A keyboard-driven, vim-like browser based on Python and Qt.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
NOTE: This release is a source-only release, to fix a recent issue with changed sqlite options on FreeBSD. For Windows/macOS binary releases (and any environment where sqlite accepts double-quoted string literals), this release is equivalent to v2.5.3, thus no new binaries were uploaded here.
array_at quirk, polyfilling the Array.at method, which is needed by various websites, but only natively available with Qt 6.2.:config-{dict,list}-* commands with an
invalid value. Before the fix, using the same command again would complain that
the value was already present, despite the error and the value not being
actually changed.config.py and setting
an invalid value. Before the fix, this would result in either a message in the
terminal rather than GUI (startup), or in a crash (:config-source).:config-{dict,list}-* commands with a config
option with non-string values. The only affected option is bindings.commands,
which is probably rarely used with those commands.readability userscript now correctly passes the source URL to
Breadability, to make relative links work.dictcli.py to use the main branch, fixing a 404 error.install and stacktrace help pages are now included in the docs
shipped with qutebrowser when using the recommended packaging workflow./<h1>). With this release, this is fixed for search
messages, while the 3.0.0 release will change the default for all messages to be
plain-text. Note this is NOT a security issue, as only a small subset of HTML
is interpreted as rich text by Qt, independently from the website.content.default_encoding setting
was not applied on start properly (only when it was changed afterwards). This
is now fixed.qute-pass userscript is marked as executable again.content.proxy setting can now correctly be set to arbitrary values via
the qute://settings page again.Content-Disposition headers.tiramisu notification server (due to invalid behavior of the server, now a non-fatal error)budgie notification server when closing a notification (due to invalid behavior of the server, now worked around)herbe notification presenter, when the website tries to close
the notification after the user accepting (right-clicking) it.qute-bitwarden userscript now correctly searches for entries for
sites on a subdomain of an unrecognized TLD. subdomain names. Previously
my.site.local would have searched in bitwarden for my.sitelocal,
losing the rightmost dot.:rl-unix-word-rubout command (<Ctrl-W> in command/prompt modes) has
been deprecated. Use :rl-rubout " " instead.:rl-unix-filename-rubout command has been deprecated. Use either
:rl-rubout "/ " (classic readline behavior) or :rl-filename-rubout (using
OS path separator and ignoring spaces) instead.:tab-move command now takes start and end as index to move a tab
to the first/last position.QUTE_BDD_WEBENGINE environment variable and
--qute-bdd-webengine argument got replaced by QUTE_TESTS_BACKEND and
--qute-backend respectively, which can be set to either webengine or
webkit.:tab-give or :tab-take on the last tab in a window now always
closes that window, no matter what tabs.last_close is set to.qute://settings (:set) page with buttons for options with
fixed values.hint.selectors now match more ARIA roles (tab, checkbox,
menuitem, menuitemcheckbox and menuitemradio).:bind --mode=passthrough now scrolls to the passthrough section
on the qute://bindings page.qute-bitwarden understands a new --password-prompt-invocation, which can
be used to specify a tool other than rofi to ask for a password.cast now uses yt-dlp if available (falling back to youtube-dl if not).
It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM
environment variable.qute-pass now understands a new --prefix argument if used in gopass
mode, which gets passed as subfolder prefix to gopass.open_download now supports Flatpak by using its XDG Desktop Portal.open_download now waits for the exit status of xdg-open, causing
qutebrowser to report any issues with it.content.headers.custom setting now accepts empty strings as values,
resulting in an empty header being sent.qt.low_end_device_mode -> qt.chromium.low_end_device_mode
qt.process_model -> qt.chromium.process_model
/app/share rather than /usr/share)... entry in the list of files anymore.
To get back to the parent directory, either type ../ manually, or use the new
:rl-filename-rubout command, bound to <Ctrl-Shift-W> by default.input.match_counts option which allows to turn off count matching for
more emacs-like bindings.{relative_index} field for tabs.title.format (and .pinned_format)
which shows relative tab numbers.input.mode_override option which allows overriding the current mode
based on the new URL when navigating or switching tabs.qt.chromium.sandboxing setting which allows to disable Chromium's
sandboxing (mainly intended for development and testing).QUTE_TAB_INDEX variable for userscripts, containing the index of the
current tab.editor.remove_file setting which can be set to False to keep all
temporary editor files after closing the external editor.:rl-rubout command replacing :rl-unix-word-rubout (and optionally
:rl-unix-filename-rubout), taking a delimiter as argument.:rl-filename-rubout command, using the OS path separator and ignoring
spaces. The command also gets shown in the suggested commands for a download
filename prompt now.search.incremental is disabled, searching using /text followed by a
backwards search via ?text (or vice-versa) now correctly changes the search
direction.tabindex now are skipped if it's set to
-1, reducing some false-positives.[A]) now uses a 2s cooldown when the audio goes
silent, equivalent with the behavior of older QtWebEngine versions.confirm_quit set to downloads, the confirmation dialog is now only
shown when closing the last window (rather than closing any window, which
would continue running that window's downloads). Unfortunately, more issues
with confirm_quit and multiple windows remain.<Ctrl-D> (:completion-item-del) in the :tab-focus
list, rather than :tab-select.:spawn to run executables from the current
directory if no system-wide executable was found. The underlying Qt bug is
tracked as CVE-2022-25255,
though the impact with typical qutebrowser usage is low: Normally,
qutebrowser is run from a fixed location (usually the users home directory),
and :spawn is not typically used with executables that don't exist. The main
security impact of this bug is in tools like text editors, which are often
executed in untrusted directories and might attempt to run auxiliary tools
automatically.:rl-rubout or :rl-filename-rubout (formerly :rl-unix-word-rubout
and :rl-unix-filename-rubout) were used on a string not starting with the
given delimiter, they failed to delete the first character, which is now fixed.ripbang now works again (it got blocked due to a missing user agent and
used outdated qutebrowser commands before)keepassxc now has a properly working --insecure flag:screenshot with an invalid --rect argument.content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).--private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.tabs.mousewheel_switching to false if you prefer the previous behavior.