progress report
August 2009 Progress Report
Posted September 21st, 2009 by phobosNew releases
On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.
The full changelist is:
1.2.7: Released 2009-08-04
- update Firefox to 3.0.13
- add Polish translation
- update libevent to 1.4.12
On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.
The full list of updates and fixes: read more »
- update Torbutton to 1.2.2
- update Vidalia to 0.2.2
- compile OpenSSL 0.9.8k with Visual C to make dlls
- update Pidgin to 2.6.1
July 2009 Progress Report
Posted August 10th, 2009 by phobosNew releases
On July 8th, we released Vidalia 0.1.15..
On July 8th, we updated the Tor 0.2.0.35-stable bundles with the new Vidalia to fix an ssl issue and the Firefox Torbutton extension installation for OS X users.
On July 8th, we released Tor 0.2.1.17-rc.
Tor Browser Bundle 1.2.3 was released on July 8, 2009.
TBB 1.2.3 was replaced by 1.2.4 on July 11, 2009
TBB 1.2.5 was released on July 25th. It solely included an update to Tor 0.2.1.18 . read more »
June 2009 Progress Report
Posted July 11th, 2009 by phobosNew releases
On June 20th we released Tor 0.2.1.16-rc.
On June 21st, we released Tor Browser Bundle 1.2.1.
On June 23rd, we released Tor Browser Bundle 1.2.2.
On June 24th, we released Tor 0.2.0.35-stable. We expect that this release is the last of the 0.2.0.x -stable series, soon to be replaced with the 0.2.1.x series.
On June 30th, we released Vidalia 0.1.14.
Censorship circumvention
Packaged rpms for Red Flag Linux version 6. Red Flag Linux is reported to be the new operating system for all Internet cafe's in China. So far, no one has seen this conversion actually happen, but now we're ready if it does.
Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug has been fixed. Additionally, we've whitelisted some domains where we read more »
May 2009 Progress Report
Posted June 10th, 2009 by phobosNew releases
On May 25, we released Tor 0.2.1.15-rc.
On May 17, we released Tor VM 0.0.2.
On May 25, we released Vidalia 0.1.13 containing read more »
- Remove an old warning on the relay settings page that running a bridge
relay requires Tor 0.2.0.8-alpha or newer. - Add a workaround for a bug that prevented Vidalia's tray icon from
getting added to the system notification area on Gnome when Vidalia was
run on system startup. Patch by Steve Tyree. (Ticket #247) - Fix a bug that prevented the control panel from displaying when
running on the Enlightenment window manager. Patch by Steve Tyree. - Rename the CMake variables used to store the location of Qt's lupdate
and lrelease executables. Recent versions of CMake decided to use the
same variable name, which was stomping on mine, resulting in the wrong
lupdate and lrelease executables being used.
April 2009 Progress Report
Posted May 11th, 2009 by phobosNew releases
On April 12, we released 0.2.1.14-rc. Read the details in the announcement.
Outreach
Roger attended an ITSG conference in Chicago.
Roger, Nick, Jacob, and Mike attended the CodeCon conference in San Francisco, http://www.codecon.org/2009/.
Andrew met with the Center for Democracy and Human Rights in Saudi Arabia to discuss using Tor for their mission, http://cdhr.info.
Roger and Andrew met with the Department of Justice CyberCrime Division to give an overview of how Tor works and how we could better work with law enforcement.
Wendy, Roger, and Andrew had a dinner with Internews Central Asia media development staff.
Andrew attended the CIMI/NED panel on World Press Freedom, http://cima.ned.org/860/world-press-freedom-day-2009.html. read more »
March 2009 Progress Report
Posted April 13th, 2009 by phobosNew releases, new hires, new funding
On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:
o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.
o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »
February 2009 Progress Report
Posted March 10th, 2009 by phobosNew releases, new hires, new funding
On February 8, we released versions 0.2.0.34-stable and 0.2.1.12-alpha.
Tor 0.2.0.34 features several more security-related fixes. You should upgrade, especially if you run an exit relay (remote crash) or a directory authority (remote infinite loop), or you're on an older (pre-XP) or not-recently-patched Windows (remote exploit).
This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have many known flaws, and nobody should be using them. You should upgrade. If you're using a Linux or BSD and its packages are obsolete, stop using those packages and upgrade anyway.
Enhancements
In Tor 0.2.1.12-alpha, if we're using bridges and our network goes away, be more willing to forgive our bridges and try again when we get an application request. Bugfix on 0.2.0.x. read more »
January 2009 Progress Report
Posted February 22nd, 2009 by phobosNew releases, new hires, new funding
Tor 0.2.1.10-alpha (released January 6) fixes two major bugs in bridge
relays (one that would make the bridge relay not so useful if it had
DirPort set to 0, and one that could let an attacker learn a little bit
of information about the bridge's users), and a bug that would cause your
Tor relay to ignore a circuit create request it can't decrypt (rather
than reply with an error). It also fixes a wide variety of other bugs.
http://archives.seul.org/or/talk/Jan-2009/msg00078.html
Tor 0.2.1.11-alpha (released Jan 20) finishes fixing the "if your Tor is
off for a week it will take a long time to bootstrap again" bug. It also
fixes an important security-related bug reported by Ilja van Sprundel. You
should upgrade. (We'll send out more details about the bug once people
have had some time to upgrade.)
http://archives.seul.org/or/talk/Jan-2009/msg00171.html read more »
December 2008 Progress Report
Posted February 2nd, 2009 by phobosReleases
Tor 0.2.1.8-alpha (released December 8) fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Dec-2008/msg00129.html
Tor Browser Bundle 1.1.6 (released December 2) and 1.1.7 (released December 12) update Tor to 0.2.1.8-alpha, include a new version of Firefox, and attempt to wrestle with the "AllowMultipleInstances=false" design that could allow us to run Tor Browser Bundle alongside a normal Firefox.
https://svn.torproject.org/svn/torbrowser/trunk/README
Tor 0.2.1.9-alpha (released December 25) fixes many more bugs, some of them security-related.
http://archives.seul.org/or/talk/Jan-2009/msg00029.html
Bug fixes
Security fixes in the Tor 0.2.1.8-alpha release: read more »
November 2008 Progress Report
Posted December 24th, 2008 by phobosBug Fixes
Tor 0.2.1.7-alpha (released November 8) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, adds better defense against DNS poisoning attacks on exit relays, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Nov-2008/msg00229.html
Tor 0.2.0.32 (released November 20) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/announce/Dec-2008/msg00000.html
Vidalia 0.1.10 (released November 2) fixes some presentation bugs and some bugs in the Windows installer. read more »

Recent comments
2 hours 2 min ago
2 hours 4 min ago
2 hours 8 min ago
2 hours 11 min ago
2 hours 13 min ago
2 hours 18 min ago
3 hours 51 min ago
5 hours 53 min ago
13 hours 20 min ago
16 hours 16 min ago