We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.6.6 on the download page.
After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.6.5 on the download page. Packages should be available within the next several weeks, with a new Tor Browser around the end of the week.
Because this release includes security fixes, we are also releasing updates for our other supported releases. You can find their source at https://dist.torproject.org:
- 0.3.5.15 (gpg signature) (ChangeLog)
- 0.4.4.9 (gpg signature) (ChangeLog) [Note that 0.4.4.9 hits end-of-life tomorrow; this is the last supported 0.4.4.9 release.]
- 0.4.5.9 (gpg signature) (ChangeLog)
Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x series includes numerous features and bugfixes, including a significant improvement to our circuit timeout algorithm that should improve observed client performance, and a way for relays to report when they are overloaded.
This release also includes security fixes for several security issues, including a denial-of-service attack against onion service clients, and another denial-of-service attack against relays. Everybody should upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
Below are the changes since 0.4.5.8. For a list of changes since 0.4.6.4-rc, see the ChangeLog file.
Changes in version 0.4.6.5 - 2021-06-14
- Major bugfixes (security):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Fixes bug 40389; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548.
- Major bugfixes (security, defense-in-depth):
- Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
We have a new stable release today. If you build Tor from source, you can download the source code for Tor 0.4.5.8 on the download page. Packages should be available within the next several weeks, with a new Tor Browser likely next week.
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes from the 0.4.6.x series.
Changes in version 0.4.5.8 - 2021-05-10
- Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc):
- Add a workaround to enable the Linux sandbox to work correctly with Glibc 2.33. This version of Glibc has started using the fstatat() system call, which previously our sandbox did not allow. Closes ticket 40382; see the ticket for a discussion of trade-offs.
- Minor features (compilation, backport from 0.4.6.3-rc):
- Make the autoconf script build correctly with autoconf versions 2.70 and later. Closes part of ticket 40335.
After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.5.6 on the download page. Packages should be available within the next several weeks, with a new Tor Browser likely next week.
The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. Karsten is best known for creating the Tor metrics portal and leading the metrics team, but he was involved in Tor from the early days. For example, while he was still a student he invented and implemented the v2 onion service directory design, and he also served as an ambassador to the many German researchers working in the anonymity field. We loved him and respected him for his patience, his consistency, and his welcoming approach to growing our community.
This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes.
Below are the changes since 0.4.4.7. For a list of changes since 0.4.5.5-rc, see the ChangeLog file.
Changes in version 0.4.5.6 - 2021-02-15
- Major features (build):
- When building Tor, first link all object files into a single static library. This may help with embedding Tor in other programs. Note that most Tor functions do not constitute a part of a stable or supported API: only those functions in tor_api.h should be used if embedding Tor. Closes ticket 40127.
- Major features (metrics):
- Introduce a new MetricsPort which exposes, through an HTTP interface, a series of metrics that tor collects at runtime. At the moment, the only supported output format is Prometheus data model. Closes ticket 40063. See the manual page for more information and security considerations.
We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.4.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser later this month.
We're also releasing updates for older stable release series. You can download 0.3.5.13 (changelog) and 0.4.3.8 (changelog) from dist.torproject.org. Note that the 0.4.3.x series will no longer be supported after 15 February.
Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.
Changes in version 0.4.4.7 - 2021-02-03
- Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
- Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha.
- Major feature (exit, backport from 0.4.5.5-rc):
- Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667.
We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.4.6 on the download page. Packages should be available within the next several weeks, with a new Tor Browser likely next week.
Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
Changes in version 0.4.4.6 - 2020-11-12
- Major bugfixes (security, backport from 0.4.5.1-alpha):
- When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005.
- Minor features (directory authorities, backport from 0.4.5.1-alpha):
- Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly recommended and/or required protocols are included, and so that clients using 0.2.9 or later will continue to work (even though they are not supported), whereas only relays running 0.3.5 or later will meet the requirements. Closes ticket 40162.
- Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164.
After months of work, we have a new stable release series!
If you build Tor from source, you can download the source
code for 0.4.4.5 on the
Packages should be available within the next several weeks, with a new Tor Browser by some time next week.
Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series.
Per our support policy, we support each stable release series for nine months after its first stable release, or three months after the first stable release of the next series: whichever is longer. This means that 0.4.4.x will be supported until around June 2021--or later, if 0.4.5.x is later than anticipated.
Note also that support for 0.4.2.x has just ended; support for 0.4.3 will continue until Feb 15, 2021. We still plan to continue supporting 0.3.5.x, our long-term stable series, until Feb 2022.
Below are the changes since 0.4.3.6-rc. For a complete list of changes since 0.4.4.4-rc, see the ChangeLog file.
Changes in version 0.4.4.5 - 2020-09-15
- Major features (Proposal 310, performance + security):
- Implements Proposal 310, "Bandaid on guard selection". Proposal 310 solves load-balancing issues with older versions of the guard selection algorithm, and improves its security. Under this new algorithm, a newly selected guard never becomes Primary unless all previously sampled guards are unreachable. Implements recommendation from 32088. (Proposal 310 is linked to the CLAPS project researching optimal client location-aware path selections. This project is a collaboration between the UCLouvain Crypto Group, the U.S. Naval Research Laboratory, and Princeton University.)
- Major features (fallback directory list):
- Replace the 148 fallback directories originally included in Tor 0.4.1.4-rc (of which around 105 are still functional) with a list of 144 fallbacks generated in July 2020. Closes ticket 40061.