security updates | Tor Blog

We’re Upping Our Support to Mobile Browsing

It’s essential for us to reach people in areas in the world with heavy online surveillance and censorship, especially those in the Global South. Most people in these regions only use smartphones to access the internet, and we want to better support these users by upping our support for mobile browsing.

49 comments

New Tor Browser Bundles for Linux

The Tor Browser Bundles for Linux have all been updated to really include the latest Firefox, 10.0.2.

37 comments

New Tor Browser Bundles

The Tor Browser Bundles have all been updated to the latest Firefox 10.0.2.

https://www.torproject.org/download

49 comments

Lots of new Tor packages

A new Tor stable (0.2.1.29) (sig

New Tor Browser Bundle packages

The Tor Browser Bundles have all been updated with some important security fixes and it is advised that all users upgrade.

11 comments

Tor Project infrastructure updates

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

38 comments

Upcoming Events

July 12, 2021 - July 16, 2021

Privacy Enhancing Technologies Symposium (PETS)

August 27, 2021

Free and Open Communications on the Internet (FOCI) workshop

See All Upcoming Events

Recent Updates

Internet Freedom, Privacy, & LGBTQIA+ Human Rights

Every June, we recognize Pride month because internet freedom and the human rights of LGBTQIA+ people go hand in hand.

New stable security releases: 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5

After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.6.5 on the download page. Packages should be available within the next several weeks, with a new Tor Browser around the end of the week.

Because this release includes security fixes, we are also releasing updates for our other supported releases. You can find their source at https://dist.torproject.org:

0.3.5.15 (gpg signature) (ChangeLog)
0.4.4.9 (gpg signature) (ChangeLog) [Note that 0.4.4.9 hits end-of-life tomorrow; this is the last supported 0.4.4.9 release.]
0.4.5.9 (gpg signature) (ChangeLog)

Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x series includes numerous features and bugfixes, including a significant improvement to our circuit timeout algorithm that should improve observed client performance, and a way for relays to report when they are overloaded.

This release also includes security fixes for several security issues, including a denial-of-service attack against onion service clients, and another denial-of-service attack against relays. Everybody should upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.

Below are the changes since 0.4.5.8. For a list of changes since 0.4.6.4-rc, see the ChangeLog file.

Changes in version 0.4.6.5 - 2021-06-14

Major bugfixes (security):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Fixes bug 40389; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548.
Major bugfixes (security, defense-in-depth):
- Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.

New Release: Tor Browser 10.5a16

Tor Browser 10.5a16 is now available from the Tor Browser download page and also from our

New Release: Tor Browser 10.0.17

Tor Browser 10.0.17 is now available from the Tor Browser download page and also from our