This changelog reconstructs the project history from version 0.0.24 through 1.0.27 using the repository's tagged compare data, release notes, versioned README changes, and current installer/update work.
- The shell theme menu now supports multiple muted built-in color themes:
Graphite,Slate Blue,Forest Ash, andMocha. - A persistent toolbar-visibility state was added so users can hide the main shortcut row while keeping the address bar and quick-access
»menu available. - Keyboard shortcuts were added for
Toggle Bookmark Bar(Ctrl+Shift+B) andToggle Toolbar(Ctrl+Alt+T), and the shortcut guide was updated to match.
- The
Bookmarksand»toolbar menus now use native popup menus instead of in-page dropdown overlays. - The toolbar layout was refined so hidden-toolbar mode still keeps the omnibox accessible and the quick-access menu visible.
- The
Themeapp menu was expanded from a single dark-mode toggle into a muted multi-theme selector withCtrl+Shift+Dcycling between themes. ARCHITECTURE.mdandBrowser-Privacy-Comparison.mdwere updated to document the current shell state, theme behavior, updater validation, and extension/password hardening paths.
- Managed updates now fail closed unless both the release metadata URL and installer URL use
https:and the published release includes a valid SHA-256 hash for installer verification before launch. - Imported extensions now load without local file access, reject symlinked folders, require Manifest V2 or V3 structure, and warn the user before importing extensions with broad or higher-risk permissions.
- Password save and reveal flows are now restricted to secure contexts such as
https:pages and local loopback development hosts. - The renderer-side CSP was tightened with explicit
object-src 'none',base-uri 'none',frame-ancestors 'none', and narrower resource directives. - Several renderer UI paths were cleaned up to reduce unnecessary
innerHTMLusage in favor of direct DOM construction.
- A local
npm auditpass reported0known vulnerabilities in the current dependency tree.
- The package version was advanced to
1.0.25. - Release and README documentation were updated to match the
1.0.25installer package name and current feature set. - Download handling was refined so files from trusted sources such as GitHub can complete more reliably while browser security protections remain in place.
- The page context menu and tab context menu were refined toward a cleaner Chromium-style workflow.
- Passkey and WebAuthn sign-in compatibility for supported websites was improved.
- Install-path handling was updated so external-drive installs can move install-linked browser data off
C:and onto the selected external drive.
- Memory usage was reduced on streaming-heavy sites such as Twitch and Kick to improve responsiveness and stability.
Automatic updatesremains the default installer selection, whileManual updates onlyremains available.
-
Dependency Security Update
-
Encrypted saved-password vault with on-demand reveal, manual add and remove controls, and strong-password generation
-
Bookmark import from Edge, Chrome, Brave, Opera, or a user-chosen bookmark file with explicit consent gating for path scans and manual file access
-
Chromium extension import support for Edge, Chrome, Brave, and Opera profile folders plus manual folder import
-
VPN manager support for NordVPN, ExpressVPN, ProtonVPN, and WireGuard with Proton
.confvalidation and import -
Browser-session public IP testing with separate IPv4 and IPv6 checks in the VPN panel
-
Installer update-mode choice with
Automatic updatesandManual updates only, plus an owner-run managed update server flow for installs that opt into automatic updates -
Installer-time opt-in registration so
Automatic updatesinstalls can notify the update server immediately after setup -
Manual
Check for Updatesentry in the app menu with clearer version and status feedback -
Improved uninstall flow with custom install-path tracking, external-drive install support, and better cleanup of stale install metadata
-
Uninstall options that let users choose which local data categories should be removed or kept
-
Existing browser shell features remain in place, including bookmark bar, split-view browsing, site permissions, ad blocking, download protection, sleepable tabs, and runtime diagnostics
- Password capture from supported login forms now stores encrypted entries locally and keeps passwords hidden until the user explicitly reveals them.
- The browser can suggest strong passwords both from the passwords panel and on supported password forms.
- Bookmark import now separates consent for browser-path scanning and manual bookmark-file browsing.
- Extension import scans supported Chromium profile locations and restores imported extensions into the persistent main session.
- VPN integration now includes installed-client detection, external app launch shortcuts, local Proton profile import, and browser network refresh support.
- Public IP testing now surfaces both IPv4 and IPv6 results so users can verify whether the browser session is going through the expected network path.
- Installer builds can now record whether the user selected
Automatic updatesorManual updates only, register auto-update installs with an owner-run update server immediately after setup, and fetch/download the latest published installer from that server flow. - The update server now restricts dashboard access, client-list access, and release publishing to the owner machine by default.
- Users can now manually run
Check for Updatesfrom the app menu and see installed-versus-available version feedback. - Custom install locations now better support external HDDs, external SSDs, and USB flash drives.
- Uninstall now cleans up tracked custom install paths more reliably, lets users choose which local data categories to remove, and suppresses false leftover warnings when cleanup finishes successfully.
Automatic updatesis now the default installer selection, whileManual updates onlyremains available as an opt-out choice.
- Encrypted saved-password vault with on-demand reveal, manual add and remove controls, and strong-password generation
- Bookmark import from Edge, Chrome, Brave, Opera, or a user-chosen bookmark file with explicit consent gating for path scans and manual file access
- Chromium extension import support for Edge, Chrome, Brave, and Opera profile folders plus manual folder import
- VPN manager support for NordVPN, ExpressVPN, ProtonVPN, and WireGuard with Proton
.confvalidation and import - Browser-session public IP testing with separate IPv4 and IPv6 checks in the VPN panel
- Installer update-mode choice with
Automatic updatesandManual updates only, plus an owner-run managed update server flow for installs that opt into automatic updates - Installer-time opt-in registration so
Automatic updatesinstalls can notify the update server immediately after setup - Manual
Check for Updatesentry in the app menu with clearer version and status feedback - Improved uninstall flow with custom install-path tracking, external-drive install support, and better cleanup of stale install metadata
- Uninstall options that let users choose which local data categories should be removed or kept
- Existing browser shell features remain in place, including bookmark bar, split-view browsing, site permissions, ad blocking, download protection, sleepable tabs, and runtime diagnostics
- Password capture from supported login forms now stores encrypted entries locally and keeps passwords hidden until the user explicitly reveals them.
- The browser can suggest strong passwords both from the passwords panel and on supported password forms.
- Bookmark import now separates consent for browser-path scanning and manual bookmark-file browsing.
- Extension import scans supported Chromium profile locations and restores imported extensions into the persistent main session.
- VPN integration now includes installed-client detection, external app launch shortcuts, local Proton profile import, and browser network refresh support.
- Public IP testing now surfaces both IPv4 and IPv6 results so users can verify whether the browser session is going through the expected network path.
- Installer builds can now record whether the user selected
Automatic updatesorManual updates only, register auto-update installs with an owner-run update server immediately after setup, and fetch/download the latest published installer from that server flow. - The update server now restricts dashboard access, client-list access, and release publishing to the owner machine by default.
- Users can now manually run
Check for Updatesfrom the app menu and see installed-versus-available version feedback. - Custom install locations now better support external HDDs, external SSDs, and USB flash drives.
- Uninstall now cleans up tracked custom install paths more reliably, lets users choose which local data categories to remove, and suppresses false leftover warnings when cleanup finishes successfully.
Automatic updatesis now the default installer selection, whileManual updates onlyremains available as an opt-out choice.
- A manual
Check for Updatesmenu entry was added so users can trigger update checks on demand and see clearer version/status feedback. - Custom install locations now explicitly support external HDDs, external SSDs, and USB flash drives with writable-path validation during setup.
- Uninstall now prompts the user to choose whether local browser data should be removed or kept for a future reinstall or update.
- The package version was advanced to
1.0.13. - Current release documentation and installer-facing version references were updated to
1.0.13. - Installer metadata tracking was expanded to record install root and drive-type details for custom install paths.
- Update preference persistence now keeps custom install-path metadata in sync after launch.
- Uninstall cleanup now better targets tracked custom install directories instead of relying only on default locations.
- Ghost-install cleanup was improved by removing stale install metadata and validating remaining leftovers after uninstall.
- Security Update Dependency
- Security Update Dependency
- Security Update Dependency
- Security Update Dependency
- Security Update Dependency
- Security Update Dependency
- minor updates
- The package version was advanced to
1.0.8. - Current release documentation and installer-facing version references were updated to
1.0.8.
- Installer-time auto-update check-in was added so installs that choose
Automatic updatescan register with the owner-run update server immediately after setup.
- The package version was advanced to
1.0.6. - Current release documentation and installer-facing version references were updated to
1.0.6. - The managed update server now separates end-user client access from owner-only dashboard and release-management actions.
- Encrypted saved-password storage was added with manual add, reveal, remove, and strong-password generation flows.
- Bookmark import was expanded to supported Chromium browser paths plus manual bookmark-file import.
- Separate consent gating was added for browser bookmark-path scanning and manual bookmark-file access.
- Chromium extension import support was added for Edge, Chrome, Brave, and Opera profile folders.
- VPN tooling was added for installed-client detection, Proton
.confvalidation/import, and browser-session IP checks. - Installer update-mode selection was added for
Automatic updatesandManual updates only, along with an owner-run managed updater that can register opted-in installs, publish the latest release, and let clients download and launch that installer.
- Release, README, privacy, and architecture documentation were refreshed for version
0.9.23. - Update documentation was revised to describe the owner-run managed updater, published release flow, and the limited fields it collects.
- Browser persistence behavior was updated so uninstall no longer deletes app data by default.
- Startup logging was reduced so blocked tracker noise and low-level Chromium network spam do not flood the terminal.
- Bookmark import consent rules now apply correctly to both browser-path scanning and manual bookmark-file browsing.
- VPN
.confscanning was tightened so there is no automatic common-folder scan path.
- Bookmark bar support was added to the main browser shell with persistent saved-page chips, one-click navigation, and inline removal.
- Chrome-style tab context actions were added for new tab, duplicate tab, close tab, and split-view replacement.
- Split-view browsing was added so two BrowserView tabs can be displayed side-by-side with a draggable divider.
- Site permission controls were added from the address bar shell for camera, microphone, notifications, location, popups, clipboard, automatic downloads, and fullscreen.
- The Bubbles home page now keeps provider results on-page while switching between Bubbles, Google-backed, and DuckDuckGo-backed result sources.
- Download protection now runs through a modular provider chain with fallback behavior, including Windows Defender, Authenticode signature checks, and browser heuristics.
- Ad-block diagnostics now show loaded-rule status and per-page blocked counters in addition to the existing Bubbles home verification page.
- Full-screen handling now uses a clean
F11toggle path plus an in-shell exit control. - Local browser state and exported diagnostics now use compressed persisted payloads, with OS-backed encryption when available.
- A runtime checks panel was added to the browser shell so users can inspect security, download protection, ad blocking, executable path, and performance state in-app.
- Full-screen exit reliability was improved so the window can still be closed or exited cleanly while full-screen is active.
- Hidden BrowserView tabs now opt into background throttling so inactive pages use less CPU and memory pressure during normal browsing.
- Background tabs can now be put to sleep automatically under memory pressure, and the Task Manager can manually sleep or wake eligible tabs.
- Start version:
0.0.24 - Intermediate milestones found in repository history:
0.0.35,0.0.50 - End version:
0.1.5
- Exportable diagnostics and local crash logging were introduced.
- A documented crash-report workflow was added through
Tools > Export Diagnostics Reportwith a support email contact. Data-Collection-and-Privacy-Notice.mdwas added to formalize the browser's no-telemetry and no-analytics position.
- The installer package advanced from
0.0.24to0.0.35with updated package naming and install instructions. - The project README was rewritten around a BrowserView-based tab runtime instead of a generic lightweight-browser description.
- System requirements were tightened toward Windows 11 x64 packaging.
- Security documentation was expanded to call out sandboxing,
contextIsolation, disablednodeIntegration, incognito session separation, restricted permissions, and no auto-updater endpoints.
- Feature wording was cleaned up for task manager behavior, shortcuts, and packaging details.
- Manual update guidance was clarified for installer-based upgrades.
- An
infostatus file was introduced as a simple project update marker.
- Download protection for risky file types was added, including optional Windows Defender scan integration after downloads complete.
- A clear recent downloads action was added to the Downloads window.
ARCHITECTURE.mdwas added to document runtime design, Electron process structure, local storage, diagnostics, and security model.Browser-Privacy-Comparison.mdwas added to explain privacy posture versus mainstream browsers.SECURITY.mdwas added with vulnerability reporting guidance and support policy.- A privacy-proof section was added to the README to show that diagnostics and browser data remain local unless exported manually.
- The main README was renamed from
Readme.mdtoREADME.md. - Installer naming changed to the
0.0.50setup package format. - Install and update instructions were revised to explicitly remove
0.0.35before installing0.0.50. - Privacy and data-collection documentation links were added to the README.
- A formatting issue in the diagnostics directory helper (
ensureDiagnosticsDir) was corrected.
- The temporary
infofile was renamed toUPDATES. - The repository became much more documentation-driven in this release, especially around privacy, security, and architecture.
bubbles://homebecame the default home page.- Bubbles Search Engine support was added, with background DuckDuckGo results and Google suggestions.
- Direct URLs and bare domains remained separate from search input in the address bar.
- Live home-page counters were added for ads blocked, trackers blocked, bookmarks saved, and history count.
- Ad and tracker request filtering was expanded, including YouTube-focused blocking behavior.
- Popup-based login compatibility was improved for sign-in flows used by sites such as Google, Twitch, and Facebook.
- A local-only Music Player window was added with explicit user opt-in before any folder scan begins.
- Edit menu roles and a shortcut/help guide were added for common browser actions.
- Download management messaging was updated to reflect recent-download management.
- The architecture documentation was rewritten around the real runtime shape:
browser-runtime.js, BrowserView tabs, helper windows, popup auth windows, Bubbles home page IPC, and Music Player state. - The privacy comparison document was revised to better distinguish local-first behavior from normal web traffic and search-provider traffic.
- The data collection notice was expanded to document local storage for history, bookmarks, homepage settings, and Music Player settings.
- Update instructions were generalized to uninstall any older installed version before installing
0.1.5.
- The project README shifted from a general browser package description to a release overview centered on search, privacy, popup auth compatibility, and local-only media features.
- Security documentation now calls out ad and tracker filtering as part of the browser protection model.
- Privacy language was refined to explicitly state that the browser avoids first-party telemetry while still making normal website and search-provider requests when the user initiates those actions.
- The official
0.1.5release notes describe this release as the point where the browser's identity moved from a general Electron browser package to a branded Bubbles search-and-privacy focused desktop browser.
- Exportable diagnostics and local crash logging
- Download protection with Windows Defender integration
- Privacy, architecture, and security documentation
- Bubbles Search Engine and default internal home page
- Ad and tracker filtering with live counters
- Popup login compatibility improvements
- Local-only Music Player with explicit opt-in
- Edit menu roles and shortcut/help coverage
- Installer naming, packaging language, and upgrade instructions
- System requirement messaging toward Windows 11 x64
- README and release documentation quality and depth
- Privacy disclosures to better reflect actual app behavior
- Diagnostics helper formatting issues
- Login-flow handling around popup-based authentication
This file was reconstructed from:
- the repository compare history for
0.0.24 -> 0.0.35,0.0.35 -> 0.0.50, and0.0.50 -> 0.1.5 - the in-repo
release.mdfor version0.1.5 - the repository's tagged README and documentation diffs