Skip to main content
Home

The Tor Project

Enter the terms you wish to search for.

Main menu

  • About Tor
  • Donate

Tor 0.2.1.26-stable released

by phobos | June 09, 2010

Tor 0.2.1.26 addresses the recent connection and memory overload problems we've been seeing on relays, especially relays with their DirPort open.

  • 70 comments

Technology Preview: Bridge by default for Microsoft Windows clients

by phobos | June 06, 2010

We keep hearing from people around the world that clicking the 3 buttons to turn yourself into a bridge is too difficult todo for most users.

  • 39 comments

Plaintext over Tor is still plaintext

by phobos | June 01, 2010

Recently, a few articles have been published regarding Tor, Wikileaks, and snooping data coming out of the Tor network.

  • 33 comments

Tor Browser Bundle Updates

by phobos | June 01, 2010

On May 26, Tor Browser Bundle for Microsoft Windows is updated to include the newer Vidalia 0.2.9. This fixes some issues with character set handling, and adds Vietnamese as a new language.

  • 30 comments

Vidalia 0.2.9 Released

by phobos | May 26, 2010

On May 20, we released Vidalia 0.2.9. Fixes include Qt 4.6.2 compatibility, new cert, and some new translations.

  • 17 comments

Tor-related research positions at the University of Waterloo

by ian | May 13, 2010

If you know anyone who'd like to be a grad student or postdoc working on Tor (or related things), please pass this information along to them.

  • 10 comments

April 2010 Progress Report

by phobos | May 10, 2010

New releases

  • 11 comments

Bittorrent over Tor isn't a good idea

by arma | April 29, 2010

An increasing number of people are asking us about the recent paper coming out of Inria in France around Bittorrent a

  • 77 comments

You have won the Tor sweepstakes and other scams

by phobos | April 28, 2010

Over the past 18 months someone has been mailing fake checks from us to individuals all over the United States. The text of the letter one receives is:

  • 11 comments

Tor 0.2.2.11-alpha and 0.2.2.12-alpha are out

by phobos | April 23, 2010

Tor 0.2.2.12-alpha fixes a critical bug in how directory authorities
handle and vote on descriptors. It was causing relays to drop out of
the consensus.

  • 13 comments

Pagination

  • First page « First
  • Previous page ‹ Previous
  • …
  • Page 84
  • Current page 85
  • Page 86
  • Page 87
  • …
  • Next page Next ›
  • Last page Last »

Upcoming Events

February 23, 2019
Tor Meetup (Lisbon)
March 23, 2019 - March 24, 2019
LibrePlanet (Boston)
March 24, 2019 - March 27, 2019
KNOW 2019 (Vegas)
April 01, 2019 - April 05, 2019
Internet Freedom Festival (Valencia)
June 11, 2019 - June 14, 2019
RightsCon (Tunis)
See All Upcoming Events

Recent Updates

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

by nickm | February 21, 2019

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

  • Major bugfixes (cell scheduler, KIST, security):
    • Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
  • Major bugfixes (networking, backport from 0.4.0.2-alpha):
    • Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

 

New Release: OnionShare 2

by micah | February 20, 2019

The original version of this post can be found on Micah Lee's blog.

New Release: Tor Browser 8.5a8

by boklm | February 15, 2019

Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our

New Release: Tor Browser 8.0.6

by boklm | February 12, 2019

Tor Browser 8.0.6 is now available from the Tor Browser Project page and also from our

© 2019 The Tor Project

Footer

  • The Tor Project
  • RSS
  • Donate