Tor 0.2.3.25 / 0.2.4.11 Alpha - Changelog

What's new in Tor 0.2.4.11 Alpha:

March 13th, 2013

· This version makes relay measurement by directory authorities more robust, makes hidden service authentication work again, and resolves a DPI fingerprint for Tor's SSL transport.

What's new in Tor 2.2.4.3 Alpha:

September 27th, 2012

· This version fixes another opportunity for a remotely triggerable assertion, resumes letting relays test reachability of their DirPort, and cleans up a bunch of smaller bugs.

What's new in Tor 2.2.35-11:

May 4th, 2012

· Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
New Firefox patches:
· Prevent WebSocket DNS leak (closes: #5741)
· Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
· Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
· Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)

What's new in Tor 0.2.3.15 Alpha:

May 1st, 2012

· This version fixes a variety of smaller bugs.
· The development branch now builds on Windows again.

What's new in Tor 0.2.3.14 Alpha:

April 25th, 2012

· This version fixes yet more bugs to get closer to a release candidate.
· It also dramatically speeds up AES: fast relays should consider switching to the newer OpenSSL library.

What's new in Tor 0.2.3.12 Alpha:

February 15th, 2012

· This version lets fast exit relays scale better, allows clients to use bridges that run Tor 0.2.2.x, and resolves several big bugs when Tor is configured to use a pluggable transport like obfsproxy.

What's new in Tor 0.2.3.8 Alpha:

November 26th, 2011

· This version fixes some crash and assert bugs, including a socketpair-related bug which has been bothering Windows users.
· It adds support to serve microdescriptors to controllers, so Vidalia's network map can resume listing relays (once Vidalia implements its side) and adds better support for hardware AES acceleration.
· Finally, it starts the process of adjusting the bandwidth cutoff for getting the "Fast" flag from 20KB to (currently) 32KB. Preliminary results show that tiny relays harm performance more than they help network capacity.

What's new in Tor 0.2.3.3 Alpha:

September 13th, 2011

· This version adds a new "stream isolation" feature to improve Tor's security, and provides client-side support for the microdescriptor and optimistic data features introduced earlier in the 0.2.3.x series.
· It also includes numerous critical bugfixes in the (optional) bufferevent-based networking backend.

What's new in Tor 0.2.2.25 Alpha:

May 2nd, 2011

· This version fixes many bugs.
· Hidden service clients are more robust.
· Routers no longer over-report their bandwidth.
· Win7 should crash a little less.
· NEWNYM now prevents hidden service-related activity from being linkable.
· The Entry/Exit/ExcludeNodes and StrictNodes configuration options were revamped to make them more reliable, more understandable, and more regularly applied.

What's new in Tor 0.2.2.22 Alpha:

February 4th, 2011

Major bugfixes:
· Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by "piebeer".
· Don't assert when changing from bridge to relay or vice versa via the controller. The assert happened because we didn't properly initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes bug 2433. Reported by bastik.

Minor features:
· Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod_ssl.
· Provide a log message stating which geoip file we're parsing instead of just stating that we're parsing the geoip file. Implements ticket 2432.

Minor bugfixes:
· Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".

What's new in Tor 0.2.2.21 Alpha:

January 18th, 2011

· Document the default socks host and port (127.0.0.1:9050) for tor-resolve.

What's new in Tor 0.2.2.18 Alpha:

November 18th, 2010

Major bugfixes:
· Do even more to reject (and not just ignore) annotations on router descriptors received anywhere but from the cache. Previously we would ignore such annotations at first, but cache them to disk anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
· Do not log messages to the controller while shrinking buffer freelists. Doing so would sometimes make the controller connection try to allocate a buffer chunk, which would mess up the internals of the freelist and cause an assertion failure. Fixes bug 1125;
· Fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha. Learn our external IP address when we're a relay or bridge, even if we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha, where we introduced bridge relays that don't need to publish to be useful. Fixes bug 2050.
· Maintain separate TLS contexts and certificates for incoming and 17 outgoing connections in bridge relays. Previously we would use the same TLS contexts and certs for incoming and outgoing connections.Bugfix on 0.2.0.3-alpha; addresses bug 988.
· Maintain separate identity keys for incoming and outgoing TLS 21 contexts in bridge relays. Previously we would use the same identity keys for incoming and outgoing TLS contexts. Bugfix on 0.2.0.3-alpha; addresses the other half of bug 988.
· Avoid an assertion failure when we as an authority receive a 25 duplicate upload of a router descriptor that we already have, but which we previously considered an obsolete descriptor. Fixes another case of bug 1776. Bugfix on 0.2.2.16-alpha.28.
· Avoid a crash bug triggered by looking at a dangling pointer while setting the network status consensus. Found by Robert Ransom. Bugfix on 0.2.2.17-alpha. Fixes bug 2097.
· Fix a logic error where servers that _didn't_ act as exits would try to keep their server lists more aggressively up to date than exits, when it was supposed to be the other way around. Bugfix 34 on 0.2.2.17-alpha.

What's new in Tor 0.2.1.25:

April 1st, 2010

Major bugfixes:
· Fix a regression from our patch for bug 1244 that caused relays to guess their IP address incorrectly if they didn't set Address in their torrc and/or their address fails to resolve. Bugfix on
· 0.2.1.23; fixes bug 1269.
· When freeing a session key, zero it out completely. We only zeroed the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and patched by ekir. Fixes bug 1254.

Minor bugfixes:
· Fix a dereference-then-NULL-check sequence when publishing descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes bug 1255.
· Fix another dereference-then-NULL-check sequence. Bugfix on 0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
· Make sure we treat potentially not NUL-terminated strings correctly.
· Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.

What's new in Tor 0.2.1.13 Alpha:

March 13th, 2009

· This release includes another big pile of minor bugfixes and cleanups.

What's new in Tor 0.2.0.34:

February 10th, 2009

· This version features several more security-related fixes. You should upgrade, especially if you run an exit relay (which is vulnerable to a remote crash bug) or a directory authority (which is vulnerable to a remote infinite loop), or if you're on an older (pre-XP) or not-recently-patched Windows operating system (which can be attacked with a remote exploit).

What's new in Tor 0.2.0.33:

January 22nd, 2009

· This release fixes a variety of bugs that were making relays less useful to users.
· It also finally fixes a bug where a relay or client that's been off for many days would take a long time to bootstrap.
· It fixes an important security-related bug.

What's new in Tor 0.2.1.9 Alpha:

January 5th, 2009

· This release fixes a logic error that would automatically reject all but the first configured DNS server.

What's new in Tor 0.2.1.8 Alpha:

December 10th, 2008

· This release fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.

What's new in Tor 0.2.0.32:

December 5th, 2008

· This release fixes a major security problem in the Debian and Ubuntu packages (and maybe other packages).
· A smaller security flaw that might allow an attacker to access local services was fixed.
· Hidden service performance was further improved.
· A variety of other problems were fixed.

What's new in Tor 0.2.1.7 Alpha:

November 21st, 2008

· This release fixes a major security problem in Debian and Ubuntu packages (and maybe other packages).
· A smaller security flaw that might allow an attacker to access local services was fixed.
· Defense against DNS poisoning attacks on exit relays was improved.
· Hidden service performance was further improved.
· A variety of other issues were fixed.

What's new in Tor 0.2.1.6 Alpha:

October 13th, 2008

· This release further improves performance and robustness of hidden services, starts work on supporting per-country relay selection, and fixes a variety of smaller issues.

What's new in Tor 0.2.0.31:

September 10th, 2008

· This release addresses two potential anonymity issues, starts to fix a big bug where in rare cases traffic from one Tor stream gets mixed into another stream, and fixes a variety of smaller issues.

What's new in Tor 0.2.0.30:

August 28th, 2008

· Tor 0.2.0.30 switches to a more efficient directory distribution design,
· adds features to make connections to the Tor network harder to block,
· allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
· traffic to make it easier for clients to become relays, fixes a variety
· of potential anonymity problems, and includes the usual huge pile of
· other features and bug fixes.