Tor is released.

Hi! I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade, as should any clients who rely on port-based circuit isolation. Right now, the source is available on the website, and packages should become available once their maintainers build them.

Tor fixes a regression in the circuit isolation code, increases the requirements for receiving an HSDir flag, and addresses some other small bugs in the systemd and sandbox code. Clients using circuit isolation should upgrade; all directory authorities should upgrade.

Changes in version - 2015-06-11

  • Major bugfixes (client-side privacy):
    • Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on Patch by "jojelino".
  • Minor feature (directory authorities, security):
    • The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable which takes at the very least 7 days to do so and by keeping the 96 hours uptime requirement for HSDir. Implements ticket 8243.

  read more »

Tor is released

Hi, I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade. Right now, the source is available on the website, and packages should become available one their maintainers build them.

Tor fixes a bit of dodgy code in parsing INTRODUCE2 cells, and fixes an authority-side bug in assigning the HSDir flag. All directory authorities should upgrade.

Changes in version - 2015-05-21
  • Major bugfixes (hidden services, backport from
    • Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-
  • Minor bugfixes (hidden service, backport from
    • Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on a client authorized hidden service. Fixes bug 15823; bugfix on
  • Minor features (geoip):
    • Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
    • Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.

Tor is released

Tor is the first alpha release in its series. It includes numerous small features and bugfixes against previous Tor versions, and numerous small infrastructure improvements. The most notable features are several new ways for controllers to interact with the hidden services subsystem.

You can download the source from the usual place on the website. Packages should be up in a few days.

NOTE: This is an alpha release. Please expect bugs.

Changes in version - 2015-05-12
  • New system requirements:
    • Tor no longer includes workarounds to support Libevent versions before 1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248.
  • Major features (controller):
    • Add the ADD_ONION and DEL_ONION commands that allow the creation and management of hidden services via the controller. Closes ticket 6411.
    • New "GETINFO onions/current" and "GETINFO onions/detached" commands to get information about hidden services created via the controller. Part of ticket 6411.
    • New HSFETCH command to launch a request for a hidden service descriptor. Closes ticket 14847.
    • New HSPOST command to upload a hidden service descriptor. Closes ticket 3523. Patch by "DonnchaC".

  read more »

A new alpha series begins: Tor is released

Tor is the first release in the Tor 0.2.6.x series. It includes numerous code cleanups and new tests, and fixes a large number of annoying bugs. Out-of-memory conditions are handled better than in 0.2.5, pluggable transports have improved proxy support, and clients now use optimistic data for contacting hidden services. Also, we are now more robust to changes in what we consider a parseable directory object, so that tightening restrictions does not have a risk of introducing infinite download loops.

This is the first alpha release in a new series, so expect there to be bugs. Users who would rather test out a more stable branch should stay with 0.2.5.x for now.

This announcement is for the source release only; I'd expect that compiled packages for several platforms should be available over the next several days.

Changes in version - 2014-10-30
  • New compiler and system requirements:
    • Tor 0.2.6.x requires that your compiler support more of the C99 language standard than before. The 'configure' script now detects whether your compiler supports C99 mid-block declarations and designated initializers. If it does not, Tor will not compile.

      We may revisit this requirement if it turns out that a significant number of people need to build Tor with compilers that don't bother implementing a 15-year-old standard. Closes ticket 13233.

    • Tor no longer supports systems without threading support. When we began working on Tor, there were several systems that didn't have threads, or where the thread support wasn't able to run the threads of a single process on multiple CPUs. That no longer holds: every system where Tor needs to run well now has threading support. Resolves ticket 12439.

  read more »

Tor is released! (and Tor 0.2.3.x is deprecated)

Tor is the first stable release in the 0.2.5 series.

It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux (requires seccomp2). The controller protocol has several new features, resolving IPv6 addresses should work better than before, and relays should be a little more CPU-efficient. We've added support for more OpenBSD and FreeBSD transparent proxy types. We've improved the build system and testing infrastructure to allow unit testing of more parts of the Tor codebase. Finally, we've addressed several nagging pluggable transport usability issues, and included numerous other small bugfixes and features mentioned below.

This release marks end-of-life for Tor 0.2.3.x; those Tor versions have accumulated many known flaws; everyone should upgrade.

Below we list all changes in since the 0.2.4.x series; for a list of changes in individual alpha releases, see the ChangeLog. read more »

Changes in version - 2014-10-24

Vidalia 0.2.19 is out!

Hello everybody,

I'm glad to announce that Vidalia stable has new releases, 0.2.18 and 0.2.19.
They are not really big releases, but there are some fixes here to make it more comfortable for you while we get the alpha ready to be called stable.

Why two different releases? Well, errors occur and version numbers don't cost any money, so basically 0.2.18 was released, a couple of issues were found and then we made 0.2.19 fixing them.

You can find the source tarballs in here:

IMPORTANT NOTE: Vidalia releases have been in sync with Tor Browser Bundle releases. This won't necessarily happen anymore. It became hard to sync all the software that TBB contains, so Vidalia releases got delayed for more urgent Firefox issues and things like that. We therefor decided that Vidalia will be released when ready, and TBB will get it at some point.

So, if you don't want to build Vidalia from source, you need to be patient.

Here's what changed for 0.2.18 and 0.2.19:

0.2.18 14-May-2012

  • Use consensus bandwidth for routers when microdescriptors is
    enabled. Fixes bug 3287.

  • Notify users that a warning status event has appeared by flashing
    the Message Log button. Fixes bug 3957.
  • Fix a method that didn't return the specified type if another
    control method was selected. Fixes bug 4065.
  • Resume listing relays in the Network Map panel even when Tor only
    offers microdescriptors (new in Tor 0.2.3.x). Fixes ticket 4203.
  • Handle unrecognized Tor bootstrap phases. (Tor tells us a summary
    description of each bootstrap phase as it occurs, so we can use
    that string if needed.) Fixes bug 5109.
  • Displays Korean, Catalan and Greek in their native scripts. Fix
    bug 5110.
  • Support adding comments in the same line as a config option inside
    the torrc dialog. Fixes bug 5475.
  • Remove Polipo and Torbutton from Vidalia's build scripts. Resolves
    ticket 5769.
  • Fix deadlock when the browser process failed to launch in OS X.
  • Add ProfileDirectory, DefaultProfileDirectory, PluginsDirectory,
    DefaultPluginsDirectory for better Browser configuration. Also set
    the Vidalia binary location as the starting point for relative
  • Enable Burmese, Croatian, Basque and Serbian translation.
  • Remove the "Find bridges" button in order to avoid compromising
    users that need to hide behind tor at all times. Fixes bug 5371.
  • Add visual feedback from VClickLabel when in "pressed" state.
    Resolves ticket 5766.

0.2.19 30-May-2012

  • Disable "Run Vidalia when my system starts" if the
    BrowserExecutable config option is set. This will avoid issues with
    TBB users starting Vidalia the wrong way.
  • Automigrate TorExecutable, Torrc and DataDirectory config options
    to the new relative path handling.
  • Really get rid of the openssl dependency. The goal had been to
    achieve that for 0.2.18, but not everything was actually removed.
  • For static builds on windows, correctly link with zlib and

Vidalia 0.2.17 is out!

Hello everyone, it's been a while since we had a Vidalia release, so we thought "why not make two?".

On a more serious comment, the only difference between 0.2.16 and 0.2.17 is what translations are in. Since we changed our translations workflow, we needed to update the availability policy. Basically, every new translation that has more than 90% done gets enabled. If any of the enabled translations drop bellow the 75% done, we take them out.

Remember that if you find any bugs, you can report them at

Here's what changed since 0.2.15:

0.2.17 11-Feb-2012

  • Improve the translation policy: do not remove translations that
    are not under 75% done. This re enables Polish and Catalan.

0.2.16 11-Feb-2012

  • Make the default data directory in windows be located in the Local
    AppData instead of the Roaming one. Fixes bug 2319.
  • Do not launch Firefox with every CIRCUIT_ESTABLISHED signal, do it
    only if Firefox isn't open yet. Fixes bug 2943.
  • Uses TAKEOWNERSHIP and __OwningControllerProcess to avoid leaving
    tor running in background if Vidalia exits unexpectedly. Fixes bug
  • Attempt to remove port.conf file before using it to avoid a race
    condition between tor and Vidalia. Fixes bug 4048.
  • Do not allow users to check the "My ISP blocks..." checkbox
    without entering any bridges. Also updates the
    documentation. Fixes bug 4290.
  • Check that the authentication-cookie file length is exactly 32
    bytes long. Fixes bug 4304.
  • Explicitly disable ControlPort auto. Fixes bug 4379.
  • Make the non exit relay option backward compatible with Vidalia <
    0.2.14 so that it doesn't confuse users. Fixes bug 4642.
  • Sets the preferred size for the GUI layout so it doesn't squeeze
    widges when the size isn't big enough. Fixes bug 4656.
  • Removes the option to have only HTTPProxy since it does not work
    any more as it used to do with older tor versions. Users should
    use HTTP/HTTPSProxy instead. Fixes bug 4724.
  • Add a hidden configuration option called SkipVersionCheck so
    systems like Tails can force Vidalia to skip checking tor's
    version. Resolves ticket 4736.
  • When Tor has cached enough information it bootstraps faster than
    what takes Vidalia connect to it, so Vidalia does not see the
    event to update the progress bar. Now Vidalia explicitly asks for
    bootstrap-phase when it connects to Tor, and updates the progress
    to what is actually happening instead of hanging in
    "Authenticating to Tor". Fixes bug 4827.
  • Fix size hints in the main window layout so that tilling window
    managers display the window properly. Thanks to Mike Warren for
    the fix. Fixes bug 4907.
  • Vidalia only validates IPv4 bridge lines. IPv6 bridges are now
    available, and there will be pluggable transport bridge lines. So
    the validation is now delegated to Tor through SETCONF.
  • Explicitly disable SocksPort auto by setting it to its default
    (9050). Fixes bug 4598.
  • Sets __ReloadTorrcOnSIGHUP to 0 if SAVECONF failed, which means
    the user can't write the torrc file. Fixes bug 4833.
  • Enable new translations that are >90% done. The new languages are:
    Bulgarian, Czech, Hebrew, Greek, Indonesian, Korean,
    Dutch. Resolves ticket 5051.
  • Remove translations that aren't ready enough: Japanese, Thai,
    Albanian, Vietnamese, Chinese (Taiwan), Polish, Catalan and
Syndicate content Syndicate content