release candidate

New Release: Tor 0.3.5.6-rc

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.6-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by early February.

New Release: Tor 0.3.4.6-rc

There's a new alpha release available for download. If you build Tor from source, you can download the source code for Tor 0.3.4.6-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by some time next month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.4.6-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a release candidate: if no serious bugs are found, we expect that the stable 0.3.4 release will be (almost) the same as this release.

Changes in version 0.3.4.6-rc - 2018-08-06

Major bugfixes (event scheduler):
- When we enable a periodic event, schedule it in the event loop rather than running it immediately. Previously, we would re-run periodic events immediately in the middle of (for example) changing our options, with unpredictable effects. Fixes bug 27003; bugfix on 0.3.4.1-alpha.
Minor features (compilation):
- When building Tor, prefer to use Python 3 over Python 2, and more recent (contemplated) versions over older ones. Closes ticket 26372.

Tor 0.3.3.5-rc is released!

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.3.3.5-rc from the usual place on the website. If you don't build Tor from source, don't worry! Updated packages should be available over the coming weeks, with a new alpha Tor Browser release some time this week.

Tor 0.2.6.4-rc is released

Tor 0.2.6.4-rc fixes an issue in the directory code that an attacker might be able to use in order to crash certain Tor directories.

9 comments

New Tor Browser Bundles with Firefox 17.0.11esr and Tor 0.2.4.18-rc

Firefox 17.0.11esr has been released with several security fixes and the stable and RC Tor Browser Bundles h

33 comments

New Tor 0.2.4.16-rc packages and updated stable Tor Browser Bundles

There's a new Tor 0.2.4.16-rc out and all packages, including the beta Tor Browser Bundles, have

29 comments

New Tor Browser Bundles and alpha bundles

All of the Tor Browser Bundles have been updated with the latest Firefox 10.0.10esr release and all of the alpha packages, including the alpha Tor Browser Bundles, have been updated with the latest

12 comments

New Tor Browser Bundles and alpha bundles

The stable Tor Browser Bundles have been updated to fix a crash bug that existed in the previous version.

10 comments

New bundles (security release)

New Bundles (security release)

78 comments

New Tor Browser and Obfsproxy Bundles

The alpha Tor Browser Bundles have all been updated to the latest Tor 0.2.3.20-rc release candidate as well as being updated with some bugfixes.

19 comments

Upcoming Events

March 28, 2019

Tor Meetup (Valencia)

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

March 24, 2019 - March 27, 2019

KNOW 2019 (Vegas)

April 01, 2019 - April 05, 2019

Internet Freedom Festival (Valencia)

June 11, 2019 - June 14, 2019

RightsCon (Tunis)

See All Upcoming Events

Recent Updates

Making Diversity The Default in The Open Source World

Tor is a community, an organization, a network, and a place to build and maintain technology that protects your information when navigating the internet.

International Women's Day

Today, March 8th, women all around the world are expressing themselves in one way or another on commemorating their all year long struggle for equality and justice.

How Has Tor Helped You? Send Us Your Story.

Last September, we asked to hear stories about how Tor has helped protect people online.

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.