alpha release | Tor Blog

New Release: Tor 0.4.0.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.0.1-alpha from the download page. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by the end of the month.

New Release: Tor 0.3.5.5-alpha

Tor 0.3.5.5-alpha includes numerous bugfixes on earlier releases, including several that we hope to backport to older release series in the future.

New release: Tor 0.3.5.4-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.4-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-December.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.5.4-alpha includes numerous bugfixes on earlier versions and improves our continuous integration support. It continues our attempts to stabilize this alpha branch and build it into a foundation for an acceptable long-term-support release.

Changes in version 0.3.5.4-alpha - 2018-11-08

Major bugfixes (compilation, rust):
- Rust tests can now build and run successfully with the --enable-fragile-hardening option enabled. Doing this currently requires the rust beta channel; it will be possible with stable rust once Rust version 1.31 is released. Patch from Alex Crichton. Fixes bugs 27272, 27273, and 27274. Bugfix on 0.3.1.1-alpha.
Major bugfixes (embedding, main loop):
- When DisableNetwork becomes set, actually disable periodic events that are already enabled. (Previously, we would refrain from enabling new ones, but we would leave the old ones turned on.) Fixes bug 28348; bugfix on 0.3.4.1-alpha.

New Release: Tor 0.3.5.3-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.3-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the next few weeks.

New Release: Tor Browser for Android 1.0a2

Tor Browser for Android 1.0a2 is now available from the Tor Browser Project page and also from ou

New Release: Tor 0.3.5.2-alpha

Tor 0.3.5.2-alpha fixes several bugs in 0.3.5.1-alpha, including one that made Tor think it had run out of sockets. Anybody running a relay or an onion service on 0.3.5.1-alpha should upgrade.

New release: Tor 0.3.5.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time this week.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.5.1-alpha is the first release of the 0.3.5.x series. It adds client authorization for modern (v3) onion services, improves bootstrap reporting, begins reorganizing Tor's codebase, adds optional support for NSS in place of OpenSSL, and much more.

Changes in version 0.3.5.1-alpha - 2018-09-18

Major features (onion services, UI change):
- For a newly created onion service, the default version is now 3. Tor still supports existing version 2 services, but the operator now needs to set "HiddenServiceVersion 2" in order to create a new version 2 service. For existing services, Tor now learns the version by reading the key file. Closes ticket 27215.
Major features (relay, UI change):
- Relays no longer run as exits by default. If the "ExitRelay" option is auto (or unset), and no exit policy is specified with ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0. Previously in this case, we allowed exit traffic and logged a warning message. Closes ticket 21530. Patch by Neel Chauhan.
- Tor now validates that the ContactInfo config option is valid UTF- 8 when parsing torrc. Closes ticket 27428.

New Alpha Release: Tor Browser for Android

There’s never been an official Tor Browser on mobile. Until now.

Introducing Tor Browser for Android (alpha), the mobile browser with the highest privacy protections ever available and on par with Tor Browser for desktop. The stable release is slated for early 2019.

94 comments

New Release: Tor 0.3.4.3-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.4.3-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release over the coming weeks.

Join the discussion...

Tor 0.3.4.2-alpha is released!

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.4.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release over the coming weeks.

Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6.

Changes in version 0.3.4.2-alpha - 2018-06-12

Directory authority changes:
- Add an IPv6 address for the "dannenberg" directory authority. Closes ticket 26343.
Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
- Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.

Upcoming Events

February 23, 2019

Tor Meetup (Lisbon)

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

March 24, 2019 - March 27, 2019

KNOW 2019 (Vegas)

April 01, 2019 - April 05, 2019

Internet Freedom Festival (Valencia)

June 11, 2019 - June 14, 2019

RightsCon (Tunis)

See All Upcoming Events

Recent Updates

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.