Tor Changelog

New in version 0.2.7.2 Alpha

August 7th, 2015
  • Major features (Ed25519 identity keys, Proposal 220):
  • All relays now maintain a stronger identity key, using the Ed25519 elliptic curve signature format. This master key is designed so that it can be kept offline. Relays also generate an online signing key, and a set of other Ed25519 keys and certificates. These are all automatically regenerated and rotated as needed. Implements part of ticket 12498.
  • Directory authorities now vote on Ed25519 identity keys along with RSA1024 keys. Implements part of ticket 12498.
  • Directory authorities track which Ed25519 identity keys have been used with which RSA1024 identity keys, and do not allow them to vary freely. Implements part of ticket 12498.
  • Microdescriptors now include Ed25519 identity keys. Implements part of ticket 12498.
  • Add support for offline encrypted Ed25519 master keys. To use this feature on your tor relay, run "tor --keygen" to make a new master key (or to make a new signing key if you already have a master key). Closes ticket 13642.
  • Major features (Hidden services):
  • Add the torrc option HiddenServiceNumIntroductionPoints, to specify a fixed number of introduction points. Its maximum value is 10 and default is 3. Using this option can increase a hidden service's reliability under load, at the cost of making it more visible that the hidden service is facing extra load. Closes ticket 4862.
  • Remove the adaptive algorithm for choosing the number of introduction points, which used to change the number of introduction points (poorly) depending on the number of connections the HS sees. Closes ticket 4862.
  • Major features (onion key cross-certification):
  • Relay descriptors now include signatures of their own identity keys, made using the TAP and ntor onion keys. These signatures allow relays to prove ownership of their own onion keys. Because of this change, microdescriptors will no longer need to include RSA identity keys. Implements proposal 228; closes ticket 12499.
  • Major features (performance):
  • Improve the runtime speed of Ed25519 operations by using the public-domain Ed25519-donna by Andrew M. ("floodyberry"). Implements ticket 16467.
  • Improve the runtime speed of the ntor handshake by using an optimized curve25519 basepoint scalarmult implementation from the public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on ideas by Adam Langley. Implements ticket 9663.
  • Major bugfixes (client-side privacy, also in 0.2.6.9):
  • Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino".
  • Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
  • Stop refusing to store updated hidden service descriptors on a client. This reverts commit 9407040c59218 (which indeed fixed bug 14219, but introduced a major hidden service reachability regression detailed in bug 16381). This is a temporary fix since we can live with the minor issue in bug 14219 (it just results in some load on the network) but the regression of 16381 is too much of a setback. First-round fix for bug 16381; bugfix on 0.2.6.3-alpha.
  • Major bugfixes (hidden services):
  • When cannibalizing a circuit for an introduction point, always extend to the chosen exit node (creating a 4 hop circuit). Previously Tor would use the current circuit exit node, which changed the original choice of introduction point, and could cause the hidden service to skip excluded introduction points or reconnect to a skipped introduction point. Fixes bug 16260; bugfix on 0.1.0.1-rc.
  • Major bugfixes (open file limit):
  • The open file limit wasn't checked before calling tor_accept_socket_nonblocking(), which would make Tor exceed the limit. Now, before opening a new socket, Tor validates the open file limit just before, and if the max has been reached, return an error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
  • Major bugfixes (stability, also in 0.2.6.10):
  • Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. Fixes bug 16400; bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by "cypherpunks_backup".
  • Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc.
  • Minor features (directory authorities, security, also in 0.2.6.9):
  • The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable to require at the very least 7 days, while maintaining the 96 hours uptime requirement for HSDir. Implements ticket 8243.
  • Minor features (client):
  • Relax the validation of hostnames in SOCKS5 requests, allowing the character '_' to appear, in order to cope with domains observed in the wild that are serving non-RFC compliant records. Resolves ticket 16430.
  • Relax the validation done to hostnames in SOCKS5 requests, and allow a single trailing '.' to cope with clients that pass FQDNs using that syntax to explicitly indicate that the domain name is fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
  • Add GroupWritable and WorldWritable options to unix-socket based SocksPort and ControlPort options. These options apply to a single socket, and override {Control,Socks}SocketsGroupWritable. Closes ticket 15220.
  • Minor features (control protocol):
  • Support network-liveness GETINFO key and NETWORK_LIVENESS event in the control protocol. Resolves ticket 15358.
  • Minor features (directory authorities):
  • Directory authorities no longer vote against the "Fast", "Stable", and "HSDir" flags just because they were going to vote against "Running": if the consensus turns out to be that the router was running, then the authority's vote should count. Patch from Peter Retzlaff; closes issue 8712.
  • Minor features (geoip, also in 0.2.6.10):
  • Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
  • Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
  • Minor features (hidden services):
  • Add the new options "HiddenServiceMaxStreams" and "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to limit the maximum number of simultaneous streams per circuit, and optionally tear down the circuit when the limit is exceeded. Part of ticket 16052.
  • Minor features (portability):
  • Use C99 variadic macros when the compiler is not GCC. This avoids failing compilations on MSVC, and fixes a log-file-based race condition in our old workarounds. Original patch from Gisle Vanem.
  • Minor bugfixes (compilation, also in 0.2.6.9):
  • Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader.
  • Minor bugfixes (controller):
  • Add the descriptor ID in each HS_DESC control event. It was missing, but specified in control-spec.txt. Fixes bug 15881; bugfix on 0.2.5.2-alpha.
  • Minor bugfixes (crypto error-handling, also in 0.2.6.10):
  • Check for failures from crypto_early_init, and refuse to continue. A previous typo meant that we could keep going with an uninitialized crypto library, and would have OpenSSL initialize its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced when implementing ticket 4900. Patch by "teor".
  • Minor bugfixes (hidden services):
  • Fix a crash when reloading configuration while at least one configured and one ephemeral hidden service exists. Fixes bug 16060; bugfix on 0.2.7.1-alpha.
  • Avoid crashing with a double-free bug when we create an ephemeral hidden service but adding it fails for some reason. Fixes bug 16228; bugfix on 0.2.7.1-alpha.
  • Minor bugfixes (Linux seccomp2 sandbox):
  • Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
  • Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
  • Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need these when eventfd2() support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha. Patch from "teor".
  • Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
  • Fix sandboxing to work when running as a relay, by allowing the renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
  • Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader.
  • Minor bugfixes (relay):
  • Fix a rarely-encountered memory leak when failing to initialize the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch from "cypherpunks".
  • Minor bugfixes (systemd):
  • Fix an accidental formatting error that broke the systemd configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
  • Tor's systemd unit file no longer contains extraneous spaces. These spaces would sometimes confuse tools like deb-systemd- helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
  • Minor bugfixes (tests):
  • Use the configured Python executable when running test-stem-full. Fixes bug 16470; bugfix on 0.2.7.1-alpha.
  • Minor bugfixes (tests, also in 0.2.6.9):
  • Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
  • Minor bugfixes (threads, comments):
  • Always initialize return value in compute_desc_id in rendcommon.c Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  • Check for NULL values in getinfo_helper_onions(). Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  • Remove undefined directive-in-macro in test_util_writepid clang 3.7 complains that using a preprocessor directive inside a macro invocation in test_util_writepid in test_util.c is undefined. Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  • Code simplification and refactoring:
  • Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order to ensure they remain consistent and visible everywhere.
  • Remove some vestigial workarounds for the MSVC6 compiler. We haven't supported that in ages.
  • The link authentication code has been refactored for better testability and reliability. It now uses code generated with the "trunnel" binary encoding generator, to reduce the risk of bugs due to programmer error. Done as part of ticket 12498.
  • Documentation:
  • Include a specific and (hopefully) accurate documentation of the torrc file's meta-format in doc/torrc_format.txt. This is mainly of interest to people writing programs to parse or generate torrc files. This document is not a commitment to long-term compatibility; some aspects of the current format are a bit ridiculous. Closes ticket 2325.
  • Removed features:
  • Tor no longer supports copies of OpenSSL that are missing support for Elliptic Curve Cryptography. (We began using ECC when available in 0.2.4.8-alpha, for more safe and efficient key negotiation.) In particular, support for at least one of P256 or P224 is now required, with manual configuration needed if only P224 is available. Resolves ticket 16140.
  • Tor no longer supports versions of OpenSSL before 1.0. (If you are on an operating system that has not upgraded to OpenSSL 1.0 or later, and you compile Tor from source, you will need to install a more recent OpenSSL to link Tor against.) These versions of OpenSSL are still supported by the OpenSSL, but the numerous cryptographic improvements in later OpenSSL releases makes them a clear choice. Resolves ticket 16034.
  • Remove the HidServDirectoryV2 option. Now all relays offer to store hidden service descriptors. Related to 16543.
  • Remove the VoteOnHidServDirectoriesV2 option, since all authorities have long set it to 1. Closes ticket 16543.
  • Testing:
  • Document use of coverity, clang static analyzer, and clang dynamic undefined behavior and address sanitizers in doc/HACKING. Include detailed usage instructions in the blacklist. Patch by "teor". Closes ticket 15817.
  • The link authentication protocol code now has extensive tests.
  • The relay descriptor signature testing code now has extensive tests.
  • The test_workqueue program now runs faster, and is enabled by default as a part of "make check".
  • Now that OpenSSL has its own scrypt implementation, add an unit test that checks for interoperability between libscrypt_scrypt() and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket 16189.

New in version 0.2.6.7 (April 7th, 2015)

  • Tor 0.2.6.7 fixes two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available.
  • This release also contains two simple improvements to make hidden services a bit less vulnerable to denial-of-service attacks.
  • Major bugfixes (security, hidden service):
  • Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
  • Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  • Minor features (DoS-resistance, hidden service):
  • Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515.
  • Decrease the amount of reattempts that a hidden service performs when its rendezvous circuits fail. This reduces the computational cost for running a hidden service under heavy load. Resolves ticket 11447.

New in version 0.2.4.18 RC (November 18th, 2013)

  • Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x series. It takes a variety of fixes from the 0.2.5.x branch to improve stability, performance, and better handling of edge cases.
  • Major features:
  • Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented renegotiation from working with TLS 1.1 or 1.2, so we had disabled them to solve bug 6033.)
  • Major bug fixes:
  • No longer stop reading or writing on cpuworker connections when our rate limiting buckets go empty. Now we should handle circuit handshake requests more promptly. Resolves bug 9731.
  • If we are unable to save a microdescriptor to the journal, do not drop it from memory and then reattempt downloading it. Fixes bug 9645; bugfix on 0.2.2.6-alpha.
  • Stop trying to bootstrap all our directory information from only our first guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha.
  • The new channel code sometimes lost track of in-progress circuits, causing long-running clients to stop building new circuits. The fix is to always call circuit_n_chan_done(chan, 0) from channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
  • Minor bug fixes (on 0.2.4.x):
  • Correctly log long IPv6 exit policies, instead of truncating them or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
  • Our default TLS ecdhe groups were backwards: we meant to be using P224 for relays (for performance win) and P256 for bridges (since it is more common in the wild). Instead we had it backwards. After reconsideration, we decided that the default should be P256 on all hosts, since its security is probably better, and since P224 is reportedly used quite little in the wild. Found by "skruffy" on IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
  • Free directory authority certificate download statuses on exit rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
  • Minor bug fixes (on 0.2.3.x and earlier):
  • If the guard we choose first doesn't answer, we would try the second guard, but once we connected to the second guard we would abandon it and retry the first one, slowing down bootstrapping. The fix is to treat all our initially chosen guards as acceptable to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
  • Fix an assertion failure that would occur when disabling the ORPort setting on a running Tor process while accounting was enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
  • When examining the list of network interfaces to find our address, do not consider non-running or disabled network interfaces. Fixes bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
  • Avoid an off-by-one error when checking buffer boundaries when formatting the exit status of a pluggable transport helper. This is probably not an exploitable bug, but better safe than sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by Pedro Ribeiro.
  • Minor features (protecting client timestamps):
  • Clients no longer send timestamps in their NETINFO cells. These were not used for anything, and they provided one small way for clients to be distinguished from each other as they moved from network to network or behind NAT. Implements part of proposal 222.
  • Clients now round timestamps in INTRODUCE cells down to the nearest 10 minutes. If a new Support022HiddenServices option is set to 0, or if it's set to "auto" and the feature is disabled in the consensus, the timestamp is sent as 0 instead. Implements part of proposal 222.
  • Stop sending timestamps in AUTHENTICATE cells. This is not such a big deal from a security point of view, but it achieves no actual good purpose, and isn't needed. Implements part of proposal 222.
  • Reduce down accuracy of timestamps in hidden service descriptors. Implements part of proposal 222.
  • Minor features (other):
  • Improve the circuit queue out-of-memory handler. Previously, when we ran low on memory, we'd close whichever circuits had the most queued cells. Now, we close those that have the *oldest* queued cells, on the theory that those are most responsible for us running low on memory. Based on analysis from a forthcoming paper by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
  • Generate bootstrapping status update events correctly when fetching microdescriptors. Fixes bug 9927.
  • Update to the October 2 2013 Maxmind GeoLite Country database.
  • Documentation fixes:
  • Clarify the usage and risks of setting the ContactInfo torrc line for your relay or bridge. Resolves ticket 9854.
  • Add anchors to the manpage so we can link to the html version of the documentation for specific options. Resolves ticket 9866.
  • Replace remaining references to DirServer in man page and log entries. Resolves ticket 10124.

New in version 0.2.5.1 Alpha (October 10th, 2013)

  • This version introduces experimental support for syscall sandboxing on Linux, allows bridges that offer pluggable transports to report usage statistics, fixes many issues to make testing easier, and provides a pile of minor features and bugfixes that have been waiting for a release of the new branch.

New in version 0.2.4.16 RC (August 14th, 2013)

  • This release candidate fixes several crash bugs in the 0.2.4 branch.

New in version 0.2.4.11 Alpha (March 13th, 2013)

  • This version makes relay measurement by directory authorities more robust, makes hidden service authentication work again, and resolves a DPI fingerprint for Tor's SSL transport.

New in version 2.2.4.3 Alpha (September 27th, 2012)

  • This version fixes another opportunity for a remotely triggerable assertion, resumes letting relays test reachability of their DirPort, and cleans up a bunch of smaller bugs.

New in version 2.2.35-11 (May 4th, 2012)

  • Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
  • New Firefox patches:
  • Prevent WebSocket DNS leak (closes: #5741)
  • Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
  • Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
  • Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)

New in version 0.2.3.15 Alpha (May 1st, 2012)

  • This version fixes a variety of smaller bugs.
  • The development branch now builds on Windows again.

New in version 0.2.3.14 Alpha (April 25th, 2012)

  • This version fixes yet more bugs to get closer to a release candidate.
  • It also dramatically speeds up AES: fast relays should consider switching to the newer OpenSSL library.

New in version 0.2.3.12 Alpha (February 15th, 2012)

  • This version lets fast exit relays scale better, allows clients to use bridges that run Tor 0.2.2.x, and resolves several big bugs when Tor is configured to use a pluggable transport like obfsproxy.

New in version 0.2.3.8 Alpha (November 26th, 2011)

  • This version fixes some crash and assert bugs, including a socketpair-related bug which has been bothering Windows users.
  • It adds support to serve microdescriptors to controllers, so Vidalia's network map can resume listing relays (once Vidalia implements its side) and adds better support for hardware AES acceleration.
  • Finally, it starts the process of adjusting the bandwidth cutoff for getting the "Fast" flag from 20KB to (currently) 32KB. Preliminary results show that tiny relays harm performance more than they help network capacity.

New in version 0.2.3.3 Alpha (September 13th, 2011)

  • This version adds a new "stream isolation" feature to improve Tor's security, and provides client-side support for the microdescriptor and optimistic data features introduced earlier in the 0.2.3.x series.
  • It also includes numerous critical bugfixes in the (optional) bufferevent-based networking backend.

New in version 0.2.2.25 Alpha (May 2nd, 2011)

  • This version fixes many bugs.
  • Hidden service clients are more robust.
  • Routers no longer over-report their bandwidth.
  • Win7 should crash a little less.
  • NEWNYM now prevents hidden service-related activity from being linkable.
  • The Entry/Exit/ExcludeNodes and StrictNodes configuration options were revamped to make them more reliable, more understandable, and more regularly applied.

New in version 0.2.2.22 Alpha (February 4th, 2011)

  • Major bugfixes:
  • Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by "piebeer".
  • Don't assert when changing from bridge to relay or vice versa via the controller. The assert happened because we didn't properly initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes bug 2433. Reported by bastik.
  • Minor features:
  • Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod_ssl.
  • Provide a log message stating which geoip file we're parsing instead of just stating that we're parsing the geoip file. Implements ticket 2432.
  • Minor bugfixes:
  • Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".

New in version 0.2.2.21 Alpha (January 18th, 2011)

  • Document the default socks host and port (127.0.0.1:9050) for tor-resolve.

New in version 0.2.2.18 Alpha (November 18th, 2010)

  • Major bugfixes:
  • Do even more to reject (and not just ignore) annotations on router descriptors received anywhere but from the cache. Previously we would ignore such annotations at first, but cache them to disk anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
  • Do not log messages to the controller while shrinking buffer freelists. Doing so would sometimes make the controller connection try to allocate a buffer chunk, which would mess up the internals of the freelist and cause an assertion failure. Fixes bug 1125;
  • Fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha. Learn our external IP address when we're a relay or bridge, even if we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha, where we introduced bridge relays that don't need to publish to be useful. Fixes bug 2050.
  • Maintain separate TLS contexts and certificates for incoming and 17 outgoing connections in bridge relays. Previously we would use the same TLS contexts and certs for incoming and outgoing connections.Bugfix on 0.2.0.3-alpha; addresses bug 988.
  • Maintain separate identity keys for incoming and outgoing TLS 21 contexts in bridge relays. Previously we would use the same identity keys for incoming and outgoing TLS contexts. Bugfix on 0.2.0.3-alpha; addresses the other half of bug 988.
  • Avoid an assertion failure when we as an authority receive a 25 duplicate upload of a router descriptor that we already have, but which we previously considered an obsolete descriptor. Fixes another case of bug 1776. Bugfix on 0.2.2.16-alpha.28.
  • Avoid a crash bug triggered by looking at a dangling pointer while setting the network status consensus. Found by Robert Ransom. Bugfix on 0.2.2.17-alpha. Fixes bug 2097.
  • Fix a logic error where servers that _didn't_ act as exits would try to keep their server lists more aggressively up to date than exits, when it was supposed to be the other way around. Bugfix 34 on 0.2.2.17-alpha.

New in version 0.2.1.25 (April 1st, 2010)

  • Major bugfixes:
  • Fix a regression from our patch for bug 1244 that caused relays to guess their IP address incorrectly if they didn't set Address in their torrc and/or their address fails to resolve. Bugfix on
  • 0.2.1.23; fixes bug 1269.
  • When freeing a session key, zero it out completely. We only zeroed the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and patched by ekir. Fixes bug 1254.
  • Minor bugfixes:
  • Fix a dereference-then-NULL-check sequence when publishing descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes bug 1255.
  • Fix another dereference-then-NULL-check sequence. Bugfix on 0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
  • Make sure we treat potentially not NUL-terminated strings correctly.
  • Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.

New in version 0.2.1.13 Alpha (March 13th, 2009)

  • This release includes another big pile of minor bugfixes and cleanups.

New in version 0.2.0.34 (February 10th, 2009)

  • This version features several more security-related fixes. You should upgrade, especially if you run an exit relay (which is vulnerable to a remote crash bug) or a directory authority (which is vulnerable to a remote infinite loop), or if you're on an older (pre-XP) or not-recently-patched Windows operating system (which can be attacked with a remote exploit).

New in version 0.2.0.33 (January 22nd, 2009)

  • This release fixes a variety of bugs that were making relays less useful to users.
  • It also finally fixes a bug where a relay or client that's been off for many days would take a long time to bootstrap.
  • It fixes an important security-related bug.

New in version 0.2.1.9 Alpha (January 5th, 2009)

  • This release fixes a logic error that would automatically reject all but the first configured DNS server.

New in version 0.2.1.8 Alpha (December 10th, 2008)

  • This release fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.

New in version 0.2.0.32 (December 5th, 2008)

  • This release fixes a major security problem in the Debian and Ubuntu packages (and maybe other packages).
  • A smaller security flaw that might allow an attacker to access local services was fixed.
  • Hidden service performance was further improved.
  • A variety of other problems were fixed.

New in version 0.2.1.7 Alpha (November 21st, 2008)

  • This release fixes a major security problem in Debian and Ubuntu packages (and maybe other packages).
  • A smaller security flaw that might allow an attacker to access local services was fixed.
  • Defense against DNS poisoning attacks on exit relays was improved.
  • Hidden service performance was further improved.
  • A variety of other issues were fixed.

New in version 0.2.1.6 Alpha (October 13th, 2008)

  • This release further improves performance and robustness of hidden services, starts work on supporting per-country relay selection, and fixes a variety of smaller issues.

New in version 0.2.0.31 (September 10th, 2008)

  • This release addresses two potential anonymity issues, starts to fix a big bug where in rare cases traffic from one Tor stream gets mixed into another stream, and fixes a variety of smaller issues.

New in version 0.2.0.30 (August 28th, 2008)

  • Tor 0.2.0.30 switches to a more efficient directory distribution design,
  • adds features to make connections to the Tor network harder to block,
  • allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
  • traffic to make it easier for clients to become relays, fixes a variety
  • of potential anonymity problems, and includes the usual huge pile of
  • other features and bug fixes.