Tor 0.3.3.7 is released!
We have a new stable release today. If you build Tor from source, you can
download the source code for 0.3.3.7 on the website. Packages
should be available within the next several weeks, with a new Tor Browser over the next several weeks.
Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability.
Changes in version 0.3.3.7 - 2018-06-12
- Directory authority changes:
- Add an IPv6 address for the "dannenberg" directory authority. Closes ticket 26343.
- Minor features (geoip):
- Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351.
- Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
- Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
- Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
- Silence unused-const-variable warnings in zstd.h with some GCC versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
- Minor bugfixes (controller, backport from 0.3.4.2-alpha):
- Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha.
- Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
- Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
- Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
- Only select relays when they have the descriptors we prefer to use for them. This change fixes a bug where we could select a relay because it had _some_ descriptor, but reject it later with a nonfatal assertion error because it didn't have the exact one we wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
I think this is the 3rd time that I read your demand for an explanation about this. Ever heard of shared hosting/ssl certs? If you would have checked the cert you would have seen that it belongs to a wp/drupal hosting provider.
Hosting a f***ing drupal based blog with no sensitive data on it in-house is a waste of manpower/resources when you have a rather small team and as much on your plate as the Tor guys do.
I hope you can find peace at night again now.