Our users rely on bridges if their ISPs or governments block access to the Tor network.

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.1.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by some time next week.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the previous alpha, and some much older. It also contains minor testing improvements, and an improvement to the security of our authenticated SENDME implementation.

Changes in version 0.4.1.2-alpha - 2019-06-06

• Major bugfixes (bridges):
  • Consider our directory information to have changed when our list of bridges changes. Previously, Tor would not re-compute the status of its directory information when bridges changed, and therefore would not realize that it was no longer able to build circuits. Fixes part of bug 29875.
  • Do not count previously configured working bridges towards our total of working bridges. Previously, when Tor's list of bridges changed, it would think that the old bridges were still usable, and delay fetching router descriptors for the new ones. Fixes part of bug 29875; bugfix on 0.3.0.1-alpha.
• Major bugfixes (flow control, SENDME):
  • Decrement the stream-level package window after packaging a cell. Previously, it was done inside a log_debug() call, meaning that if debug logs were not enabled, the decrement would never happen, and thus the window would be out of sync with the other end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha.

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.1.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release in the next couple of weeks.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the first alpha in the 0.4.1.x series. It introduces lightweight circuit padding to make some onion-service circuits harder to distinguish, includes a new "authenticated SENDME" feature to make certain denial-of-service attacks more difficult, and improves performance in several areas.

Changes in version 0.4.1.1-alpha - 2019-05-22

• Major features (circuit padding):
  • Onion service clients now add padding cells at the start of their INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic look more like general purpose Exit traffic. The overhead for this is 2 extra cells in each direction for RENDEZVOUS circuits, and 1 extra upstream cell and 10 downstream cells for INTRODUCE circuits. This feature is only enabled when also supported by the circuit's middle node. (Clients may specify fixed middle nodes with the MiddleNodes option, and may force-disable this feature with the CircuitPadding torrc.) Closes ticket 28634.
• Major features (code organization):
  • Tor now includes a generic publish-subscribe message-passing subsystem that we can use to organize intermodule dependencies. We hope to use this to reduce dependencies between modules that don't need to be related, and to generally simplify our codebase. Closes ticket 28226.