Tor Blog | The Tor Project

Making Diversity The Default in The Open Source World

As technology shapes many parts of our lives, we believe it needs to be built in a way that makes the world a better place. For this, we need everybody’s voice and perspective when making technical and political decisions at Tor.

International Women's Day

The work we do at the Tor Project is to ensure that anyone can safely use the internet. We are very happy to know that our work provides women all around the world the security and anonymity they need to organize and express themselves.

How Has Tor Helped You? Send Us Your Story.

What is your Tor story? Have you used Tor to curtail surveillance, circumvent censorship, conduct research, cope with an abuser, or speak up about corruption? If any of these apply to you or if you have another story to share, please let us know.

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

There are new source code releases available for download.

7 comments

New Release: OnionShare 2

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. OnionShare 2 adds anonymous dropboxes, supports new Tor addresses, and is translated into a dozen new languages.

43 comments

New Release: Tor Browser 8.5a8

Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our

New Release: Tor Browser 8.0.6

Tor Browser 8.0.6 is now available from the Tor Browser Project page and also from our

Expect More From Tor in 2019

We spent 2018 fighting for the fundamental human rights to privacy and freedom online and made our software more accessible than ever before. We know our work plays an important part in ensuring that people fighting back against injustice are able to stay safe online, and we are ready for the challenges ahead in 2019.

38 comments

New Release: Tor Browser 8.5a7

Tor Browser 8.5a7 is now available from the Tor Browser Project page and also from our

New Release: Tor Browser 8.0.5

Tor Browser 8.0.5 is now available from the Tor Browser Project page and also from our

Upcoming Events

March 28, 2019

Tor Meetup (Valencia)

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

March 24, 2019 - March 27, 2019

KNOW 2019 (Vegas)

April 01, 2019 - April 05, 2019

Internet Freedom Festival (Valencia)

June 11, 2019 - June 14, 2019

RightsCon (Tunis)

See All Upcoming Events

Recent Updates

Making Diversity The Default in The Open Source World

Tor is a community, an organization, a network, and a place to build and maintain technology that protects your information when navigating the internet.

International Women's Day

Today, March 8th, women all around the world are expressing themselves in one way or another on commemorating their all year long struggle for equality and justice.

How Has Tor Helped You? Send Us Your Story.

Last September, we asked to hear stories about how Tor has helped protect people online.

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.