Tor Browser 10.0a6 is now available from the Tor Browser Alpha download page and also from our
This week we're officially wrapping up the campaign #MoreOnionsPorFavor.
As you might have heard, some onion services have been experiencing issues with denial-of-service (DoS) attacks over the past few years. In this post, we would like to present you with two options that we believe can provide a long-term defense to the problem while maintaining the usability and security of onion services.
There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.4-rc from the download page. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the coming weeks.
Remember, this is a release candidate, not a a stable release: you should only run this if you'd like to find and report more bugs than usual.
Tor 0.4.4.4-rc is the first release candidate in its series. It fixes several bugs in previous versions, including some that caused annoying behavior for relay and bridge operators.
Changes in version 0.4.4.4-rc - 2020-08-13
- Minor features (security):
- Channels using obsolete versions of the Tor link protocol are no longer allowed to circumvent address-canonicity checks. (This is only a minor issue, since such channels have no way to set ed25519 keys, and therefore should always be rejected for circuits that specify ed25519 identities.) Closes ticket 40081.
- Minor features (defense in depth):
- Wipe more data from connection address fields before returning them to the memory heap. Closes ticket 6198.