alpha release

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »

On November 19, we released the latest in the Tor alpha series, version 0.2.2.6-alpha. This release lays the groundwork for many upcoming features:
support for the new lower-footprint "microdescriptor" directory design,
future-proofing our consensus format against new hash functions or
other changes, and an Android port. It also makes Tor compatible with
the upcoming OpenSSL 0.9.8l release, and fixes a variety of bugs.

It can be downloaded at https://www.torproject.org/download.html.en

Major features:

• Directory authorities can now create, vote on, and serve multiple
  parallel formats of directory data as part of their voting process.
  Partially implements Proposal 162: "Publish the consensus in
  multiple flavors".

• Directory authorities can now agree on and publish small summaries
  of router information that clients can use in place of regular
  server descriptors. This transition will eventually allow clients read more »

On October 11, we released Tor 0.2.2.5-alpha.

It can be downloaded from https://www.torproject.org/download/.

It contains:

Major bugfixes:

• Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.

New directory authorities:

• Move dizum to an alternate IP address.

Code simplifications and refactorings

• Numerous changes, bugfixes, and workarounds from Nathan Freitas
  to help Tor build correctly for Android phones.

On October 10, we released Tor version 0.2.2.4-alpha.

This release can be found at https://www.torproject.org/download/

It contains the following:
Major bugfixes:

• Fix several more asserts in the circuit_build_times code, for
  example one that causes Tor to fail to start once we have
  accumulated 5000 build times in the state file. Bugfixes on
  0.2.2.2-alpha; fixes bug 1108.

New directory authorities:

• Move moria1 and Tonga to alternate IP addresses.

Minor features: read more »

• Log SSL state transitions at debug level during handshake, and
  include SSL states in error messages. This may help debug future
  SSL handshake issues.
• Add a new "Handshake" log domain for activities that happen
  during the TLS handshake.
• Revert to the "June 3 2009" ip-to-country file. The September one
  

On September 23rd, we released Tor version 0.2.2.3-alpha.

Major bugfixes:

• Fix an overzealous assert in our new circuit build timeout code.
  Bugfix on 0.2.2.2-alpha; fixes bug 1103.

Minor bugfixes:

• If the networkstatus consensus tells us that we should use a
  negative circuit package window, ignore it. Otherwise we'll
  believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.

On September 21st, we released Tor version 0.2.2.2-alpha.

Major features: read more »

• Tor now tracks how long it takes to build client-side circuits
  over time, and adapts its timeout to local network performance.
  Since a circuit that takes a long time to build will also provide
  bad performance, we get significant latency improvements by
  discarding the slowest 20% of circuits. Specifically, Tor creates
  circuits more aggressively than usual until it has enough data
  points for a good timeout estimate. Implements proposal 151.
  We are especially looking for reports (good and bad) from users with
  both EDGE and broadband connections that can move from broadband
  to EDGE and find out if the build-time data in the .tor/state gets
  reset without loss of Tor usability. You should also see a notice
  log message telling you that Tor has reset its timeout.

Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.

https://www.torproject.org/download

We've been improving our packages and bundles:
Packaging changes: read more »

• Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
  installer bundles. See
  https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
  for details of what's new in Vidalia 0.2.3.
• Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
• OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
  configuration file, rather than the old Privoxy.
• OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
  x86-only for better compatibility with OS X 10.6, aka Snow Leopard.

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »

An updated Tor Browser Bundle is released to address the Firefox 3.0.7 security issues. It includes:

• Update Firefox to 3.0.8
• Add Italian language bundles
• Update Torbutton to 1.2.1
• Update Vidalia to 0.1.12

This updated TBB can be downloaded from https://www.torproject.org/easy-download as the "zero install bundle".

Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.

https://www.torproject.org/download

Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:

• Correctly update the list of which countries we exclude as
  exits, when the GeoIP file is loaded or reloaded. Diagnosed by
  lark. Bugfix on 0.2.1.6-alpha.

Minor bugfixes (on 0.2.0.x and earlier):

• Automatically detect MacOSX versions earlier than 10.4.0, and
  disable kqueue from inside Tor when running with these versions.
  We previously did this from the startup script, but that was no
  help to people who didn't use the startup script. Resolves bug 863.
• When we had picked an exit node for a connection, but marked it as
  "optional", and it turned out we had no onion key for the exit, read more »