2025.01.24.1 **FYI:** Users who **manually** installed Phoenix on **macOS** or **GNU/Linux** who used the **`sudo mv`** commands from the `README` are highly recommended to reinstall Phoenix with the [updated steps](https://codeberg.org/celenity/Phoenix#manual-installation), [due to potential security issues](https://codeberg.org/celenity/Phoenix/issues/48). Thank you to [doomedguppy](https://codeberg.org/doomedguppy) for discovering & reporting this issue, and thank you to [Seyed Mohamad Amin Modaresi](https://codeberg.org/gnu1) for the prompt response and fix. ____ * Regardless of Firefox's DoH mode, we now always warn before falling back to the system's native DNS by default. - `network.trr.display_fallback_warning` & `network.trr_ui.show_fallback_warning_option` -> `true` * Disabled Firefox's [nonfunctional](https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.html), [legacy Safe Browsing API](https://code.google.com/archive/p/google-safe-browsing/wikis/Protocolv2Spec.wiki) to ensure it's never used and for defense in depth. It's also now explicitly labeled in the case it is ever used for whatever reason. - `browser.safebrowsing.provider.google.advisoryName` -> `Google Safe Browsing (Legacy)`, `browser.safebrowsing.provider.google.gethashURL` & `browser.safebrowsing.provider.google.updateURL` -> ` ` * Explicitly enabled Firefox's native collector for sessionstore, as the old implementation is incompatible with per-site process isolation *([Fission](https://wiki.mozilla.org/Project_Fission))*. - `browser.sessionstore.disable_platform_collection` -> `false` * Added additional prefs to ensure Firefox's Cookie Banner Blocking is properly enabled and fully functional. - `cookiebanners.cookieInjector.enabled` & `cookiebanners.service.enableGlobalRules.subFrames` -> `true` * Explicitly disabled [EDNS Client Subnet (ECS)](https://wikipedia.org/wiki/EDNS_Client_Subnet) by default to prevent leaking general location data to authoritative DNS servers. - `network.trr.disable-ECS` -> `true` * Sending headers for DoH requests are now explicitly disabled. - `network.trr.send_accept-language_headers` & `network.trr.send_user-agent_headers` -> `false`, `network.trr.send_empty_accept-encoding_headers` -> `true` ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.22.2...2025.01.24.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.22.2...2025.01.24.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.22.2...2025.01.24.1) for more details. ___ :)