From 294a6f721aa8fdad093ae6032bd4834e23b91dca Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Mon, 10 Jun 2024 11:47:35 -0400
Subject: [PATCH 01/16] New prefs are just in the preferences policy, not the
old Pref policy
---
windows/firefox.admx | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/windows/firefox.admx b/windows/firefox.admx
index 106c52e..8ae146e 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -3359,26 +3359,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
--
2.43.0
From 3a7132298a36856892f20ed62132e93a67695841 Mon Sep 17 00:00:00 2001
From: Dennis Jackson <88591716+dennisjackson@users.noreply.github.com>
Date: Tue, 11 Jun 2024 09:20:21 +0100
Subject: [PATCH 02/16] Fix Duplicate
---
docs/index.md | 35 -----------------------------------
1 file changed, 35 deletions(-)
diff --git a/docs/index.md b/docs/index.md
index 7e12d6a..eb307ec 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1586,41 +1586,6 @@ Value (string):
}
}
```
-### DisableDeveloperTools
-Remove access to all developer tools.
-
-**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `removeDeveloperTools`\
-**Preferences Affected:** `devtools.policy.disabled`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
-```
-Value (string):
-```
- or
-```
-#### macOS
-```
-
- DisableDeveloperTools
- |
-
-```
-#### policies.json
-```
-{
- "policies": {
- "DisableDeveloperTools": true | false
- }
-}
-```
### DisableEncryptedClientHello
Disable the TLS Feature for Encrypted Client Hello. Note that TLS Client Hellos will still contain an ECH extension, but this extension will not be used by Firefox during the TLS handshake.
--
2.43.0
From 776226a510364cf800ba8f47c520b0780faf3399 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Tue, 11 Jun 2024 13:13:46 -0400
Subject: [PATCH 03/16] Remove deprecated WhatsNew feature
---
docs/index.md | 9 ++-------
linux/policies.json | 1 -
mac/org.mozilla.firefox.plist | 2 --
windows/de-DE/firefox.adml | 2 +-
windows/en-US/firefox.adml | 2 +-
windows/es-ES/firefox.adml | 2 +-
windows/fr-FR/firefox.adml | 2 +-
windows/it-IT/firefox.adml | 2 +-
windows/ru-RU/firefox.adml | 2 +-
windows/zh-CN/firefox.adml | 2 +-
windows/zh-TW/firefox.adml | 2 +-
11 files changed, 10 insertions(+), 18 deletions(-)
diff --git a/docs/index.md b/docs/index.md
index 67a23bc..48d4ba9 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -6143,7 +6143,7 @@ Value (string):
Prevent Firefox from messaging the user in certain situations.
-`WhatsNew` Remove the "What's New" icon and menuitem.
+`WhatsNew` Remove the "What's New" icon and menuitem. (*Deprecated*)
`ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
@@ -6159,11 +6159,10 @@ Prevent Firefox from messaging the user in certain situations.
**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
+**Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
@@ -6174,7 +6173,6 @@ Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
@@ -6191,8 +6189,6 @@ Value (string):
UserMessaging
- WhatsNew
- |
ExtensionRecommendations
|
FeatureRecommendations
@@ -6213,7 +6209,6 @@ Value (string):
{
"policies": {
"UserMessaging": {
- "WhatsNew": true | false,
"ExtensionRecommendations": true | false,
"FeatureRecommendations": true | false,
"UrlbarInterventions": true | false,
diff --git a/linux/policies.json b/linux/policies.json
index a7f9adc..e0b54c1 100644
--- a/linux/policies.json
+++ b/linux/policies.json
@@ -346,7 +346,6 @@
"StartDownloadsInTempDirectory": true | false,
"TranslateEnabled": true | false,
"UserMessaging": {
- "WhatsNew": true | false,
"ExtensionRecommendations": true | false,
"FeatureRecommendations": true | false,
"UrlbarInterventions": true | false,
diff --git a/mac/org.mozilla.firefox.plist b/mac/org.mozilla.firefox.plist
index 2335b61..c2cc5b3 100644
--- a/mac/org.mozilla.firefox.plist
+++ b/mac/org.mozilla.firefox.plist
@@ -646,8 +646,6 @@
UserMessaging
- WhatsNew
-
ExtensionRecommendations
FeatureRecommendations
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index f704e28..599933c 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -843,7 +843,7 @@ Wenn Sie die Richtlinieneinstellung deaktivieren oder nicht konfigurieren, verwe
- Neue Funktionen und Ãnderungen
+ Neue Funktionen und Ãnderungen (Veraltet)
Wenn diese Richtlinieneinstellung deaktiviert ist, werden das Symbol und der Menüpunkt "Neue Funktionen und Ãnderungen" nicht angezeigt.
Wenn diese Richtlinieneinstellung aktiviert oder nicht konfiguriert ist, werden das Symbol und der Menüpunkt "Neue Funktionen und Ãnderungen" angezeigt.
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 3bea034..7c1096a 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -843,7 +843,7 @@ If this policy is disabled or not configured, Firefox defaults to a maximum of T
- What's New
+ What's New (Deprecated)
If this policy is disabled, the What's new icon and menuitem will not be displayed.
If this policy is enabled or not configured, the What's New icon and menuitem will be displayed.
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 7bc3721..054e76e 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -845,7 +845,7 @@ Si esta polÃtica está deshabilitada o no está configurada, Firefox establecer
- Novedades
+ Novedades (obsoleto)
Si esta polÃtica está deshabilitada, no se mostrarán el icono de novedades y el menú de elementos.
Si esta polÃtica está habilitada o no está configurada, se mostrará el icono de novedades y el menú de elementos.
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index 222de0f..83087d6 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -844,7 +844,7 @@ Si cette stratégie est désactivée ou non configurée, Firefox utilise par dé
- Quoi de neuf
+ Quoi de neuf (Deprecated)
Si cette stratégie est désactivée, l'icône Quoi de neuf et l'élément de menu ne seront pas affichés.
Si cette stratégie est activée ou non configurée, l'icône Quoi de neuf et l'élément de menu s'affichent.
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index dc1fc96..2948f6e 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -845,7 +845,7 @@ Se questo criterio è disabilitato o non configurato, per impostazione predefini
- NovitÃ
+ Novità (deprecata)
Se questo criterio è disabilitato, l'icona e la voce di menù Novità non saranno visualizzate.
Se questo criterio è abilitato o non configurato, l'icona e la voce di menù Novità saranno visualizzate.
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index fb83002..e44bfc8 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -845,7 +845,7 @@ If this policy is disabled or not configured, no PKCS #11 modules will be delete
- ЧÑо нового
+ ЧÑо нового (ÑÑÑаÑело)
ÐÑли ÑÑа полиÑика оÑклÑÑена, знаÑок и ÑÐ»ÐµÐ¼ÐµÐ½Ñ Ð¼ÐµÐ½Ñ Â«Ð§Ñо нового» оÑобÑажаÑÑÑÑ Ð½Ðµ бÑдÑÑ.
ÐÑли ÑÑа полиÑика вклÑÑена или не наÑÑÑоена, бÑдÑÑ Ð¾ÑобÑажаÑÑÑÑ Ð·Ð½Ð°Ñок и ÑÐ»ÐµÐ¼ÐµÐ½Ñ Ð¼ÐµÐ½Ñ Â«Ð§Ñо нового».
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index d623889..c1227f8 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -845,7 +845,7 @@ If this policy is disabled or not configured, no PKCS #11 modules will be delete
- æä»ä¹æ°é²äº
+ æä»ä¹æ°é²äºï¼å·²å¼ç¨ï¼
è¥ç¦ç¨æ¤ååï¼å°ä¸ä¼æ¾ç¤ºãæä»ä¹æ°é²äºãçå¾æ ä¸éå项ç®ã
è¥å¯ç¨æä¸è®¾å®æ¤ååï¼åä¼æ¾ç¤ºãæä»ä¹æ°é²äºãçå¾ç¤ºä¸èå项ç®ã
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index 7df8567..f0ff782 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -843,7 +843,7 @@ If this policy is disabled or not configured, no PKCS #11 modules will be delete
- æä»éº¼æ°é®®äº
+ æä»éº¼æ°é®®äºï¼å·²æ£ç¨ï¼
è¥åç¨æ¤ååï¼å°ä¸æ顯示ãæä»éº¼æ°é®®äºãçå示èé¸å®é
ç®ã
è¥åç¨æä¸è¨å®æ¤ååï¼åæ顯示ãæä»éº¼æ°é®®äºãçå示èé¸å®é
ç®ã
--
2.43.0
From 7b73c131c49330fde2d4a76aa42864216510708a Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Wed, 12 Jun 2024 14:44:50 -0400
Subject: [PATCH 04/16] Add PostQuantumKeyAgreementEnabled to readme
---
docs/index.md | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/docs/index.md b/docs/index.md
index 48d4ba9..4bc7410 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -100,6 +100,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
| **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
+| **[`PostQuantumKeyAgreementEnabled`](#postquantumkeyagreementenabled)** | Enable post-quantum key agreement for TLS.
| **[`Preferences`](#preferences)** | Set and lock preferences.
| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
@@ -4726,6 +4727,41 @@ Value (string):
}
}
```
+### PostQuantumKeyAgreementEnabled
+Enable post-quantum key agreement for TLS.
+
+**Compatibility:** Firefox 127\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `security.tls.enable_kyber`, `network.http.http3.enable_kyber` (Firefox 128)
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PostQuantumKeyAgreementEnabled = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PostQuantumKeyAgreementEnabled
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ PostQuantumKeyAgreementEnabled
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PostQuantumKeyAgreementEnabled": true | false
+ }
+}
+```
### Preferences
Set and lock preferences.
--
2.43.0
From 2de2684fb2c37560b36c79612b6c9be56f5948c4 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Mon, 17 Jun 2024 08:43:49 -0400
Subject: [PATCH 05/16] Add new Https options to README
---
docs/index.md | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 88 insertions(+), 1 deletion(-)
diff --git a/docs/index.md b/docs/index.md
index 4bc7410..361dee3 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -80,6 +80,8 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`Handlers`](#handlers)** | Configure default application handlers.
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
+| **[`HttpAllowlist`](#httpallowlist)** | Configure origins that will not be upgraded to HTTPS.
+| **[`HttpsOnlyMode`](#httpsonlymode)** | Configure HTTPS-Only Mode.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
@@ -3536,6 +3538,92 @@ Value (string):
}
}
```
+### HttpAllowlist
+Configure site that will not be upgraded to HTTPS.
+
+The sites are specified as a list of origins.
+
+**Compatibility:** Firefox 127\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\HttpAllowlist\1 = "http://example.org"
+Software\Policies\Mozilla\Firefox\HttpAllowlist\2 = "http://example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpAllowlist
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ HttpAllowlist
+
+ http://example.org
+ http://example.edu
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "HttpAllowlist ": ["http://example.org",
+ "http://example.edu"]
+ }
+}
+```
+### HttpsOnlyMode
+Configure HTTPS-Only Mode.
+
+| Value | Description
+| --- | --- |
+| allowed | HTTPS-Only Mode is off by default, but the user can turn it on.
+| disallowed | HTTPS-Only Mode is off and the user can't turn it on.
+| enabled | HTTPS-Only Mode is on by default, but the user can turn it off.
+| force_enabled | HTTPS-Only Mode is on and the user can't turn it off.
+
+**Compatibility:** Firefox 127\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `dom.security.https_only_mode`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\HttpsOnlyMode = "allowed", "disallowed", "enabled", "force_enabled"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpsOnlyMode
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ HttpsOnlyMode
+ allowed | disallowed | enabled| force_enabled
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "HttpsOnlyMode": "allowed" | "disallowed" | "enabled" | "force_enabled"
+ }
+}
+```
### InstallAddonsPermission
Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
@@ -4273,7 +4361,6 @@ Value (string):
}
}
```
-
### PDFjs
Disable or configure PDF.js, the built-in PDF viewer.
--
2.43.0
From 21efc47e069d7b6bb953beaf371e500abdf90d00 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Mon, 17 Jun 2024 08:45:01 -0400
Subject: [PATCH 06/16] Typo
---
docs/index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/index.md b/docs/index.md
index 361dee3..2ac1142 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -3539,7 +3539,7 @@ Value (string):
}
```
### HttpAllowlist
-Configure site that will not be upgraded to HTTPS.
+Configure sites that will not be upgraded to HTTPS.
The sites are specified as a list of origins.
--
2.43.0
From cd98392814251a1e40d3496749fc8a1535f57b8f Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Tue, 18 Jun 2024 14:09:13 -0400
Subject: [PATCH 07/16] Convert 127 to 127_ONLY
---
windows/de-DE/firefox.adml | 2 +-
windows/en-US/firefox.adml | 2 +-
windows/es-ES/firefox.adml | 2 +-
windows/firefox.admx | 2 +-
windows/fr-FR/firefox.adml | 2 +-
windows/it-IT/firefox.adml | 2 +-
windows/ru-RU/firefox.adml | 1 +
windows/zh-CN/firefox.adml | 2 +-
windows/zh-TW/firefox.adml | 2 +-
9 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 599933c..867cb89 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 oder höher
Firefox 125 oder höher, Firefox 115.10 ESR oder höher
Firefox 126 oder höher
- Firefox 127 oder höher, Firefox 115.12 ESR oder höher
+ Firefox 127 oder höher
Firefox 128 oder höher, Firefox 115.13 ESR oder höher
Firefox 129 oder höher, Firefox 115.14 ESR oder höher
Firefox 130 oder höher, Firefox 115.15 ESR oder höher
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 7c1096a..38cbfdc 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 or later
Firefox 125 or later, Firefox 115.10 ESR or later
Firefox 126 or later
- Firefox 127 or later, Firefox 115.12 ESR or later
+ Firefox 127 or later
Firefox 128 or later, Firefox 115.13 ESR or later
Firefox 129 or later, Firefox 115.14 ESR or later
Firefox 130 or later, Firefox 115.15 ESR or later
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 054e76e..64002b0 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 o posterior
Firefox 125 o posterior, Firefox 115.10 ESR o posterior
Firefox 126 o posterior
- Firefox 127 o posterior, Firefox 115.12 ESR o posterior
+ Firefox 127 o posterior
Firefox 128 o posterior, Firefox 115.13 ESR o posterior
Firefox 129 o posterior, Firefox 115.14 ESR o posterior
Firefox 130 o posterior, Firefox 115.15 ESR o posterior
diff --git a/windows/firefox.admx b/windows/firefox.admx
index 8ae146e..f4b7f42 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -71,7 +71,7 @@
-
+
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index 83087d6..1e6600e 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 ou supérieur
Firefox 125 ou supérieur, Firefox 115.10 ESR ou supérieur
Firefox 126 ou supérieur
- Firefox 127 ou supérieur, Firefox 115.12 ESR ou supérieur
+ Firefox 127 ou supérieur
Firefox 128 ou supérieur, Firefox 115.13 ESR ou supérieur
Firefox 129 ou supérieur, Firefox 115.14 ESR ou supérieur
Firefox 130 ou supérieur, Firefox 115.15 ESR ou supérieur
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index 2948f6e..5d871ec 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 o versione successiva
Firefox 125 o versione successiva, Firefox 105.10 ESR o versione successiva
Firefox 126 o versione successiva
- Firefox 127 o versione successiva, Firefox 105.12 ESR o versione successiva
+ Firefox 127 o versione successiva
Firefox 128 o versione successiva, Firefox 105.13 ESR o versione successiva
Firefox 129 o versione successiva, Firefox 105.14 ESR o versione successiva
Firefox 130 o versione successiva, Firefox 105.15 ESR o versione successiva
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index e44bfc8..4f494b4 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -69,6 +69,7 @@
Firefox 124 или более поздние веÑÑии
Firefox 125 или более поздние веÑÑии, Firefox 105.10 ESR или более поздние веÑÑии
Firefox 126 или более поздние веÑÑии
+ Firefox 127 или более поздние веÑÑии
Firefox 127 или более поздние веÑÑии, Firefox 105.12 ESR или более поздние веÑÑии
Firefox 128 или более поздние веÑÑии, Firefox 105.13 ESR или более поздние веÑÑии
Firefox 129 или более поздние веÑÑии, Firefox 105.14 ESR или более поздние веÑÑии
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index c1227f8..a77f40c 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 ææ´æ°çæ¬
Firefox 125 ææ´æ°çæ¬ãFirefox 105.10 ESR ææ´æ°çæ¬
Firefox 126 ææ´æ°çæ¬
- Firefox 127 ææ´æ°çæ¬ãFirefox 105.12 ESR ææ´æ°çæ¬
+ Firefox 127 ææ´æ°çæ¬
Firefox 128 ææ´æ°çæ¬ãFirefox 105.13 ESR ææ´æ°çæ¬
Firefox 129 ææ´æ°çæ¬ãFirefox 105.14 ESR ææ´æ°çæ¬
Firefox 130 ææ´æ°çæ¬ãFirefox 105.15 ESR ææ´æ°çæ¬
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index f0ff782..4e0d19c 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -69,7 +69,7 @@
Firefox 124 ææ´æ°çæ¬
Firefox 125 ææ´æ°çæ¬ãFirefox 105.10 ESR ææ´æ°çæ¬
Firefox 126 ææ´æ°çæ¬
- Firefox 127 ææ´æ°çæ¬ãFirefox 105.12 ESR ææ´æ°çæ¬
+ Firefox 127 ææ´æ°çæ¬
Firefox 128 ææ´æ°çæ¬ãFirefox 105.13 ESR ææ´æ°çæ¬
Firefox 129 ææ´æ°çæ¬ãFirefox 105.14 ESR ææ´æ°çæ¬
Firefox 130 ææ´æ°çæ¬ãFirefox 105.15 ESR ææ´æ°çæ¬
--
2.43.0
From 62f431dcf0f5bad75259727d3464c0797bcb9d3c Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Tue, 18 Jun 2024 14:35:18 -0400
Subject: [PATCH 08/16] GPO for DisableEncryptedClientHello and
PostQuantumKeyAgreementEnabled
---
windows/de-DE/firefox.adml | 8 ++++++++
windows/en-US/firefox.adml | 8 ++++++++
windows/es-ES/firefox.adml | 8 ++++++++
windows/firefox.admx | 20 ++++++++++++++++++++
windows/fr-FR/firefox.adml | 8 ++++++++
windows/it-IT/firefox.adml | 8 ++++++++
windows/ru-RU/firefox.adml | 8 ++++++++
windows/zh-CN/firefox.adml | 8 ++++++++
windows/zh-TW/firefox.adml | 8 ++++++++
9 files changed, 84 insertions(+)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 867cb89..4fc9823 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1103,6 +1103,14 @@ Wenn diese Richtlinieneinstellung aktiviert oder nicht konfiguriert ist, werden
Wenn diese Richtlinieneinstellung aktiviert oder nicht konfiguriert ist, ist die Ãbersetzung von Webseiten verfügbar.
Hinweis: Die Ãbersetzung von Webseiten erfolgt vollständig auf dem Client, um den Datenschutz zu gewährleisten.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
Für eine Beschreibung der Einstellung, siehe:
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 38cbfdc..53edd1c 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -1098,6 +1098,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false.
For a description of the preference, see:
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 64002b0..986d5c6 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -1100,6 +1100,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
Si esta polÃtica está habilitada, la preferencia se bloquea en true. Si esta polÃtica está deshabilitada, la preferencia está bloqueada en false.
Para una descripción de la preferencia, visita:
diff --git a/windows/firefox.admx b/windows/firefox.admx
index f4b7f42..2fca204 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -4215,5 +4215,25 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index 1e6600e..745333a 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -1099,6 +1099,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
Si cette stratégie est activée, la préférence est verrouillée sur true. Si cette stratégie est désactivée, la préférence est verrouillée sur false.
Pour une description de la préférence, voir:
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index 5d871ec..d63dee9 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -1101,6 +1101,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
Se questo criterio è abilitato, la preferenza è impostata a Vero e resa non modificabile. Se questo criterio è disabilitato, la preferenza è impostata a Falso e resa non modificabile.
Per una descrizione della preferenza, si veda:
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index 4f494b4..860899e 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -1101,6 +1101,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
ÐÑли ÑÑа полиÑика вклÑÑена, пÑедпоÑÑение заблокиÑовано на true. ÐÑли ÑÑа полиÑика оÑклÑÑена, пÑедпоÑÑение заблокиÑовано на false.
ÐпиÑание пÑедпоÑÑÐµÐ½Ð¸Ñ Ñм.:
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index a77f40c..536d72b 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -1100,6 +1100,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
è¥å¯ç¨æ¤ååï¼å好设å®å°éå®ä¸º trueã è¥ç¦ç¨æ¤ååï¼å好设å®åéå®ä¸ºfalseã
è¥éè¦å好设置ç详ç»è¯´æï¼è¯·åèï¼
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index 4e0d19c..8e284d5 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -1098,6 +1098,14 @@ If this policy is enabled or not configured, payment methods will be autofilled
If this policy is enabled or not configured, web page translation will be available.
Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+ Disable Encrypted Client Hello
+ If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+
+If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
+ Enable post-quantum key agreement
+ If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+
+If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
è¥åç¨æ¤ååï¼å好è¨å®å°éå®çº trueãè¥åç¨æ¤ååï¼å好è¨å®åéå®çº falseã
è¥éè¦å好è¨å®ç詳細說æï¼è«åèï¼
--
2.43.0
From 5d163fddf760731ebc633a79ac861c2085c9f61b Mon Sep 17 00:00:00 2001
From: vossni <46046843+vossni@users.noreply.github.com>
Date: Fri, 21 Jun 2024 11:34:41 +0200
Subject: [PATCH 09/16] German translations for ECH und Post-quantum Key
Agreement
---
windows/de-DE/firefox.adml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 4fc9823..a800229 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1103,14 +1103,14 @@ Wenn diese Richtlinieneinstellung aktiviert oder nicht konfiguriert ist, werden
Wenn diese Richtlinieneinstellung aktiviert oder nicht konfiguriert ist, ist die Ãbersetzung von Webseiten verfügbar.
Hinweis: Die Ãbersetzung von Webseiten erfolgt vollständig auf dem Client, um den Datenschutz zu gewährleisten.
- Disable Encrypted Client Hello
- If this policy is enabled, the TLS feature Encrypted Client Hello (ECH) will be disabled.
+ Encrypted Client Hello (ECH) deaktivieren
+ Wenn diese Richtlinieneinstellung aktiviert ist, wird die TLS-Funktion Encrypted Client Hello (ECH) deaktiviert.
-If this policy is disabled or not configured, the TLS feature Encrypted Client Hello (ECH) will be enabled.
- Enable post-quantum key agreement
- If this policy is enabled, post-quantum key agreement for TLS will be enabled.
+Wenn diese Richtlinie deaktiviert oder nicht konfiguriert ist, wird die TLS-Funktion Encrypted Client Hello (ECH) aktiviert.
+ Post-quantum Key Agreement aktivieren
+ Wenn diese Richtlinieneinstellung aktiviert ist, wird Post-Quantum Key Agreement für TLS aktiviert.
-If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, wird Post-Quantum Key Agreement für TLS deaktiviert.
Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
Für eine Beschreibung der Einstellung, siehe:
--
2.43.0
From 4cf3a462afa456b2fdea39ced577fb0fadae3fa6 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Fri, 21 Jun 2024 07:21:23 -0400
Subject: [PATCH 10/16] GPO Updates for new Https policies
---
windows/de-DE/firefox.adml | 15 +++++++++++++++
windows/en-US/firefox.adml | 15 +++++++++++++++
windows/es-ES/firefox.adml | 15 +++++++++++++++
windows/firefox.admx | 35 +++++++++++++++++++++++++++++++++++
windows/fr-FR/firefox.adml | 15 +++++++++++++++
windows/it-IT/firefox.adml | 15 +++++++++++++++
windows/ru-RU/firefox.adml | 15 +++++++++++++++
windows/zh-CN/firefox.adml | 15 +++++++++++++++
windows/zh-TW/firefox.adml | 15 +++++++++++++++
9 files changed, 155 insertions(+)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index a800229..229264d 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1111,6 +1111,18 @@ Wenn diese Richtlinie deaktiviert oder nicht konfiguriert ist, wird die TLS-Funk
Wenn diese Richtlinieneinstellung aktiviert ist, wird Post-Quantum Key Agreement für TLS aktiviert.
Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, wird Post-Quantum Key Agreement für TLS deaktiviert.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
Für eine Beschreibung der Einstellung, siehe:
@@ -1474,6 +1486,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferences (E
Example: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 53edd1c..f6d6199 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -1106,6 +1106,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false.
For a description of the preference, see:
@@ -1472,6 +1484,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferences.Example: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 986d5c6..2dd335a 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -1108,6 +1108,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
Si esta polÃtica está habilitada, la preferencia se bloquea en true. Si esta polÃtica está deshabilitada, la preferencia está bloqueada en false.
Para una descripción de la preferencia, visita:
@@ -1474,6 +1486,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferencesExample: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/firefox.admx b/windows/firefox.admx
index 2fca204..180a4d0 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -4235,5 +4235,40 @@
+
+
+
+
+
+ -
+
+ allowed
+
+
+ -
+
+ disallowed
+
+
+ -
+
+ enabled
+
+
+ -
+
+ force_enabled
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index 745333a..011a273 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -1107,6 +1107,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
Si cette stratégie est activée, la préférence est verrouillée sur true. Si cette stratégie est désactivée, la préférence est verrouillée sur false.
Pour une description de la préférence, voir:
@@ -1473,6 +1485,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferencesExample: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index d63dee9..1b434ab 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -1109,6 +1109,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
Se questo criterio è abilitato, la preferenza è impostata a Vero e resa non modificabile. Se questo criterio è disabilitato, la preferenza è impostata a Falso e resa non modificabile.
Per una descrizione della preferenza, si veda:
@@ -1475,6 +1487,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferencesExample: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index 860899e..9d78677 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -1109,6 +1109,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
ÐÑли ÑÑа полиÑика вклÑÑена, пÑедпоÑÑение заблокиÑовано на true. ÐÑли ÑÑа полиÑика оÑклÑÑена, пÑедпоÑÑение заблокиÑовано на false.
ÐпиÑание пÑедпоÑÑÐµÐ½Ð¸Ñ Ñм.:
@@ -1475,6 +1487,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferences.Example: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index 536d72b..b68a954 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -1108,6 +1108,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
è¥å¯ç¨æ¤ååï¼å好设å®å°éå®ä¸º trueã è¥ç¦ç¨æ¤ååï¼å好设å®åéå®ä¸ºfalseã
è¥éè¦å好设置ç详ç»è¯´æï¼è¯·åèï¼
@@ -1474,6 +1486,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferencesã
Example: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index 8e284d5..7ad4780 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -1106,6 +1106,18 @@ If this policy is disabled or not configured, the TLS feature Encrypted Client H
If this policy is enabled, post-quantum key agreement for TLS will be enabled.
If this policy is disabled or not configured, post-quantum key agreement for TLS will be disabled.
+ HTTPS-Only Mode
+ If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
+
+If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
+ Off by default
+ Off and locked
+ On by default
+ On and locked
+ HTTP Allowlist
+ If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
+
+If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
è¥åç¨æ¤ååï¼å好è¨å®å°éå®çº trueãè¥åç¨æ¤ååï¼å好è¨å®åéå®çº falseã
è¥éè¦å好è¨å®ç詳細說æï¼è«åèï¼
@@ -1472,6 +1484,9 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferencesã
Example: .mozilla.org, .net.nz, 192.168.1.0/24
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
+
+
+
--
2.43.0
From 6e7289df2203880c06828917dcc16baf24d1d214 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Fri, 21 Jun 2024 07:23:18 -0400
Subject: [PATCH 11/16] Bump version for release
---
windows/de-DE/firefox.adml | 2 +-
windows/en-US/firefox.adml | 2 +-
windows/es-ES/firefox.adml | 2 +-
windows/firefox.admx | 4 ++--
windows/fr-FR/firefox.adml | 2 +-
windows/it-IT/firefox.adml | 2 +-
windows/ru-RU/firefox.adml | 2 +-
windows/zh-CN/firefox.adml | 2 +-
windows/zh-TW/firefox.adml | 2 +-
9 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 229264d..8a520a3 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index f6d6199..050d1c8 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 2dd335a..86761f7 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/firefox.admx b/windows/firefox.admx
index 180a4d0..3b0e0d5 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -1,10 +1,10 @@
-
+
-
+
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index 011a273..c4e1cc0 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index 1b434ab..635e9c4 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index 9d78677..66a2132 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index b68a954..a3b5185 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -1,5 +1,5 @@
-
+
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index 7ad4780..1b612c4 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -1,5 +1,5 @@
-
+
--
2.43.0
From a088974e4816be17c9135f5492e0a5ee60ff8084 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Fri, 21 Jun 2024 07:48:06 -0400
Subject: [PATCH 12/16] Add note about UTF-8 encoding.
---
docs/index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/index.md b/docs/index.md
index 2ac1142..91b419a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,7 +1,6 @@
Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
-
```
{
"policies": {
@@ -12,6 +11,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
}
}
```
+Note: The `policies.json` must use the UTF-8 encoding.
| Policy Name | Description
| --- | --- |
--
2.43.0
From 99ddeca09db6884161a27143cdad7ac8fb0d7a85 Mon Sep 17 00:00:00 2001
From: vossni <46046843+vossni@users.noreply.github.com>
Date: Fri, 21 Jun 2024 14:11:22 +0200
Subject: [PATCH 13/16] German translations for HttpsOnlyMode and HttpAllowlist
---
windows/de-DE/firefox.adml | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 8a520a3..4c1f3af 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1111,18 +1111,18 @@ Wenn diese Richtlinie deaktiviert oder nicht konfiguriert ist, wird die TLS-Funk
Wenn diese Richtlinieneinstellung aktiviert ist, wird Post-Quantum Key Agreement für TLS aktiviert.
Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, wird Post-Quantum Key Agreement für TLS deaktiviert.
- HTTPS-Only Mode
- If this policy is enabled, you can set the default behavior for HTTPS-Only Mode.
-
-If this policy is disabled or not configured, HTTPS-Only Mode is not enabled.
- Off by default
- Off and locked
- On by default
- On and locked
- HTTP Allowlist
- If this policy is enabled, you can specify a list origins that will not be upgraded to HTTPS.
-
-If this policy is disabled or not configured, all origins are upgraded to HTTPS if HTTPS-Only Mode is enabled.
+ HTTPS-Only Modus
+ Wenn diese Richtlinieneinstellung aktiviert ist, können Sie das Standardverhalten für den HTTPS-Only Modus festlegen.
+
+Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, ist der HTTPS-Only Modus nicht aktiviert.
+ StandardmäÃig ausgeschaltet
+ Ausgeschaltet und gesperrtd
+ StandardmäÃig eingeschaltet
+ Eingeschaltet und gesperrt
+ HTTP Erlaubnisliste
+ Wenn diese Richtlinieneinstellung aktiviert ist, können Sie eine Liste von Verbindungen angeben, die nicht auf HTTPS hochgestuft werden sollen.
+
+Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, werden alle Verbindungen auf HTTPS hochgestuft, wenn der HTTPS-Only Modus aktiviert ist.
Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
Für eine Beschreibung der Einstellung, siehe:
--
2.43.0
From 2bcd66831f4c1e46d517c9c56f76add99e5c1388 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Fri, 21 Jun 2024 13:54:33 -0400
Subject: [PATCH 14/16] Update Linux/macOS samples, fix typo
---
docs/index.md | 2 +-
linux/policies.json | 5 +++++
mac/org.mozilla.firefox.plist | 11 +++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/docs/index.md b/docs/index.md
index 91b419a..3939dc8 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -3613,7 +3613,7 @@ Value (string):
```
HttpsOnlyMode
- allowed | disallowed | enabled| force_enabled
+ allowed | disallowed | enabled | force_enabled
```
#### policies.json
diff --git a/linux/policies.json b/linux/policies.json
index e0b54c1..7e1fdd4 100644
--- a/linux/policies.json
+++ b/linux/policies.json
@@ -66,6 +66,7 @@
"CIPHER_NAME": true | false,
},
"DisableDeveloperTools": true | false,
+ "DisableEncryptedClientHello": true | false,
"DisableFeedbackCommands": true | false,
"DisableFirefoxAccounts": true | false,
"DisableFirefoxScreenshots": true | false,
@@ -186,6 +187,9 @@
"http://example.edu/"],
"StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
},
+ "HttpAllowlist ": ["http://example.org",
+ "http://example.edu"],
+ "HttpsOnlyMode": "allowed" | "disallowed" | "enabled" | "force_enabled",
"InstallAddonsPermission": {
"Allow": ["http://example.org/",
"http://example.edu/"],
@@ -271,6 +275,7 @@
"Default": true | false,
"Locked": true | false
},
+ "PostQuantumKeyAgreementEnabled": true | false,
"Preferences": {
"accessibility.force_disabled": {
"Value": 1,
diff --git a/mac/org.mozilla.firefox.plist b/mac/org.mozilla.firefox.plist
index c2cc5b3..7043180 100644
--- a/mac/org.mozilla.firefox.plist
+++ b/mac/org.mozilla.firefox.plist
@@ -187,6 +187,8 @@
DisableDeveloperTools
+ DisableEncryptedClientHello
+
DisableFeedbackCommands
DisableFirefoxAccounts
@@ -401,6 +403,13 @@
StartPage
homepage
+ HttpAllowlist
+
+ http://example.org
+ http://example.edu
+
+ HttpsOnlyMode
+ disallowed
InstallAddonsPermission
Allow
@@ -558,6 +567,8 @@
Locked
+ PostQuantumKeyAgreementEnabled
+
Preferences
accessibility.force_disabled
--
2.43.0
From d949cbfacfc218601ef671a92ca4b9cd0968e90b Mon Sep 17 00:00:00 2001
From: vossni <46046843+vossni@users.noreply.github.com>
Date: Mon, 24 Jun 2024 14:23:19 +0200
Subject: [PATCH 15/16] Spelling mistakes corrected
gesperrtd -> gesperrt
---
windows/de-DE/firefox.adml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 4c1f3af..1020bd9 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1116,7 +1116,7 @@ Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, wird
Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, ist der HTTPS-Only Modus nicht aktiviert.
StandardmäÃig ausgeschaltet
- Ausgeschaltet und gesperrtd
+ Ausgeschaltet und gesperrt
StandardmäÃig eingeschaltet
Eingeschaltet und gesperrt
HTTP Erlaubnisliste
--
2.43.0
From 00b0e18ced393bd87b7cae3c0b52233ac436f83a Mon Sep 17 00:00:00 2001
From: vossni <46046843+vossni@users.noreply.github.com>
Date: Mon, 24 Jun 2024 14:27:32 +0200
Subject: [PATCH 16/16] Adaptation to the spelling in Firefox
HTTPS-Only -> Nur-HTTPS
---
windows/de-DE/firefox.adml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index 1020bd9..8a36927 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -1111,10 +1111,10 @@ Wenn diese Richtlinie deaktiviert oder nicht konfiguriert ist, wird die TLS-Funk
Wenn diese Richtlinieneinstellung aktiviert ist, wird Post-Quantum Key Agreement für TLS aktiviert.
Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, wird Post-Quantum Key Agreement für TLS deaktiviert.
- HTTPS-Only Modus
- Wenn diese Richtlinieneinstellung aktiviert ist, können Sie das Standardverhalten für den HTTPS-Only Modus festlegen.
+ Nur-HTTPS Modus
+ Wenn diese Richtlinieneinstellung aktiviert ist, können Sie das Standardverhalten für den Nur-HTTPS Modus festlegen.
-Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, ist der HTTPS-Only Modus nicht aktiviert.
+Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, ist der Nur-HTTPS Modus nicht aktiviert.
StandardmäÃig ausgeschaltet
Ausgeschaltet und gesperrt
StandardmäÃig eingeschaltet
@@ -1122,7 +1122,7 @@ Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, ist d
HTTP Erlaubnisliste
Wenn diese Richtlinieneinstellung aktiviert ist, können Sie eine Liste von Verbindungen angeben, die nicht auf HTTPS hochgestuft werden sollen.
-Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, werden alle Verbindungen auf HTTPS hochgestuft, wenn der HTTPS-Only Modus aktiviert ist.
+Wenn diese Richtlinieneinstellung deaktiviert oder nicht konfiguriert ist, werden alle Verbindungen auf HTTPS hochgestuft, wenn der Nur-HTTPS Modus aktiviert ist.
Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
Für eine Beschreibung der Einstellung, siehe:
--
2.43.0