Tor Blog | The Tor Project

New Release: Tor Browser 9.5a8

Tor Browser 9.5a8 is now available from the Tor Browser Alpha download page and also from our

18 comments

New Release: Tor Browser 9.0.6

Tor Browser 9.0.6 is now available from the Tor Browser download page and also from our

99 comments

New Release: Tor Browser 9.5a7

Tor Browser 9.5a7 is now available from the Tor Browser Alpha download page and also from our

Changes to the Tor Exit List Service

We've made some changes to the way we present Tor exit lists. The Tor Exit List service maintains lists of IP addresses used by all exit relays in the Tor network.

9 comments

New Release: Tor Browser 9.5a6

Tor Browser 9.5a6 is now available from the Tor Browser Alpha download page and also from our

32 comments

Tor Village at IFF: Call for Proposals

**Update 3/3/2020: IFF has been cancelled this year.

New Release: Tor Browser 9.5a5

Tor Browser 9.5a5 is now available from the Tor Browser Alpha download page and also from our

44 comments

New Release: Tor Browser 9.0.5

Tor Browser 9.0.5 is now available from the Tor Browser download page and also from our

98 comments

New Release: BridgeDB 0.9.3

When ISPs or governments block access to the Tor network, our users rely on bridges to connect. With BridgeDB, we tackle the problem of how to get bridges to censored users while making it difficult for censors to get all bridges. A lot has changed since our last blog post, which introduced BridgeDB version 0.7.1.

New Alpha Release: Tor 0.4.3.2-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.3.2-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the coming week.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the second stable alpha release in the Tor 0.4.3.x series. It fixes several bugs present in the previous alpha release. Anybody running the previous alpha should upgrade and look for bugs in this one instead.

Changes in version 0.4.3.2-alpha - 2020-02-10

Major bugfixes (onion service client, authorization):
- On a NEWNYM signal, purge entries from the ephemeral client authorization cache. The permanent ones are kept. Fixes bug 33139; bugfix on 0.4.3.1-alpha.
Minor features (best practices tracker):
- Practracker now supports a --regen-overbroad option to regenerate the exceptions file, but only to revise exceptions to be _less_ tolerant of best-practices violations. Closes ticket 32372.

Upcoming Events

July 13, 2020 - July 17, 2020

Privacy Enhancing Technologies Symposium (online!)

July 27, 2020 - July 31, 2020

Rightscon online

August 11, 2020 - August 18, 2020

Bornhack (DK)

August 12, 2020 - August 14, 2020

Walking Onions @ USENIX Security Symposium '20

See All Upcoming Events

Recent Updates

#MoreOnionsPorfavor: Onionize your website and take back the internet

Starting today, July 8th, the Tor Project is running a one month campaign called #MoreOnionsPorfavor to raise awareness about onion sites, that is, websites

New releases: Tor 0.3.5.11, 0.4.2.8, and 0.4.3.6 (with security fixes)

We have new stable releases today. If you build Tor from source, you can download the source code for 0.4.3.6 on the website. Packages should be available within the next several weeks, with a new Tor Browser by the end of the month.

There are also updated versions for older supported series. You can download 0.3.5.11 and 0.4.2.8 at https://dist.torproject.org/.

These releases fix TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. (If you are running a version of Tor built with OpenSSL, this bug does not affect your installation.)

Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. Below are the changes in 0.4.3.6. You can also read the changes in 0.3.5.11 and the changes in 0.4.2.8.

Changes in version 0.4.3.6 - 2020-07-09

Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
- Use the correct 64-bit printf format when compiling with MINGW on Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

New alpha release: Tor 0.4.4.2-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.2-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release around the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues.

This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. If you're running with OpenSSL, this bug doesn't affect your Tor.

Changes in version 0.4.4.2-alpha - 2020-07-09

Major bugfixes (NSS, security):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor features (bootstrap reporting):
- Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call these errors "MISC" when they happened during read, and "DONE" when they happened during any other TLS operation. Closes ticket 32622.

Anti-censorship team report: June 2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in June 2020.