update settings to v6.4

docs/Changelog.md

@@ -1,10 +1,37 @@
 This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
 Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
 
-# 6.3
+# 6.4
 
 **target commit**:
 
+**base librewolf version**: 100.x
+
+**References**:
+- hide Firefox Focus promo in private tabs.
+- double checking revoked certificates with both CRL and OCSP allows to detect false positives and it is also [the default](https://hg.mozilla.org/mozilla-central/rev/a6ba7b4ee17].
+- [clearOnShutdown prefs now respect exceptions](https://github.com/arkenfox/user.js/issues/1441) so we can tick all boxes in that UI as well.
+
+#### Added preferences
+```
+lockPref("browser.promo.focus.enabled", false);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
+```
+
+#### Changed preferences
+```
+defaultPref("security.pki.crlite_mode", 3); // prev 2
+```
+
+#### Removed preferences
+```
+defaultPref("privacy.clearOnShutdown.cookies", false);
+```
+
+# 6.3
+
+**target commit**: e84fc950bfd7c3542cb974e9d545b9b8e18c010d
+
 **base librewolf version**: 99.x
 
 **References**:
@@ -12,7 +39,7 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
 
 # 6.2
 
-**target commit**:
+**target commit**: ac95f5195ed82ca6bcec48acf9d1241e3c683b25
 
 **base librewolf version**: 99.x
 

librewolf.cfg

@@ -6,7 +6,7 @@
  * 
  * WARNING: please make sure the first line of this file is empty. this is a known bug.
  */
-defaultPref("librewolf.cfg.version", "6.3");
+defaultPref("librewolf.cfg.version", "6.4");
 
 
 /** INDEX
@@ -54,7 +54,7 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
  * we disable it but cookies and site data are still cleared per session unless exceptions are set.
  * all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want.
  */
-defaultPref("privacy.clearOnShutdown.cookies", false);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
 defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
 defaultPref("privacy.sanitize.timeSpan", 0);
 
@@ -208,10 +208,10 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
  * our strategy with revocation is to perform all possible checks with CRL, but when a cert
  * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
  * increase security.
- * switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP.
+ * crlite is in mode 3 by default, which allows us to detect false positive with OCSP.
  */
 defaultPref("security.remote_settings.crlite_filters.enabled", true);
-defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks
+defaultPref("security.pki.crlite_mode", 3); // default
 defaultPref("security.OCSP.enabled", 1); // default
 defaultPref("security.OCSP.require", true); // set to hard-fail
 
@@ -472,6 +472,7 @@ lockPref("browser.contentblocking.report.hide_vpn_banner", true);
 lockPref("browser.contentblocking.report.vpn.enabled", false);
 lockPref("browser.contentblocking.report.show_mobile_app", false);
 lockPref("browser.vpn_promo.enabled", false);
+lockPref("browser.promo.focus.enabled", false);
 // ...about:addons recommendations sections and more
 defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
 defaultPref("extensions.getAddons.showPane", false);