release candidate

New Release Candidate: Tor 0.4.3.4-rc

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.3.4-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely later this week.

This is a release candidate: unless we find new significant bugs in it, the stable release for the 0.4.3.x series will be substantially the same as this release.

Tor 0.4.3.4-rc is the first release candidate in its series. It fixes several bugs from earlier versions, including one affecting DoS defenses on bridges using pluggable transports.

Changes in version 0.4.3.4-rc - 2020-04-13

Major bugfixes (DoS defenses, bridges, pluggable transport):
- Fix a bug that was preventing DoS defenses from running on bridges with a pluggable transport. Previously, the DoS subsystem was not given the transport name of the client connection, thus failed to find the GeoIP cache entry for that client address. Fixes bug 33491; bugfix on 0.3.3.2-alpha.
Minor feature (sendme, flow control):
- Default to sending SENDME version 1 cells. (Clients are already sending these, because of a consensus parameter telling them to do so: this change only affects what clients would do if the consensus didn't contain a recommendation.) Closes ticket 33623.

New Release Candidate: Tor 0.4.2.4-rc

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.2.4-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by December 3.

Remember, this is a release candidate: there may still be more bugs here than usual. We'd love to know about any new ones, so that we can try to get them fixed before we call this series stable.

Tor 0.4.2.4-rc is the first release candidate in its series. It fixes several bugs from earlier versions, including a few that would result in stack traces or incorrect behavior.

Changes in version 0.4.2.4-rc - 2019-11-15

Minor features (build system):
- Make pkg-config use --prefix when cross-compiling, if PKG_CONFIG_PATH is not set. Closes ticket 32191.
Minor features (geoip):
- Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2 Country database. Closes ticket 32440.

15 comments

New release candidate: Tor 0.4.1.4-rc

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.1.4-rc from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the next month or so.

Remember, this is just a release candidate: you should only run this if you'd like to find and report bugs.

Tor 0.4.1.4-rc fixes a few bugs from previous versions of Tor, and updates to a new list of fallback directories. If no new bugs are found, the next release in the 0.4.1.x series should be stable.

Changes in version 0.4.1.4-rc - 2019-07-25

Major bugfixes (circuit build, guard):
- When considering upgrading circuits from "waiting for guard" to "open", always ignore circuits that are marked for close. Otherwise, we can end up in the situation where a subsystem is notified that a closing circuit has just opened, leading to undesirable behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha.
Minor features (continuous integration):
- Our Travis configuration now uses Chutney to run some network integration tests automatically. Closes ticket 29280.

New Release: Tor 0.4.0.4-rc

Tor 0.4.0.4-rc is the first release candidate in its series; it fixes several bugs from earlier versions, including some that had affected stability, and one that prevented relays from working with NSS.

New Release: Tor 0.3.5.6-rc

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.6-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by early February.

4 comments

New Release: Tor 0.3.4.6-rc

There's a new alpha release available for download. If you build Tor from source, you can download the source code for Tor 0.3.4.6-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by some time next month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.4.6-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a release candidate: if no serious bugs are found, we expect that the stable 0.3.4 release will be (almost) the same as this release.

Changes in version 0.3.4.6-rc - 2018-08-06

Major bugfixes (event scheduler):
- When we enable a periodic event, schedule it in the event loop rather than running it immediately. Previously, we would re-run periodic events immediately in the middle of (for example) changing our options, with unpredictable effects. Fixes bug 27003; bugfix on 0.3.4.1-alpha.
Minor features (compilation):
- When building Tor, prefer to use Python 3 over Python 2, and more recent (contemplated) versions over older ones. Closes ticket 26372.

5 comments

Tor 0.3.3.5-rc is released!

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.3.3.5-rc from the usual place on the website. If you don't build Tor from source, don't worry! Updated packages should be available over the coming weeks, with a new alpha Tor Browser release some time this week.

6 comments

Tor 0.3.0.5-rc is released: almost stable!

Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the 0.3.0 release series.

10 comments

Tor 0.3.0.4-rc is released

Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0 release series, and introduces a few reliability features to keep them from coming back.

4 comments

Tor 0.2.9.7-rc is released: almost stable!

There's a new development release of Tor!
Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms.

14 comments

Upcoming Events

July 27, 2020 - July 31, 2020

Rightscon online

August 11, 2020 - August 18, 2020

Bornhack (DK)

August 12, 2020 - August 14, 2020

Walking Onions @ USENIX Security Symposium '20

See All Upcoming Events

Recent Updates

#MoreOnionsPorfavor: Onionize your website and take back the internet

Starting today, July 8th, the Tor Project is running a one month campaign called #MoreOnionsPorfavor to raise awareness about onion sites, that is, websites

New releases: Tor 0.3.5.11, 0.4.2.8, and 0.4.3.6 (with security fixes)

We have new stable releases today. If you build Tor from source, you can download the source code for 0.4.3.6 on the website. Packages should be available within the next several weeks, with a new Tor Browser by the end of the month.

There are also updated versions for older supported series. You can download 0.3.5.11 and 0.4.2.8 at https://dist.torproject.org/.

These releases fix TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. (If you are running a version of Tor built with OpenSSL, this bug does not affect your installation.)

Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. Below are the changes in 0.4.3.6. You can also read the changes in 0.3.5.11 and the changes in 0.4.2.8.

Changes in version 0.4.3.6 - 2020-07-09

Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
- Use the correct 64-bit printf format when compiling with MINGW on Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

New alpha release: Tor 0.4.4.2-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.2-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release around the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues.

This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. If you're running with OpenSSL, this bug doesn't affect your Tor.

Changes in version 0.4.4.2-alpha - 2020-07-09

Major bugfixes (NSS, security):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor features (bootstrap reporting):
- Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call these errors "MISC" when they happened during read, and "DONE" when they happened during any other TLS operation. Closes ticket 32622.

Anti-censorship team report: June 2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in June 2020.