commit 826d762a078ae21cd8bb95fa8f38ae84bb3948e7
Author: Rishabh <rishabh.nambiar@discourse.org>
Date:   Fri Mar 29 00:56:08 2019 -0700

    Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768)
    
    At Discourse (Civilized Discourse Construction Kit, Inc.), we host free
    discussion forums for open source organizations under the `discourse.group` domain.
    https://blog.discourse.org/2018/11/free-hosting-for-open-source-v2/
    
    Therefore, each subdomain of discourse.group should be treated as a distinct domain.
    Website: https://www.discourse.org/
    
    As we host multiple forums under the discourse.group domain we'd like to add it to the PSL to:
    
    1. Ensure that each subdomain of discourse.group is treated as a distinct domain.
    2. Adding cookie security.

commit 1def5910a0c1db384691adf55f769de191b4f2b7
Author: Vincent Fiduccia <vincent@rancher.com>
Date:   Fri Mar 29 00:53:18 2019 -0700

    Add on-rancher.cloud and on-rio.io (#779)
    
    We are adding a feature to automatically provide each user cluster with a <service name>.<random user-id>.on-rancher.cloud (and on-rio.io) DNS entry, so each user-id is a mutually untrusting third-party that should not be able to set cookies readable by each other. We also plan to provide Let's Encrypt wildcard certs for each user-id.

commit 2b92a7f2c9c91f1141faea73d3ec2d429da18698
Author: Boris Rybalkin <ribalkin@gmail.com>
Date:   Fri Mar 29 07:49:12 2019 +0000

    Syncloud dynamic dns service (#727)
    
    Syncloud DDNS server (syncloud.it) hosts user's DNS records and also has its own site at syncloud.it.
    So In practice allthesebelong todifferent people:
    user1.syncloud.it
    user2.syncloud.it
    www.syncloud.it
    
    Also any incorrectly set cookie sharing across all three is not safe as different users can run anything under *.[user].syncloud.it

commit e2e4e03ff8cba26140f973a8b64a24891d1789b9
Author: Jennifer Herting <jen@herting.cc>
Date:   Thu Mar 28 13:38:33 2019 -0400

    Add git-pages.rit.edu (#690)
    
    Proper handling of the namespace by browsers.
    Prevention of cookie based attacks among others. Sites hosted under this namespace will be controlled by any number of students, staff, faculty, etc.

commit a4ebab27463e90f80d3ab99220af90211299d7e1
Author: Jake Riesterer <jRiest@users.noreply.github.com>
Date:   Thu Mar 28 12:36:52 2019 -0500

    Add workers.dev (#772)
    
    Cloudflare customers will given a subdomain of workers.dev to which they can deploy their serverless applications. Because subdomains are each controlled by different customers, they should be treated as separate domains for cookie purposes.

commit f2f5143bc727d695f41195fe0300ff2133a79953
Author: kyprizel <webregister@kyprizel.net>
Date:   Thu Mar 28 20:34:53 2019 +0300

    Update .AM (#756)
    
    Add AM NIC public suffixes for third level domains.

commit 811931fbf3363385c5461569998729828b2f04ef
Author: Sean O'Shaughnessy <seanosh@gmail.com>
Date:   Thu Mar 28 13:31:17 2019 -0400

    Add go-vip.net. (#793)
    
    We provide subdomains in go-vip.net to our users (e.g. demo-site1-com.go-vip.net), allowing them to upload custom WordPress plugins or themes so they can test their site before they are migrated to a self-hosted environment.
    
    As any subdomain can be operated by any user, we would like proper handling of the namespace by browsers (to ensure cookie isolation, highlighting the subdomain, SSL management). This will prevent super cookie violation on the main wpcomstaging.com and go-vip.net domain and isolate each subdomain from the others in the same namespace.

commit 25e878d4f716992e9e9a22b2ea09076b8e8c5a48
Author: Emil Stahl <emil@emilstahl.dk>
Date:   Thu Mar 28 18:26:57 2019 +0100

    Add site.builder.nu (#723)
    
    site.builder.nu is used for our site builder product. Each customer is assigned a subdomain on *.site.builder.nu -like [randomstring].site.builder.nu.
    
    Customer sites should not be able to share cookies and the URL should be displayed correctly in browsers, and for that reason site.builder.nu should be added to the list.

commit 849ee0cc861054a48fdb9156b4c35276b6174468
Author: t1st3 <contact@t1st3.com>
Date:   Thu Mar 28 18:10:40 2019 +0100

    Update .FR sectorial domains (#527)
    
    Fix outdated link for `.fr` sectorial domains
    https://www.afnic.fr/fr/produits-et-services/le-fr/les-domaines-sectoriels-en-fr-11.html
    
    - Remove `assedic.fr` (No longer a sector-based registration, although subject to prior review)
    - Remove `presse.fr` (not expressly reserved by the registry, although subject to prior review)
    - Move `gouv.fr` into the Registrar-reserved section per the in-force naming policy
    - Sort

commit 0e2a405f597a3c1be456d704b42bdd5e0d4954bb
Author: Simone Carletti <weppos@weppos.net>
Date:   Thu Feb 21 10:23:55 2019 +0100

    Remove ACTIVE
    
    See https://github.com/whois/ianawhois/commit/521c25d38774c2c2d21fa06c86e1234db1d448e0

commit 802c4694167424b9f5868f9a183e58a39b758276
Author: Simone Carletti <weppos@weppos.net>
Date:   Thu Feb 21 10:07:00 2019 +0100

    Remove SPIEGEL
    
    See https://github.com/whois/ianawhois/commit/105c4601ccd67a6cef1cb3dca92f667cae83dc7d

commit 4fdf2553bd8e3c87bdf566c06a2e4c0ab188d112
Author: Simone Carletti <weppos@weppos.net>
Date:   Thu Feb 21 10:00:36 2019 +0100

    Remove EPOST
    
    See https://github.com/whois/ianawhois/commit/e8d240fa36d83e4a7a926a17df7ac4c838b20054

commit d0513364ffbc708f65aea02cea78d7d94e8b1d14
Author: Simone Carletti <weppos@weppos.net>
Date:   Thu Feb 21 10:00:10 2019 +0100

    Remove ZIPPO
    
    See https://github.com/whois/ianawhois/commit/482eac1eb6b59309ad4b9c9ec4556bb29eb89890

commit e165563c1d562f704e1de4cf31cd622ba229491e
Author: Simone Carletti <weppos@weppos.net>
Date:   Thu Feb 21 09:59:37 2019 +0100

    Remove BLANCO
    
    See https://github.com/whois/ianawhois/commit/001f164b0585ba7d23431ebad7a7894f85258dc9

commit 5d3dfdf7f074ca2831d7c2413cf50b976a019a39
Author: Christian Seitz <chris@in-berlin.de>
Date:   Tue Feb 5 12:27:35 2019 +0100

    Add domains of Individual Network Berlin e.V. (#711)
    
    > IN-Berlin e.V. gives subdomains to their users. They are being used
    for webhosting, virtual servers, dedicated servers, DSL and VPN.
    >
    > As every subdomain is operated by another user we think that adding cookie security is very important. Also our users can request Let's Encrypt certificates for their subdomains. Therefore we often hit the limits at Let's Encrypt and sometimes cannot request a certificate for our own infrastructure because there have been too many certificates requested by users.

commit d6331e2b65fffbe9fe299dae1689db8de8fd6190
Author: Martin Angelov <martin@zine.bg>
Date:   Tue Feb 5 13:21:22 2019 +0200

    Added bss.design to PSL (#685)
    
    > One of the products our company develops allows users to publish websites as subdomains under the `bss.design` domain name.

commit 98ec3928ce781d25f4cf4cceb602af1e7a747866
Author: Jonathan Foote <jmfoote@loyola.edu>
Date:   Tue Feb 5 06:19:01 2019 -0500

    Add fastly-terrarium.com (#729)
    
    > User (third-party) content is served from subdomains of fastly-terrarium.com. Adding this domain to the PSL will stymie cookie stuffing attacks across these subdomains.

commit ee8cba00fc454b6ec15711682fd8ddab6e93b337
Author: Matthias Winzeler <matthias.winzeler@gmail.com>
Date:   Tue Feb 5 12:17:30 2019 +0100

    Add Swisscom Application Cloud domains (#698)
    
    > We at Swisscom offer a CloudFoundry based PaaS called Application cloud (https://developer.swisscom.com) where end users can host their apps under <app-a>.scapp.io or <app-a>.applicationcloud.io.
    >
    > Therefore, each subdomain of scapp.io and applicationcloud.io should be treated as a distinct domain.

commit 74a441b16d4145b37cfca32e65e7f1d8b11452a4
Author: Jacob Lee <jacoblee93@gmail.com>
Date:   Tue Feb 5 06:08:23 2019 -0500

    Update public_suffix_list.dat with api.stdlib.com (#751)
    
    > Each user on our platform receives a unique hostname with the base domain where we host their deployed APIs. Though many APIs on the platform act as either JSON responses or webhook endpoints, a significant number of developers on the platform utilize our hosting capabilities to host static content (APIs can return `Content-Type: text/html` no problem). We currently run our gateway on the `lib.id` domain.
    > We intend to migrate all APIs to `api.stdlib.com` shortly. We would like cookie isolation at the subdomain level (`user.api.stdlib.com`). Inclusion of `api.stdlib.com` in the PSL would mitigate the risk of users setting and accessing cross site cookies that apply to other users' subdomains via the base `api.stdlib.com` domain.

commit 896f5f541dc33503d10e71336fc6f7870cf244d0
Merge: 3ce9d3f 5148c47
Author: Simone Carletti <weppos@weppos.net>
Date:   Tue Feb 5 12:06:27 2019 +0100

    Update public_suffix_list.dat (#705)
    
    > Proper handling of the namespace by browsers. For cookie isolation, SSL management, Direct URL translation, and the inevitable developments in security. To prevent super cookie violation and isolate each SLD domain account from the others in the same namespace. To better isolate malicious content reports and improve our teams response to violated hosting accounts by domain. We are hopeful that this list will help us prevent all of our users from being painted with the same "Malicious code" brush in cases of accounts being violated. In short, improved security and compartmentalization.

commit 5148c470e4c9317f9dd122e0b5aa8af13e0382e4
Merge: 296a2eb 3ce9d3f
Author: Simone Carletti <weppos@weppos.net>
Date:   Tue Feb 5 12:06:08 2019 +0100

    Merge branch 'master' into patch-3

commit 3ce9d3fe33bd9a7cbe9e1131e422b5ec87c54fa9
Author: renqiz <27667649+renqiz@users.noreply.github.com>
Date:   Tue Feb 5 18:58:03 2019 +0800

    Add regional domain for filegear.me (#713)
    
    > We already use filegear.me for our customer's devices. Each of these device has a sub-domain name that is generated dynamically during device initialization and registration, e.g. vxnaowas.filegear.me.
    > As we are expanding our business overseas, we have customers from different regions. We would like to have regional domain names for devices at different regions, e.g. vxnaowas.filegear-jp.me for a device in Japan. Therefore, we could provide better performance and access to these devices.

commit ce0d1a5fba657e55adea3abde4b7f1e50636ff10
Author: Marco Davids <marco.davids@sidn.nl>
Date:   Mon Jan 28 16:16:10 2019 +0100

    Remove bv.nl (#758)
    
    bn.nl was added, as it was anticipated to be a 2LD open for registration by the registry when it was added (2011). However, the registry (SIDN) has confirmed that this is not a 2LD that is registry operated, and has requested removal.

commit 921a6f225aa00f557388998865ad11dfbbc2f704
Author: apolito <apolito@google.com>
Date:   Thu Dec 27 08:30:12 2018 -0800

    Add run.app and a.run.app to the psl (#681)
    
    Both *.run.app and *.a.run.app will run user code.
    
    .run.app and .a.run.app will be serving user code separated by project. This is very similar (but a different use case than) appspot.com or cloudfunctions.net. Currently there is no public usage, but since it takes a while to get into the PSL, we would like to have it available before release.
    
    This is not a private domain, this is a public google cloud platform offering that will be used to run multiple customer projects, routed via the label that comes before the run.app or a.run.app domain suffixes. (So foo.run.app will route to on project, but bar.run.app to another) We want to be in the PSL to prevent cross project cookies being set.
    
    This is very similar to the use case for appspot.com and cloudfunctions.net, both in usage and reasons for inclusion (which are in the same section of the PSL)
    
    The reason we need run.app and a.run.app is because there will be two ways to address a project, foo1.a.run.app and foo2.run.app may end up routing to one project, but bar1.run.app and bar2.a.run.app will route to another. It's outside of the scope of the PSL but does mean we need both suffixes in the PSL.

commit ef07c1001b85070fac77b702647f2fa60022abf6
Author: AJ ONeal <coolaj86@gmail.com>
Date:   Thu Dec 27 09:27:39 2018 -0700

    Add telebit.io .app .xyz (#726)
    
    Telebit is similar to services like ngrok, serveo, and localtunnel.me, but we're focused on home and education, and committed to open standards (no vendor lock-in).
    
    Each device gets a semi-random subdomain on one of our domains (such as lucky-duck-42.telebit.io) with unlimited subdomains (i.e. home.lucky-duck-42.telebit.xyz).
    
    We want to remove the rate-limit restrictions of Let's Encrypt as well has have separate cookies for each of the sites.

commit d0dc919d81f77ab19858c36944266037eedb6a6f
Author: Greg <gdvalle@users.noreply.github.com>
Date:   Thu Dec 27 10:26:10 2018 -0600

    Add Leadpages domains (#731)
    
    We allow users who do not bring their own domain to host content using a subdomain on one of our domains, i.e. user1.lpages.co. We would like to isolate cookies and also be able to use Let's Encrypt for our customer's subdomains.

commit 9f182bc07a5e8e7c80b92276a81794b9b7fe7f4a
Author: Daniil <icqkill@gmail.com>
Date:   Thu Dec 27 16:23:50 2018 +0000

    Add public suffix entries for dapps.earth (#708)
    
    dapps.earth is a HTTP gateway into IPFS/Swarm.
    
    Anyone can effectively create the following subdomains (by uploading content into IPFS or Swarm):
    
    1) *.ipfs.dapps.earth (example: bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.ipfs.dapps.earth)
    2) *.bzz-immutable.dapps.earth (example: h4cpab3mz443iehtiipfi5vj46pnytrspvm5peu2u2wz7rz7m4vq.bzz-immutable.dapps.earth)
    3) *.*.bzz.dapps.earth (example: theswarm.eth.dapps.earth)
    
    Therefore, to ensure they can't interfere with each other's cookies, I suggest adding the following public suffix records:
    
    1) *.dapps.earth
    2) *.bzz.dapps.earth

commit 5af964eadf5b6baaf5f612746837cb154e1f73b1
Author: Paul Cammish <30495014+pcammish@users.noreply.github.com>
Date:   Thu Nov 8 22:28:01 2018 +0000

    Add Bytemark Hosting domains (#620)
    
    Bytemark Hosting provides both dedicated and virtual servers on the above domains, with customer host provided subdomains (and sub-sub domains) of the above.

commit 8054d45f1a51102ffa683392fba3c3e09e6b8b34
Author: Simone Carletti <weppos@weppos.net>
Date:   Tue Nov 6 23:15:50 2018 +0100

    Remove .STATOIL
    
    See https://github.com/whois/ianawhois/commit/b9b018262d45717d3959c8f9ef3be7167518defc

commit 00e7d2fed042f720089c583f06a9ea4a419ba161
Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Nov 6 13:25:08 2018 +0100

    linter: Expect rules to be in NFKC (#725)
    
    For more info read
    https://docs.python.org/3/library/unicodedata.html
    under 'unicodedata.normalize'.
    
    See https://github.com/publicsuffix/list/issues/715#issuecomment-436214064
