New Release: Tor Browser 8.5a6

Tor Browser 8.5a6 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox and updates OpenSSL to 1.0.2q for our desktop platforms.
The most exciting news, however, compared to the alpha release early last week, comes from progress we made on our mobile builds. Tor Browser 8.5a6 is the first version that is built reproducibly for Android devices and is localized in all locales the desktop platforms support.
Moreover, we added an updated donation banner for our year-end donation campaign.
Known Issues:
- This release is only supported on armv7 devices (most Android phones and tablets), but x86 devices are not supported yet (such as Chromebooks), even if the Google Playstore is suggesting different things.
- Downloading files on newer Android devices crashes Tor Browser. We are currently reviewing a potential fix.
The full changelog since Tor Browser 8.5a5 is:
- All Platforms
- Update Firefox to 60.4.0esr
- Update Torbutton to 2.1.3
- Bug 28608: Disable background HTTP response throttling
- Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
- Bug 27290: Remove WebGL pref for min capability mode
- Bug 27919: Backport SSL status API
- Bug 25794: Disable pointer events
- Windows
- Update OpenSSL to 1.0.2q
- Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
- OS X
- Update OpenSSL to 1.0.2q
- Linux
- Update OpenSSL to 1.0.2q
- Android
- Bug 26843: Multi-locale support for Tor Browser on Android
- Build System
Update OpenSSL to 1.0.2q …
Update OpenSSL to 1.0.2q
What's up with Android?
We are not building OpenSSL…
We are not building OpenSSL ourselves for Android (https://trac.torproject.org/projects/tor/ticket/28764 is supposed to fix that), but rather take what the Guardianproject folks provide. And they don't have bumped the OpenSSL version yet.
They don't care about…
They don't care about security?
I think they do care. The…
I think they do care. The OpenSSL bump this time does not fix critical vulnerabilities.
hello
hello