security fixes | Tor Blog

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues. For more information about the issues, follow the links from from https://trac.torproject.org/projects/tor/wiki/TROVE

New Tor Browser Bundles with Firefox 17.0.9esr

The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr.

73 comments

New bundles (security release)

New Bundles (security release)

78 comments

New Tor Browser Bundles (security release)

The Tor Browser Bundles have been updated with a very important security fix.

49 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated to Tor 0.2.2.35 which has a fix for a security critical bug.

50 comments

Tor 0.2.2.35 is released (security patches)

Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.

8 comments

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.

4 comments

Tor 0.2.2.34 is released (security patches)

Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.

50 comments

Tor 0.2.3.5-alpha is out

Tor 0.2.3.5-alpha fixes two bugs that make it possible to enumerate
bridge relays; fixes an assertion error that many users started hitting

3 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated again, this time with Firefox 6.0.2, Torbutton 1.4.2, and more privacy-enhancing patches.

76 comments

Upcoming Events

May 25, 2019

Tor Meetup (Athens)

June 11, 2019 - June 14, 2019

RightsCon (Tunis)

June 27, 2019 - June 29, 2019

Congresso Abraji (Brasil)

July 16, 2019 - July 20, 2019

PETS (Stockholm)

August 08, 2019 - August 11, 2019

DEF CON (Las Vegas)

See All Upcoming Events

Recent Updates

New alpha release: Tor 0.4.1.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.1.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release in the next couple of weeks.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the first alpha in the 0.4.1.x series. It introduces lightweight circuit padding to make some onion-service circuits harder to distinguish, includes a new "authenticated SENDME" feature to make certain denial-of-service attacks more difficult, and improves performance in several areas.

Changes in version 0.4.1.1-alpha - 2019-05-22

Major features (circuit padding):
- Onion service clients now add padding cells at the start of their INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic look more like general purpose Exit traffic. The overhead for this is 2 extra cells in each direction for RENDEZVOUS circuits, and 1 extra upstream cell and 10 downstream cells for INTRODUCE circuits. This feature is only enabled when also supported by the circuit's middle node. (Clients may specify fixed middle nodes with the MiddleNodes option, and may force-disable this feature with the CircuitPadding torrc.) Closes ticket 28634.
Major features (code organization):
- Tor now includes a generic publish-subscribe message-passing subsystem that we can use to organize intermodule dependencies. We hope to use this to reduce dependencies between modules that don't need to be related, and to generally simplify our codebase. Closes ticket 28226.

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

New Tor Browser Bundles with Firefox 17.0.9esr

New bundles (security release)

New Tor Browser Bundles (security release)

New Tor Browser Bundles

Tor 0.2.2.35 is released (security patches)

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.2.34 is released (security patches)

Tor 0.2.3.5-alpha is out

New Tor Browser Bundles

New alpha release: Tor 0.4.1.1-alpha

Changes in version 0.4.1.1-alpha - 2019-05-22

New Release: Tor Browser 9.0a1

New Release: Tor Browser 8.5

Mozilla Research Call: Tune up Tor for Integration and Scale