Skip to content

0.30.0
Compare
Choose a tag to compare
@whimboo whimboo released this 16 Sep 13:03
· 11 commits to release since this release
v0.30.0
d06ed1b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

0.30.0 (2021-09-16, d372710b98a6)

Security Fixes

  • CVE-2021-4138

    Fixed a DNS rebinding issues by enforcing a stricter Host header check.

    Reported by Gabriel Corona.

    • Improved Host header checks to reject requests not sent to a well-known
      local hostname or IP, or the server-specified hostname..

Known problems

  • geckodriver restricts connections to local IP addresses. This can interfere
    with deployments in which geckodriver is running on a different network node
    to the tests e.g. some container or virtual-machine based setups.

  • macOS 10.15 (Catalina) and later:

    Due to the requirement from Apple that all programs must be
    notarized, geckodriver will not work on Catalina if you manually
    download it through another notarized program, such as Firefox.

    Whilst we are working on a repackaging fix for this problem, you can
    find more details on how to work around this issue in the macOS
    notarization     section of the documentation.

  • Android:

    For releases of Firefox 89.0 and earlier Marionette will only be enabled in
    GeckoView based applications when the Firefox preference
    devtools.debugger.remote-enabled is set to true via
    moz:firefoxOptions.

Added

  • Support for WebDriver clients to opt in to WebDriver BiDi.

    Introduced the new boolean capability webSocketUrl that can be used by
    WebDriver clients to opt in to a bidirectional connection. A string capability
    with the same name will be returned by NewSession, which contains the
    WebSocket URL of the newly created WebDriver session in the form of:
    ws://host:port/session/<session id>.

    When running on Android a port forward will be set on the host machine,
    which is using the exact same port as on the device.

    All the supported WebDriver BiDi commands depend on the version of
    Firefox, and not geckodriver. The first commands will be shipped in
    Firefox 94.

  • It's now possible to set additional preferences when a custom profile has been
    specified. At the end of the session they will be removed.

Fixed

  • Added validation that the --host argument resolves to a local IP address.

  • Limit the --foreground argument of Firefox to MacOS only.

  • Increased Marionette handshake timeout to not fail for slow connections.

  • Marionette:Quit is no longer sent twice during session deletion.

  • When deleting a session that was attached to an already running browser
    instance, the browser is not getting closed anymore.

  • Android

    • Starting Firefox on Android from a Windows based host will now succeed as
      we are using the correct Unix path separator to construct on-device paths.

    • Arguments as specified in moz:firefoxOptions are now used when starting Firefox.

    • Port forwards set for Marionette and the WebSocket server (WebDriver BiDi)
      are now correctly removed when geckodriver exits.

    • The test root folder is now removed when geckodriver exists.

Assets 10