A keyboard-driven, vim-like browser based on Python and Qt.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
Check the changelog for changes in this release.
NOTE: This release is a source-only release, to fix a recent issue with changed sqlite options on FreeBSD. For Windows/macOS binary releases (and any environment where sqlite accepts double-quoted string literals), this release is equivalent to v2.5.3, thus no new binaries were uploaded here.
array_at
quirk, polyfilling the Array.at
method, which is needed by various websites, but only natively available with Qt 6.2.:config-{dict,list}-*
commands with an
invalid value. Before the fix, using the same command again would complain that
the value was already present, despite the error and the value not being
actually changed.config.py
and setting
an invalid value. Before the fix, this would result in either a message in the
terminal rather than GUI (startup), or in a crash (:config-source
).:config-{dict,list}-*
commands with a config
option with non-string values. The only affected option is bindings.commands
,
which is probably rarely used with those commands.readability
userscript now correctly passes the source URL to
Breadability, to make relative links work.dictcli.py
to use the main
branch, fixing a 404 error.install
and stacktrace
help pages are now included in the docs
shipped with qutebrowser when using the recommended packaging workflow./<h1>
). With this release, this is fixed for search
messages, while the 3.0.0 release will change the default for all messages to be
plain-text. Note this is NOT a security issue, as only a small subset of HTML
is interpreted as rich text by Qt, independently from the website.content.default_encoding
setting
was not applied on start properly (only when it was changed afterwards). This
is now fixed.qute-pass
userscript is marked as executable again.content.proxy
setting can now correctly be set to arbitrary values via
the qute://settings
page again.Content-Disposition
headers.tiramisu
notification server (due to invalid behavior of the server, now a non-fatal error)budgie
notification server when closing a notification (due to invalid behavior of the server, now worked around)herbe
notification presenter, when the website tries to close
the notification after the user accepting (right-clicking) it.qute-bitwarden
userscript now correctly searches for entries for
sites on a subdomain of an unrecognized TLD. subdomain names. Previously
my.site.local
would have searched in bitwarden for my.sitelocal
,
losing the rightmost dot.:rl-unix-word-rubout
command (<Ctrl-W>
in command/prompt modes) has
been deprecated. Use :rl-rubout " "
instead.:rl-unix-filename-rubout
command has been deprecated. Use either
:rl-rubout "/ "
(classic readline behavior) or :rl-filename-rubout
(using
OS path separator and ignoring spaces) instead.:tab-move
command now takes start
and end
as index
to move a tab
to the first/last position.QUTE_BDD_WEBENGINE
environment variable and
--qute-bdd-webengine
argument got replaced by QUTE_TESTS_BACKEND
and
--qute-backend
respectively, which can be set to either webengine
or
webkit
.:tab-give
or :tab-take
on the last tab in a window now always
closes that window, no matter what tabs.last_close
is set to.qute://settings
(:set
) page with buttons for options with
fixed values.hint.selectors
now match more ARIA roles (tab
, checkbox
,
menuitem
, menuitemcheckbox
and menuitemradio
).:bind --mode=passthrough
now scrolls to the passthrough section
on the qute://bindings
page.qute-bitwarden
understands a new --password-prompt-invocation
, which can
be used to specify a tool other than rofi
to ask for a password.cast
now uses yt-dlp
if available (falling back to youtube-dl
if not).
It also lets users override the tool to use via a QUTE_CAST_YTDL_PROGRAM
environment variable.qute-pass
now understands a new --prefix
argument if used in gopass
mode, which gets passed as subfolder prefix to gopass
.open_download
now supports Flatpak by using its XDG Desktop Portal.open_download
now waits for the exit status of xdg-open
, causing
qutebrowser to report any issues with it.content.headers.custom
setting now accepts empty strings as values,
resulting in an empty header being sent.qt.low_end_device_mode
-> qt.chromium.low_end_device_mode
qt.process_model
-> qt.chromium.process_model
/app/share
rather than /usr/share
)...
entry in the list of files anymore.
To get back to the parent directory, either type ../
manually, or use the new
:rl-filename-rubout
command, bound to <Ctrl-Shift-W>
by default.input.match_counts
option which allows to turn off count matching for
more emacs-like bindings.{relative_index}
field for tabs.title.format
(and .pinned_format
)
which shows relative tab numbers.input.mode_override
option which allows overriding the current mode
based on the new URL when navigating or switching tabs.qt.chromium.sandboxing
setting which allows to disable Chromium's
sandboxing (mainly intended for development and testing).QUTE_TAB_INDEX
variable for userscripts, containing the index of the
current tab.editor.remove_file
setting which can be set to False
to keep all
temporary editor files after closing the external editor.:rl-rubout
command replacing :rl-unix-word-rubout
(and optionally
:rl-unix-filename-rubout
), taking a delimiter as argument.:rl-filename-rubout
command, using the OS path separator and ignoring
spaces. The command also gets shown in the suggested commands for a download
filename prompt now.search.incremental
is disabled, searching using /text
followed by a
backwards search via ?text
(or vice-versa) now correctly changes the search
direction.tabindex
now are skipped if it's set to
-1
, reducing some false-positives.[A]
) now uses a 2s cooldown when the audio goes
silent, equivalent with the behavior of older QtWebEngine versions.confirm_quit
set to downloads
, the confirmation dialog is now only
shown when closing the last window (rather than closing any window, which
would continue running that window's downloads). Unfortunately, more issues
with confirm_quit
and multiple windows remain.<Ctrl-D>
(:completion-item-del
) in the :tab-focus
list, rather than :tab-select
.:spawn
to run executables from the current
directory if no system-wide executable was found. The underlying Qt bug is
tracked as CVE-2022-25255,
though the impact with typical qutebrowser usage is low: Normally,
qutebrowser is run from a fixed location (usually the users home directory),
and :spawn
is not typically used with executables that don't exist. The main
security impact of this bug is in tools like text editors, which are often
executed in untrusted directories and might attempt to run auxiliary tools
automatically.:rl-rubout
or :rl-filename-rubout
(formerly :rl-unix-word-rubout
and :rl-unix-filename-rubout
) were used on a string not starting with the
given delimiter, they failed to delete the first character, which is now fixed.ripbang
now works again (it got blocked due to a missing user agent and
used outdated qutebrowser commands before)keepassxc
now has a properly working --insecure
flag:screenshot
with an invalid --rect
argument.content.blocking.hosts.block_subdomains
setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.downloads.prevent_mixed_content
setting to prevent insecure mixed-content downloads (true by default).--private
flag for :tab-clone
, which clones a tab into a new private window, mirroring the same flags for :open
and :tab-give
.tabs.mousewheel_switching
to false if you prefer the previous behavior.