March 9th, 2013Defenses and Bug Fixes:
· Fix router bug causing lockup when using iMule
· Recognize, handle, reject duplicate tunnel IDs
· Fix changing of the log file name
· Prevent hashcode attack in session tags
· Add build request throttler based on previous hop
· Limit concurrent next-hop lookups
· Catch exceptions storing nonces in console
· Fix saving graph settings in console
· Fix eepget generation of URLs when not proxied
· Encrypt database lookup messages end-to-end when sent through
· exploratory tunnels
· Don't use multiple floodfills from the same /16 in a query
· Randomize delay before verifying floodfill store
· Increase number of floodfills
· Improve support for mobile browsers
· Partial defenses for UCSB attacks
· Add announce list support to i2psnark
· Jetty: upgrade Apache Tomcat to 6.0.36
· Split router info files into multiple subdirectories
· Add IP to hostname mapping option in SOCKS
· Improve PRNG seeding
· Translation updates: French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Russian, Swedish
· Update GeoIP data (new installs and PPA only)
· Update wrapper to 3.5.17 (new installs and PPA only)
December 18th, 2012Major Changes:
· Big rework of the update system; Preliminary support for updates via i2psnark
· Add per-destination outbound priorities
· Fix major bug that reduced SSU connection limits which reduced tunnel build success rates
· Fix bug with external I2CP that prevented some external apps from working
· Fixed several bugs in i2psnark DHT
· Fixed bug in i2psnark PEX that inflated peer counts
· Handle dropped I2CP messages better
· Reduce overhead of I2CP messages
· Enforce max size in transport outbound message queues
· Fixes for Windows eepget.bat (new installs and PPA only)
· Fix a bug that would drop messages of exactly 512 bytes in SSU
· More performance improvements, memory reduction, and object churn reduction
· Better detection of network disconnections
· Further improvements in the SSU transport
· Add console password form
· Convert http proxy and console from basic to digest authentication for added security
· Improved verification of console form submissions, using jsp sessions. Cookies may now be required on forms, except when the console password is enabled
· Initial work on new interfaces to manage applications started via clients.config
· Increase minimum peer port to 1024
· Increase granularity of bandwidth limiter for smoother transmissions
· Translation updates: Chinese, French, German, Italian, Polish, Portuguese, Swedish, and Ukrainian
· Update GeoIP data (new installs and PPA only)
· Update wrapper to 3.5.16 (new installs and PPA only)
· New ARMv6 wrapper for Raspberry Pi
October 31st, 2012Major Changes:
· Active Queue Management
· Priority queues
· I2PSnark DHT: Several bug fixes, enable by default.
· Several SSU fixes including memory leak, and better handling of routers behind firewalls that change UDP ports; additional defenses for malicious packets.
· Fix piece selection (rarest-first) bugs in i2psnark
· Fix bug causing multiple browsers to open at startup
· Improvements in caching
· Several synchronization fixes and lock contention reduction
· Major reduction in SSU buffers memory use
· Fix streaming connection timeout back to 1 minute, was inadvertently changed to 5 minutes; set i2ptunnel server read timeout to 5 minutes, was unlimited
· Improved defenses in i2ptunnel for "darkloris"
· More validation at torrent creation in i2psnark
· Several parameter changes in SSU to improve throughput
· New event log for major events including restarts; show multiple restart lines on graphs
· Remove duplicate messages from logs
· Don't respond to blocked streaming connections with a reset, just drop
· Remove all uses of inefficient SimpleTimer
· More checks for valid IPs and ports entered in console
· Fix bug that wasted a lot of entropy
· Translation updates: Italian, Portuguese, Spanish, Swedish
· Add non-NIO configuration in jetty.xml, recommended for Java 5
· Update GeoIP data (new installs and PPA only)
September 26th, 2012
· 0.9.2 includes extensive low-level changes to improve the performance and efficiency of the router. We also have updated our UPnP library, which will hopefully make UPnP work for more people. Also, i2psnark now has DHT support, but it is not yet enabled by default as we plan to do more testing during the upcoming 0.9.3 development cycle. As usual, there's also lots of bug fixes in this release, so updating is recommended.
What's new in I2P 0.9:
May 3rd, 2012Major changes:
· Jetty 6.1.26, Tomcat 6.0.35, JSTL 1.2, supporting Servlet 2.5 and JSP 2.1 standards
· New simplified console home page. Note that it may be modified or disabled on the new page /confighome .
· The old .exe installer has been split into Windows (.exe) and non-Windows (.jar) installers
· Update to wrapper 3.5.14 (Debian packages and new installs only)
· Fix use of unacked ElGamal/AES Session Tags, causing permanently "stuck" connections
· Re-enable verifies of RouterInfo netdb stores
· Fix removal of context properties
· Fix handling of plugin installs requiring router restart
· Fix update key names being forgotten after a save on the config update page
· Fix i2psnark duplicate torrent messages
· Fix occasional NPE in the UDP transport
· More refactoring to get rid of static references which will help testing, shutdown, and embedded applications
· Reseed cleanups and checks
· Streamlining of tunnel endpoint message processing
· i2psnark bug fixes
· i2psnark private tracker support
· i2psnark tracker configuration form
· i2psnark message box cleanup
· i2psnark better error reporting
· Remove support for i2psnark "run standalone"
· Remove deprecated i2ptunnel Bean classes from the jar
· Increase max leaseset size from 6 to 16 for future growth
· Plugin tweaks
· Jetty logging moved from wrapper log to I2P log
· New page for viewing individual graphs for easy resizing and viewing of previous intervals
· Remove bandwidth from netdb stats
· Add negative lookup cache to naming service
· Reduce size of netdb structures
· HTTP Proxy refactoring to improve parsing of URLs and support IPv6 addresses, improve handling of malformed URLs, improved address helper handling
· Use per-destination streaming timers
· Better handling of leaseset/routerinfo overwrite attempts
· GeoIP update to April 2012 version (Debian packages and new installs only)
· German, Russian, Spanish, Swedish translation updates
· Non-default theme updates
· General code cleanups
February 28th, 2012
· The 0.8.13 release contains several bug fixes and a couple of new features. We are pleased that the last release significantly improved performance, and the network is running well despite continued rapid growth. Upgrading is recommended.
· This is likely to be the last release before 0.9, in which we will migrate to Jetty 6, and introduce a simplified router console home page. Monitor the news section of your the router console in the coming weeks for more information on the next release.
· Starting with this release, the router will check for and install plugin updates shortly upon restarting after a router update. To prevent this, add the advanced configuration plugins.autoUpdate=false before restarting. There is also a new update-all button on the client configuration page.
· Routers in certain countries will now automatically enable hidden mode for increased protection. However, hidden mode may have lower performance or reliability, and is still a work in progress. To disable hidden mode before restarting, add the advanced configuration router.isHidden=false. To disable hidden mode later, select use all auto-detect methods under IP Configuration on the network configuration page. For the list of countries see the thread on zzz.i2p. The only country on the list that has more than one or two I2P users is China.
· Check for and download plugin updates upon restarting after a router update.
· Routers in certain countries will now automatically enable hidden mode for increased protection.
· New Tunnel Wizard for creating tunnels
· A SIGHUP to the wrapper will now initiate a graceful shutdown
· Increase read timeout in HTTP Proxy
· Shutdown hooks will now run when router is shutdown externally (i2prouter stop), broken in 0.8.8
· If an external IP address is specified, bind only to that interface
· Fail tunnels we created when we can't contact the adjacent hop
· Prevent races when saving configuration
· For plugins, check min and max Jetty versions; check all version requirements at startup, not just at install
· Fix plugin startup when console is not on port 7657
· Only stop plugins if they are running
· Fix NPE when no network interfaces are present
· Fix eepget exit code on failure
· Improve inbound tunnel building when in hidden mode
· Publish our router info sooner after startup to facilitate inbound tunnel building
· Fix Streamr tunnel registration
· Add icons to buttons in SusMail and SusiDNS
· Move wrapper PID, status, and log files from /tmp to ~/.i2p (Debian packages and new installs only)
· i2prouter graceful (Debian packages and new installs only)
· Increase number of floodfills
· Repack jars in installer to save a little space
· New translation infrastructure for i2prouter script (not enabled yet)
· New Czech translation (thanks Waseihou)
· German, Italian, Polish, Spanish, Swedish, Ukrainian translation updates
January 6th, 2012
· This release contains Several big changes that should help network reliability and performance.
· The first two changes are fixes for major UDP packet transmission bugs, described below. The third change is fixes to the decompressor. Fixing these should eliminate a big source of message delivery failures.
· Also, the release contains a rewrite of the router's participating traffic congestion control. It should now more accurately measure current participating bandwidth, handle bursts better, drop messages less, and drop the right messages if dropping is required.
· Also, the release reduces the amount of processing that routers do for messages they pass down the tunnel. These messages do not need to be completely parsed and validated since the gateway is simply passing them through. This will help performance of all routers but the improvement will probably not be noticeable except on high-traffic routers.
· We're optimistic that these changes will help, and of course eliminating sources of message corruption is sure to help. However the extend of the improvement won't be apparent until the majority of the network upgrades.
· The release also contains some updates to the router console light theme. You may need to do a shift-reload or control-reload in your browser to force a reload of the CSS.
· Instead of fully parsing and validating messages received at the inbound gateway, simply pass them down the tunnel
· Don't verify I2NP checksums in most cases, as message corruption is caught at other layers
· Don't recalculate I2NP checksums on messages passed through unchanged
· Several NTCP pumper optimizations, to hopefully fix NTCP pumper high CPU usage on fast routers
· Rewrite participating tunnel congestion control, to drop less, more accurately measure traffic, and handle bursts better
· New installs include wrapper version 3.5.13 which fixes a heap corruption with very long log lines. See http://wrapper.tanukisoftware.com/doc/english/r... for additional information. I2P PPA package users should have gotten this update in the last week of December. If you do not use our PPA package and would like to update your wrapper manually, follow the instructions at http://www.i2p2.de/manualwrapper .
· Fix major SSU MTU bug introduced in 0.8.9.The router sometimes sent UDP packets that exceeded the maximum size that routers would accept on the receive side. This resulted in a lot of dropped packets, tunnel build problems, and connection problems. One thing that contributed to us missing the problem was that 0.8.9 was released in the middle of the huge network expansion in early October, when network performance was already deteriorating rapidly.
· Fix major SSU fragmentation bug present since 2005. UDP corrupted transmit messages when the message size was an exact multiple of the fragmentation size.
· Fix major decompression bugs present since 2005 that caused message corruption and data loss at multiple protocol layers.
· Snark doesn't always delete directories
· Fix all character case conversion (Turkish four i problem)
· Whitelist more IRC commands
· Remove expired reseed cert
· Speed up the inefficient GeoIP lookup
· Optimize several heavily-used utility functions
· Don't drop the transport connection when receiving an invalid message, it isn't necessary and could be an attack vector
· Console light theme update
· Move the complex network configuration stuff to a new console page
· Add a link to hide the news in the console
· Allow numerous additional IRC commands through the IRC filter
· Several other cleanups, optimizations, and object caches added
· New Estonian translation (thanks ajutine)
· Spanish, Swedish, Ukrainian translation updates
November 8th, 2011
· As you all have noticed, the unprecedented network growth starting October 5th has dramatically increased network congestion, especially on evenings (UTC) and weekends. The last two releases contained a few changes that we hoped would relieve the pressure, but unfortunately these measures have been only modest successes. The primary issue is to limit the number of direct router-to-router connections in the network. This isn't a new problem; we've been working on it for several years, with some success. However, the recent growth pushed us over the edge once again.
· Release 0.8.11 includes several more changes to reduce the number of router-to-router connections and increase connection and tunnel build capacity. The goal, of course, is to improve tunnel build success rates and general reliability. Of course, there's also a few bug fixes and translation updates.
· We welcome all our new users. Please be patient as we work to improve network performance. Debugging congestion problems in a distributed anonymous network is a continuing challenge. Please help us to diagnose and improve the network by restarting your router once the upgrade is downloaded.
October 20th, 2011
· Release 0.8.10 includes two changes intended to reduce the number of router-to-router connections, and therefore improve tunnel build success rates and general reliability. Of course, there's also a few bug fixes and translation updates.
October 12th, 2011
· The 0.8.9 release has several performance improvements, and many changes to handle the continued rapid growth of the network. It uses a new iterative method for Kademlia network database lookups that should be more reliable and efficient. There are also several improvements to our SSU (UDP) transport protocol that should help reliability and efficiency. We have made several changes to improve tunnel build success rates. And, of course, there are lots of bug fixes and translation updates.
· The network has grown quite rapidly in recent weeks, and that's great news, but it has caused some instability. We welcome all our new users and we ask you to be patient as we make improvements to the software.
August 29th, 2011
· I2P release 0.8.8 enables the new hosts.txt database to speed hostname lookups and store additional information on hostname entries. It also includes improvements to speed a router's integration on startup. There is new code to detect and react to large clock shifts that should help a router recover after suspend/resume of the computer.
· There are new translations for Danish and Ukranian and lots of updates in other languages. Also included are, of course, a large collection of bug fixes, performance improvements, and updates to deal with the continued rapid expansion of the network.
July 1st, 2011
· I2P release 0.8.7 contains several upgrades to long-neglected components, including the Naming Services, graphing, the native CPU ID and BigInteger libraries, crypto implementations, and the wrapper. For more information, see the release notes and change log associated with the milestone.
May 20th, 2011
· The 0.8.6 release contains more peer selection defenses to resist powerful attackers, and tweaks to adjust to the recent rapid growth in the network. Upgrading is recommended.
April 21st, 2011
· Lots of router console HTML fixes
· i2psnark magnet handling fixes
· SusiMail Translation support by "duck"
· Continuing work on the Arabic translation by "hamada"
· Completion of the French translation by "magma"
· Completion of the Spanish translation by "punkibastardo" and "user"
· Other translation updates
· Better support for text-mode browsers
· Profile display improvements
· Tunnel build request queue limiting
· Require nonce to change console language
· i2psnark improved logging of errors
· i2psnark improved metainfo handling
· Use the reseed server as a backup time source
· Change profile file extension from .dat to .txt.gz
· Change all i2ptunnels to 3 hops for new installs
· Add all bogons to blocklist for new installs
· More efficient use of entropy for padding
March 15th, 2011
· The 0.8.4 release contains some performance improvements and important bug fixes. Also, i2psnark now supports magnet links. as usual, upgrading is recommended.
January 31st, 2011
· The 0.8.3 release contains several performance improvements, including reduction of threads and memory usage, and faster I2CP (client-router) communication.
· There is also new SSL router console support,
· A new reseed configuration page including HTTP proxy support for those behind restrictive firewalls,
· A new I2CP configuration section including I2CP-over-SSL support for remote clients,
· a new server connection limits and blacklist configuration section for enhanced DoS protection,
· a new HTTP proxy jump server configuration section so you may easily add alternative jump servers.
· Statistics are now limited by default to reduce memory usage; the full set of statistics may be re-enabled on the stats configuration page.
· There are also bug fixes, of course, so as usual, upgrading is recommended.
December 27th, 2010
· The 0.8.2 release includes extensive bug fixes and theme updates in the router and in i2psnark. There are also optimizations to reduce memory usage in i2psnark. The HTTP and SOCKS proxies now support local and remote authorization. As usual, upgrading is recommended.
November 23rd, 2010Bugfixes:
· Fix eepget redirect bugs
· Fix bug causing GeoIP lookups to stop
· Don't let alternative naming services look up b32 addresses
· Try to prevent firewalled routers from running out of introducers
· Try again to fix i2ptunnel nonce bug
· Make streaming flush much faster
· Use flush in more places
· Convert several lists to queues
· Fix crypto YK precalculation
· Disable unused I2CP acknowledgements in several cases
· Don't route tunnels through peers 0.7.8 and earlier as they have message corruption bugs
· Redesign by dr|zed
· File download priority feature
· Lots of bug fixes
· All user files created by I2P will now be readable only by the owner (mode 600)
· The technical documentation on our website is now current, complete, and accurate. See http://www.i2p2.de/how .
· Javadocs have been updated throughout the source.
· Full Javadocs are now available at http://docs.i2p2.de/javadoc/ .
What's new in I2P 0.8:
July 14th, 2010Some visible highlights of the 0.7.x release series in the last year and a half:
· Automatically generated Base32 destination names, reducing reliance on host names.
· Themable router console with GeoIP display.
· Plugin system for easy installation and maintenance of user-generated applications. For example I2P-bote, distributed serverless anonymous e-mail.
· Translation infrastructure for the router console, and translation into several languages.
· Many improvements leading to less CPU and memory usage.
· Network improvements for scalability, now you can invite all your friends into cipherspace!
Several important under-the-hood improvements:
· Redesign of the floodfill infrastructure for network database storage, by implementing a simplified Kademlia storage system, and an increase in floodfill routers from 5 to almost 100, for increased reliability and scalability.
· Encryption of queries and stores to floodfill routers for increased security.
· Separate session key managers for each local destination for increased security.
· Multi-layered system of limiting connections to peers.
· New, smaller tunnel build message to reduce the chance it will be dropped, and increase build success rates.
· Several bug fixes and improvements in the streaming library to speed up connections dramatically.
· Transition to Java 5 concurrent data structures for a significant reduction in lock contention.
· Transition to Java 5 coding styles, a significant increase in javadoc documentation, and elimination of unused code for maintanability.
· Split directory structure for ease of use on multi-user systems and easier packaging.
· Clock skew system redesign, with implementation of NTP-style clock adjustment.
· Adjustment of several parameters based on the speed and maximum memory of the router, to optimize speed and memory usage.
· UPnP support to open firewall ports.
· An uncountable number of bugfixes and improvements that enhance security, anonymity, reliability, performance, scalability, and the user experience.
June 9th, 2010
· More bugfixes and improvements to the plugin support introduced in 0.7.12.
· I2PSnark improvements to end game handling, file listings, tunnel configuration, and translations
· Add support for throttling inbound connections in the streaming library
· Add WEBIRC support in IRC server tunnel
· Fix installer for 1.5 Java systems
· Fix bug causing multiple update downloads
· Fix bug where datagrams were not always verified when necessary
· Fix bug forcing SSU introducers when not necessary
· Fix policies for floodfill responses
· Reduce max memory used in byte caches
· Reduce job queue global locking
· More changes for performance
March 17th, 2010Plugins:
· New support for cryptographically-signed user-generated i2p plugins. These plugins may provide new console web applications, themes, translations, web sites, or other applications.
· Ignore non-i2p trackers in a torrent, to "convert" a non-i2p torrent to an i2p torrent using i2p open trackers
· Implement NTP-style clock slewing to converge the router clock without jumps
· Implement clock updates based on peer average, for clock convergence even if NTP updates fail
· Fix IP change recognition for routers that are not firewalled
· Implement address costs, so a router can advertise its preferred transport
· Fix the router gradually losing geoip references
· Improve performance by removing global locks
· Remove some unused threads
· Implement a new, smaller tunnel build message, to reduce bandwidth and improve build success. The new message will be tested in this release and enabled in the next release.
· Accept tunnel build replies even if they are received late, to improve build success
· Improve performance by removing global locks
· Fix bug causing blank page instead of error page on connect timeout
· Change Host: header from B64 to B32 to reduce the request size
· Eliminate redundant lookups
· Fix repeated console password prompts
· Russian, Chinese, and French translation updates
· Increase the number of floodfills again
· Support unpack200 in the updater for smaller update packages and plugins
· More changes for performance
· Take library jars out of susidns and router console
· A new SOCKS IRC tunnel type, to provide IRC filtering and server selection in a single client
February 17th, 2010Installer:
· Fix installations on 64-bit Windows by upgrading to launch4j 3.0.1 and adding 64-bit dll to izpack.
· The wrapper is still 32-bit only. 64-bit Windows users should start I2P with the 'No Window' icon if the 'Restartable' icon does not work.
· Better handle clock skews at startup, even if NTP does not work because UDP is blocked or other reasons
· Fix clock skew reporting
· Bootstrap profiles when loading the netDb from disk (broken in 0.7.8)
Embedded web server (Jetty):
· Upgrade to Jetty 5.1.15 which fixes this vulnerability.
· Turn on checkAliases for increased protection
· Add some DOS protection for floodfills
· Increase the number of floodfills again
· Faster startup
· Bug fixes in i2psnark, BOB, clock handling, and more
January 23rd, 2010
· 0.7.10 closes some recently-discovered vulnerabilities related to the way routers communicate with floodfill peers. Network database stores and verifies are moved from exploratory to client tunnels, and are encrypted.
· Also, to improve anonymity, router's fast peer set is now limited to a maximum of 30. The release also fixes a bug causing Windows installs to fail when the install or user path contained a "
" or "
· ". Upgrading is recommended. Please give the developers feedback on IRC #i2p or forum.i2p2.de and get involved or donate! We are still looking for help on new and existing translations. Please volunteer on IRC #i2p.