
  the user launching qutebrowser (most likely due to a bug in the application
  launching it). When this happens, an error is now displayed instead of
  crashing.
• Certain autoconfig.yml with an invalid structure could lead to crashes,
  which are now fixed.
• Generating docs with asciidoc2html.py (e.g. via mkvenv.py) now works
  correctly without Pygments being installed system-wide.
• Ever since Qt 5.9, when input.mouse.rocker_gestures was enabled, the
  context menu still was shown when clicking the right mouse button, thus
  preventing the rocker gestures. This is now fixed.
• Clicking the inspector switched from existing modes (such as passthrough) to
  normal mode since v1.13.0. Now insert mode is only entered when the inspector
  is clicked in normal mode.
• Pulseaudio now shows qutebrowser's audio streams as qutebrowser correctly,
  rather than showing them as Chromium with some Qt versions.
• If :help was called with a deprecated command (e.g. :help :inspector),
  the help page would show despite deprecated commands not being documented.
  This now shows an error instead.
• The qute-lastpass userscript now filters out duplicate entries with
  --merge-candidates.