PRIME DEAL: 43% Off Fire TV 4K With Alexa Voice Remote
Apple Releases Safari Technology Preview 47 With Spectre Mitigations

Apple Releases Safari Technology Preview 47 With Spectre Mitigations

Posted by · 6671 views · Translate

Apple has released Safari Technology Preview 47 to developers with important Spectre mitigations and other improvements.

This release contains the Spectre mitigations released in iOS 11.2.2, the High Sierra 10.13.2 supplemental update, and Safari 11.0.2 reissue released on Monday, January 8.

Spectre and Meltdown are two recently discovered vulnerabilities that apply to all modern processors and affect nearly all computing devices and operating systems. Apple and other manufacturers have been releasing software updates to prevent exploitation of these vulnerabilities. Make sure you upgrade to the latest version of macOS and iOS as soon as possible.

Here's a look at what's new in Release 47:

Storage Access API
● Enabled allowing requests from non-sandboxed
● Implemented frame-specific access in the document.cookie layer
● Made document.hasStorageAccess() retrieve the current status from the network process
● Refactored XPC for access removal to go straight from the web process to the network process
● Removed the JavaScript confirm() prompt when requesting storage access

Service Workers
● Added support for response blob given to fetch events
● Cancelled pending script loads when a Service Worker is being terminated
● Changed Service Worker to expose redirect mode for navigation loads as manual
● Changed extracting a body of type Blob to set the Content-Type to null instead of an empty string
● Changed to use “error” redirect mode for fetching service worker scripts
● Changed the Service Worker script fetch request to set the Service-Worker header
● Changed Service Worker to not clean HTTP headers added by the application or by Fetch specification before Service Worker interception
● Changed to reuse the document Service Worker for data URLs and blob URLs
● Enabled User Timing and Resource Timing for Server Workers
● Fixed the default scope used when registering a service worker
● Fixed the Service Worker Registration promise sometimes not getting rejected when the script load fails
● Fixed Service Worker served response tainting to keep its tainting
● Fixed scopeURL to start with the provided scriptURL
● Fixed self.importScripts() to obey updateViaCache inside service workers
● Fixed Fetch handling to wait for the Service Worker’s state to become activated
● Fixed SameOrigin and CORS fetch to fail on opaque responses served from a Service Worker
● Fixed memory cache to not reuse resources with a different credential fetch option
● Implemented “main fetch” default referrer policy setting
● Prevented searching for service worker registration for non-HTTP navigation loads
● Supported Service Worker interception of a request with blob body

Media
● Enabled picture-in-picture from an inline element on suspend
● Fixed playing media elements which call “pause(); play()” getting the play promise rejected
● Fixed frame dropping during Flash video playback
● Implemented iframe allow="camera; microphone"

Rendering
● Corrected the SVG lighting filter lights coordinate system
● Fixed elements animated on-screen that are sometimes missing
● Fixed setting the fePointLights color
● Fixed the color of the bottom right pixel of feDiffuseLighting
● Fixed SVG lighting colors to be converted into linearSRGB
● Fixed feLighting with primitiveUnits="objectBoundingBox"
● Updated the SVG use element’s shadow trees explicitly before the style recall

Web Inspector
● Enabled the Canvas Tab by default
● Improved open time performance when enumerating system fonts
● Fixed Command-Option-R (⌘⌥R) in the docked inspector causing Web Inspector to reload instead of the inspected page
● Fixed the URL filter in the Network Tab to be case-insensitive like filter bars in other tabs
● Fixed mis-sized waterfall graphs in the Network Tab after closing the detail view
● Redesigned the waterfall popover showing timing data in the Network Tab table
● Updated the Time column in the Network Tab table to include the total duration not just the download duration
● Added an inline swatch for CSS variables in the Styles sidebar
● Added support for typing a semicolon at the end of a value to move to the next property in the Styles sidebar
● Enabled Command-S (⌘S) to save changes in the matching CSS resource in the Styles sidebar
● Fixed selecting text in the Styles sidebar to not add new properties
● Fixed “Log Value” context menu sometimes being unavailable
● Fixed DOM Tree Element selection in RTL mode
● Fixed find banner sometimes not working when already populated and shown for first time on resource
● Fixed fuzzy Capture Element screenshots
● Fixed CSS source maps not loading
● Implemented clicking above the selector to prepend a new property in the Styles sidebar

Clipboard API
● Fixed isSafari runtime check to enable custom clipboard types and clipboard data sanitization in Safari Technology Preview
● Fixed not being able to paste images on Gmail
● Reverted blob URL conversions in pasted contents for LegacyWebKit clients

Bug Fix
● Avoided waking plugin process up unnecessarily

Developers can download Safari Technology Preview from the link below or update their current version via the Mac App Store Updates tab.

Download


Apple Releases Safari Technology Preview 47 With Spectre Mitigations

Recent