New Release: Tor Browser 8.5a6

Tor Browser 8.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox and updates OpenSSL to 1.0.2q for our desktop platforms.

The most exciting news, however, compared to the alpha release early last week, comes from progress we made on our mobile builds. Tor Browser 8.5a6 is the first version that is built reproducibly for Android devices and is localized in all locales the desktop platforms support.

Moreover, we added an updated donation banner for our year-end donation campaign.

Known Issues:

  1. This release is only supported on armv7 devices (most Android phones and tablets), but x86 devices are not supported yet (such as Chromebooks), even if the Google Playstore is suggesting different things.
  2. Downloading files on newer Android devices crashes Tor Browser. We are currently reviewing a potential fix.

The full changelog since Tor Browser 8.5a5 is:

  • All Platforms
  • Update Firefox to 60.4.0esr
    • Update Torbutton to 2.1.3
      • Bug 28540: Use new text for 2018 donation banner
      • Bug 27290: Remove WebGL pref for min capability mode
      • Bug 28075: Tone down missing SOCKS credential warning
      • Bug 28747: Remove NoScript (XPCOM) related unused code
      • Translations update
    • Bug 28608: Disable background HTTP response throttling
    • Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
    • Bug 27290: Remove WebGL pref for min capability mode
    • Bug 27919: Backport SSL status API
    • Bug 25794: Disable pointer events
  • Windows
    • Update OpenSSL to 1.0.2q
    • Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
  • OS X
    • Update OpenSSL to 1.0.2q
  • Linux
    • Update OpenSSL to 1.0.2q
  • Android
    • Bug 26843: Multi-locale support for Tor Browser on Android
  • Build System
    • Android
      • Bug 25164: Add .apk to our sha256sums unsigned build file
      • Bug 28696: Make path to Gradle dependencies reproducible
      • Bug 28697: Use pregenerated keystore and fix timestamp issues

It would be the risk only for machines without SSE2 which is rare. And such logic didn't prevent you from shipping essentially untested Mozilla code for Windows and Android. One of the goals of Tor Project was to diverge even more from Mozilla code towards saner code, wasn't it?