We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.4.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser later this month.

We're also releasing updates for older stable release series. You can download 0.3.5.13 (changelog) and 0.4.3.8 (changelog) from dist.torproject.org. Note that the 0.4.3.x series will no longer be supported after 15 February.

Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.

Changes in version 0.4.4.7 - 2021-02-03

• Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
  • Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha.
• Major feature (exit, backport from 0.4.5.5-rc):
  • Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667.

We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.4.6 on the download page. Packages should be available within the next several weeks, with a new Tor Browser likely next week.

We've also released 0.3.5.12 (changelog) and 0.4.3.7 (changelog) today. You can find the source for them at https://dist.torproject.org/, along with older releases.

Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.

Changes in version 0.4.4.6 - 2020-11-12

• Major bugfixes (security, backport from 0.4.5.1-alpha):
  • When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005.
• Minor features (directory authorities, backport from 0.4.5.1-alpha):
  • Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly recommended and/or required protocols are included, and so that clients using 0.2.9 or later will continue to work (even though they are not supported), whereas only relays running 0.3.5 or later will meet the requirements. Closes ticket 40162.
  • Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164.

After months of work, we have a new stable release series!
If you build Tor from source, you can download the source
code for 0.4.4.5 on the
download page.
Packages should be available within the next several weeks, with a new Tor Browser by some time next week.

Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series.

Per our support policy, we support each stable release series for nine months after its first stable release, or three months after the first stable release of the next series: whichever is longer. This means that 0.4.4.x will be supported until around June 2021--or later, if 0.4.5.x is later than anticipated.

Note also that support for 0.4.2.x has just ended; support for 0.4.3 will continue until Feb 15, 2021. We still plan to continue supporting 0.3.5.x, our long-term stable series, until Feb 2022.

Below are the changes since 0.4.3.6-rc. For a complete list of changes since 0.4.4.4-rc, see the ChangeLog file.

Changes in version 0.4.4.5 - 2020-09-15

• Major features (Proposal 310, performance + security):
  • Implements Proposal 310, "Bandaid on guard selection". Proposal 310 solves load-balancing issues with older versions of the guard selection algorithm, and improves its security. Under this new algorithm, a newly selected guard never becomes Primary unless all previously sampled guards are unreachable. Implements recommendation from 32088. (Proposal 310 is linked to the CLAPS project researching optimal client location-aware path selections. This project is a collaboration between the UCLouvain Crypto Group, the U.S. Naval Research Laboratory, and Princeton University.)
• Major features (fallback directory list):
  • Replace the 148 fallback directories originally included in Tor 0.4.1.4-rc (of which around 105 are still functional) with a list of 144 fallbacks generated in July 2020. Closes ticket 40061.

After months of work, we have a new stable release series!

We have new releases today. If you build Tor from source, you can download the source code for 0.4.2.7 from the download page on the website. Packages should be available within the next several days, including a new Tor Browser.

We have two new stable releases today. If you build Tor from source, you can download the source code for 0.4.2.6 from the download page on our website. Packages should be available within the next several weeks, with a new Tor Browser by mid-February.

Ater months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.2.5 on the website. Packages should be available within the next several weeks, with a new Tor Browser around January 7.

We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.1.6 from the download page on the website. Packages should be available within the next several weeks, with a new Tor Browser in the next week or two.

This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, or experiencing reliability issues with single onion services, should upgrade.

Changes in version 0.4.1.6 - 2019-09-19

• Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha):
  • Tolerate systems (including some Android installations) where madvise and MADV_DONTDUMP are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
  • Tolerate systems (including some Linux installations) where madvise and/or MADV_DONTFORK are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
• Minor features (stem tests, backport from 0.4.2.1-alpha):
  • Change "make test-stem" so it only runs the stem tests that use tor. This change makes test-stem faster and more reliable. Closes ticket 31554.

After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.1.5 on the website. Packages should be available within the next several weeks, with a new Tor Browser in early September.

This is the first stable release in the 0.4.1.x series. This series adds experimental circuit-level padding, authenticated SENDME cells to defend against certain attacks, and several performance improvements to save on CPU consumption. It fixes bugs in bootstrapping and v3 onion services. It also includes numerous smaller features and bugfixes on earlier versions.

Per our support policy, we will support the 0.4.1.x series for nine months, or until three months after the release of a stable 0.4.2.x: whichever is longer. If you need longer-term support, please stick with 0.3.5.x, which will we plan to support until Feb 2022.

Below are the changes since 0.4.0.5. For a list of only the changes since 0.4.1.4-rc, see the ChangeLog file.

Changes in version 0.4.1.5 - 2019-08-20

• Directory authority changes:
  • The directory authority "dizum" has a new IP address. Closes ticket 31406.
• Major features (circuit padding):
  • Onion service clients now add padding cells at the start of their INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic look more like general purpose Exit traffic. The overhead for this is 2 extra cells in each direction for RENDEZVOUS circuits, and 1 extra upstream cell and 10 downstream cells for INTRODUCE circuits. This feature is only enabled when also supported by the circuit's middle node. (Clients may specify fixed middle nodes with the MiddleNodes option, and may force-disable this feature with the CircuitPadding option.) Closes ticket 28634.