security fixes | Tor Blog

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues. For more information about the issues, follow the links from from https://trac.torproject.org/projects/tor/wiki/TROVE

New Tor Browser Bundles with Firefox 17.0.9esr

The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr.

73 comments

New bundles (security release)

New Bundles (security release)

78 comments

New Tor Browser Bundles (security release)

The Tor Browser Bundles have been updated with a very important security fix.

49 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated to Tor 0.2.2.35 which has a fix for a security critical bug.

50 comments

Tor 0.2.2.35 is released (security patches)

Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.

8 comments

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.

4 comments

Tor 0.2.2.34 is released (security patches)

Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.

50 comments

Tor 0.2.3.5-alpha is out

Tor 0.2.3.5-alpha fixes two bugs that make it possible to enumerate
bridge relays; fixes an assertion error that many users started hitting

3 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated again, this time with Firefox 6.0.2, Torbutton 1.4.2, and more privacy-enhancing patches.

76 comments

Upcoming Events

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

March 24, 2019 - March 27, 2019

KNOW 2019 (Vegas)

March 28, 2019

Tor Meetup (Valencia)

April 01, 2019 - April 05, 2019

Internet Freedom Festival (Valencia)

June 11, 2019 - June 14, 2019

RightsCon (Tunis)

See All Upcoming Events

Recent Updates

New release: Tor 0.4.0.3-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.0.3-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in the coming weeks.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.0.3-alpha is the third in its series; it fixes several small bugs from earlier versions.

Changes in version 0.4.0.3-alpha - 2019-03-22

Minor features (address selection):
- Treat the subnet 100.64.0.0/10 as public for some purposes; private for others. This subnet is the RFC 6598 (Carrier Grade NAT) IP range, and is deployed by many ISPs as an alternative to RFC 1918 that does not break existing internal networks. Tor now blocks SOCKS and control ports on these addresses and warns users if client ports or ExtORPorts are listening on a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan.
Minor features (geoip):
- Update geoip and geoip6 to the March 4 2019 Maxmind GeoLite2 Country database. Closes ticket 29666.

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

New Tor Browser Bundles with Firefox 17.0.9esr

New bundles (security release)

New Tor Browser Bundles (security release)

New Tor Browser Bundles

Tor 0.2.2.35 is released (security patches)

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.2.34 is released (security patches)

Tor 0.2.3.5-alpha is out

New Tor Browser Bundles

New release: Tor 0.4.0.3-alpha

Changes in version 0.4.0.3-alpha - 2019-03-22

New Release: Tor Browser 8.5a9

New Release: Tor Browser 8.0.7

Making Diversity The Default in The Open Source World