Update changelog from master

1 files changed, 104 insertions, 2 deletions

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index 158dd8ff1..53c6e936f 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -15,6 +15,108 @@ breaking changes (such as renamed commands) can happen in minor releases.
 // `Fixed` for any bug fixes.
 // `Security` to invite users to upgrade in case of vulnerabilities.
 
+v1.14.1 (unreleased)
+--------------------
+
+Added
+~~~~~
+
+- With v1.14.0, qutebrowser configures the main window to be transparent, so
+  that it's possible to configure a translucent tab- or statusbar. However, that
+  change introduced various issues, such as performance degradation on some
+  systems or breaking dmenu window embedding with its `-w` option. To avoid those
+  issues for people who are not using transparency, the default behavior is
+  reverted to versions before v1.14.0 in this release. A new `window.transparent`
+  setting can be set to `true` to restore the behavior of v1.14.0.
+
+Changed
+~~~~~~~
+
+- Windows and macOS releases now ship Qt 5.15.2, which is based on
+  Chromium 83.0.4103.122 with security fixes up to 86.0.4240.183. This includes
+  CVE-2020-15999 in the bundled freetype library, which is known to be exploited
+  in the wild. It also includes various other bugfixes/features compared to
+  Qt 5.15.0 included in qutebrowser v1.14.0, such as:
+    * Correct handling of AltGr on Windows
+    * Fix for `content.cookies.accept` not working properly
+    * Fixes for screen sharing (some websites are still broken until an upcoming Qt
+      5.15.3)
+    * Support for FIDO U2F / WebAuth
+    * Fix for the unwanted creation of directories such as `databases-incognito` in
+      the home directory
+    * Proper autocompletion in the devtools console
+    * Proper signalisation of a tab's audible status (`[A]`)
+    * Fix for a hang when opening the context menu on macOS Big Sur (11.0)
+    * Hardware accelerated graphics on macOS
+
+Fixed
+~~~~~
+
+- Setting the `content.headers.referer` setting to `same-domain` (the default)
+  was supposed to truncate referers to only the host with QtWebEngine.
+  Unfortunately, this functionality broke in Qt 5.14. It works properly again
+  with this release, including a test so this won't happen again.
+- With QtWebEngine 5.15, setting the `content.headers.referer` setting to
+  `never` did still send referers. This is now fixed as well.
+- In v1.14.0, a regression was introduced, causing a crash when qutebrowser was
+  closed after opening a download with PDF.js. This is now fixed.
+- With Qt 5.12, the `Object.fromEntries` JavaScript API is unavailable (it was
+  introduced in Chromium 73, while Qt 5.12 is based on 69). This caused
+  https://www.vr.fi/en and possibly other websites to break when accessed with Qt
+  5.12. A suitable polyfill is now included with qutebrowser if
+  `content.site_specific_quirks` is enabled (which is the default).
+- While XDG startup notifications (e.g. launch feedback via the bouncy cursor
+  in KDE Plasma) were supported ever since Qt 5.1, qutebrowser's desktop file
+  accidentally declared that it wasn't supported. This is now fixed.
+- The `dmenu_qutebrowser` and `qutedmenu` userscripts now correctly read the
+  qutebrowser sqlite history which has been in use since v1.0.0.
+- With Python 3.8+ and vertical tabs, a deprecation warning for an implicit int
+  conversion was shown. This is now fixed.
+- Ever since Qt 5.11, fetching more completion data when that data is loaded
+  lazily (such as with history) and the last visible item is selected was broken.
+  The exact reason is currently unknown, but this release adds a tenative fix.
+- When PgUp/PgDown were used to go beyond the last visible item, the above issue
+  caused a crash, which is now also fixed.
+- As a workaround for an overzealous Microsoft Defender false-positive detecting
+  a "trojan" in the (unprocessed) adblock list, `:adblock-update` now doesn't
+  cache the HTTP response anymore.
+- With the QtWebKit backend and `content.headers` set to `same-domain` (the
+  default), origins with the same domain but different schemes or ports were
+  treated as the same domain. They now are correctly treated as different domains.
+- When a URL path uses percent escapes (such as
+  `https://example.com/embedded%2Fpath`), using `:navigate up` would treat the
+  `%2F` as a path separator and replace any remaining percent escapes by their
+  unescaped equivalents. Those are now handled correctly.
+- On macOS 11.0 (Big Sur), the default monospace font name caused a parsing error, thus
+  resulting in broken styling for the completion, hints, and other UI components.
+  They now look properly again.
+- Due to a Qt bug, installing Qt/PyQt from prebuilt binaries on systems with a
+  very old `libxcb-utils` version (notably, Debian Stable, but not Ubuntu since
+  16.04 LTS) results in a setup which fails to start. This also affects the
+  `mkvenv.py` script, which now includes a workaround for this case.
+- The `open_url_instance.sh` userscript now complains when `socat` is not
+  installed, rather than silencing the error.
+- The example AppArmor profile in `misc/` was outdated and written for the
+  older QtWebKit backend. It is now updated to serve as an useful starting
+  point with QtWebEngine.
+- When running `:devtools` on Fedora without the needed (optional) dependency
+  installed, it was suggested to install `qt5-webengine-devtools`, which does
+  not, in fact, exist. It's now correctly suggested to install
+  `qt5-qtwebengine-devtools` instead.
+- With Qt 5.15.2, lines/borders coming from the  `readability-js` userscript
+  were invisible. This is now fixed by changing the border color to grey (with all
+  Qt versions).
+- Due to changes in the underlying Chromium, the
+  `colors.webpage.prefers_color_scheme_dark` setting broke with Qt 5.15.2. It now
+  works properly again.
+- Minor performance improvements.
+- Fix for various functionality breaking in private windows with v1.14.0,
+  after the last private window is closed. This includes:
+    * Ad blocking
+    * Downloads
+    * Site-specific quirks (e.g. for Google login)
+    * Certain settings such as `content.javascript.enabled`
+
 v1.14.0 (2020-10-15)
 --------------------
 
@@ -29,7 +131,7 @@ release with an updated QtWebEngine will be released.
 Furthermore, this release still only contains partial session support for QtWebEngine
 5.15. It's still recommended to run against Qt 5.15 due to the security patches
 contained in it -- for most users, the added workarounds seem to work out fine. A
-rewritten session support will be part of qutebrowser v2.0.0, tenatively planned for the
+rewritten session support will be part of qutebrowser v2.0.0, tentatively planned for the
 end of the year or early 2021.
 
 Changed
@@ -37,7 +139,7 @@ Changed
 
 - The `content.media_capture` setting got split up into three more fine-grained
   settings, `content.media.audio_capture`, `.video_capture` and
-  `.audio_video_capture`. Before this change, anwering "always" to a prompt
+  `.audio_video_capture`. Before this change, answering "always" to a prompt
   about e.g. audio capturing would set the `content.media_capture` setting,
   which would also allow the same website to capture video on a future visit.
   Now every prompt will set the appropriate setting, though existing