Arti 1.2.0 is released: onion services development

Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.2.0.

In Arti 1.2.0, trying out onion services will hopefully be a smoother experience. We have fixed a number of bugs and security issues, and have made the onion-service-service feature non-experimental.

We have begun design work on some of the onion service security features on our roadmap, such as the memory DoS prevention subsystem, and the connection bandwidth rate-limiter. In addition, we have scoped the remaining work for supporting hidden service client authorization, which will be implemented in a future release.

This release also fixes a low severity security issue: the relay message handling code was not rejecting empty DATA messages, which could be used to inject an undetected traffic signal. This issue is tracked as TROVE-2024-001.

There are still some rough edges and missing security features, so we don't (yet) recommend Arti onion services for production use, or for any purpose that requires privacy.

For instructions on how to run an onion service in Arti, see our work-in-progress HOWTO document. We hope to make these instructions simpler and better as our implementation improves.

For full details on what we've done, and for information about many smaller and less visible changes as well, please see the CHANGELOG.

In the next releases, we will focus on implementing the missing security features and on improving stability.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Alexander Færøy, Jim Newsome, Tobias Stoeckmann, and trinity-1686a.

Also, our deep thanks to Zcash Community Grants and our other sponsors for funding the development of Arti!