Tor Messenger 0.3.0b1 is released
We are pleased to announce another public beta release of Tor Messenger. This release features important improvements to the stability and security of Instantbird. All users are highly encouraged to upgrade.
Tor Browser Build
Starting with this release, Tor Messenger will be built on top of Tor Browser instead of Mozilla ESR. This will help us in improving the security of Tor Messenger by making use of Tor Browser's patches. We will also try to keep in sync with the Tor Browser stable release cycle.
Tor Messenger 0.2.0b2 users will be automatically prompted to install the update (similar to Tor Browser). On installing and restarting, the update will be applied; your account settings and OTR keys will be preserved.
Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.
sha256sums-unsigned-build.txt file containing hashes of the bundles is signed with the key
E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project's website.
Tor Messenger 0.3.0b1 -- 22 November 2016
- All Platforms
- Use the tor-browser-45.5.0esr-6.0-1 branch (e5dafab8) on tor-browser
- Use the THUNDERBIRD_45_4_0_RELEASE tag on comm-esr45
- Update ctypes-otr to 0.0.3
- Trac 16489: Only show "close" button on Windows
- Trac 16491: Contact list entries don't adapt to the actual font size
- Trac 16536: Investigate Tor Browser patches relevant to Tor Messenger
- Trac 17471: Investigate Tor Browser preferences relevant to Tor Messenger
- Trac 17480: Make url linkification toggleable
- Trac 19816: Build process should generate mar files
- Trac 20205: Support SASL ECDSA-NIST256P-CHALLENGE
- Trac 20208: Put conversations on hold by default
- Trac 20231: Remove incomplete translations
- Trac 20276: Fix toggling sounds
- Trac 20608: Use Instantbird app version
- Bugzilla 1246431: Properly handle incoming xmpp server messages
- Bugzilla 1313137: Fix irc "msg is not defined" error
- Bugzilla 1316000: Remove old Yahoo! Messenger support
- Trac 20062: Make stripping signatures reproducible on TM .exe files
That page also says,
> Wenn mit diesen Einstellungen keine Verbindung zum Jabber-Server mehr möglich ist, dann sollte man sich einen Account auf einem anderen Server erstellen.
which Google is translating as,
> If you can not connect to the Jabber server with these settings, you should create an account on another server.
I like the idea, but it probably belongs in a Tor Browser-like security slider, since it'll impact some usability.
We plan on working on this in,
I'll make note of it there.
In Tor Browser, the lines
should be regarded as enabling a dangerous encryption downgrade attack, agreed?