New Release: Tor Browser 8.5a8

Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

The main change in this new release is the update of Firefox to 60.5.1esr, fixing some vulnerabilities in the Skia library.

Note: We usually make sure that the build of each Tor Browser release is reproducible by having two separate people building it before we publish a new release. However, due to some people being unavailable this week, we are having some delays doing this verification for this alpha release. Because this release includes an important security fix that we want to release quickly, we will be checking the reproducibility of the build afterward. If you are interested in reproducing our build, you can find information about that on our wiki page. Update: we have now reproduced the build.

Note 2: The download link for the Android version is still pointing to 8.5a7 as we have not yet signed the 8.5a8 build. We plan to fix this soon. Update: This is now fixed.

The full changelog since Tor Browser 8.5a7 is:

  • All platforms
    • Update Firefox to 60.5.1esr
    • Update HTTPS Everywhere to 2019.1.31
    • Bug 29378: Remove 83.212.101.3 from default bridges
    • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
  • Build System
    • All Platforms
      • Bug 29235: Build our own version of python3.6 for HTTPS Everywhere
      • Bug 29167: Upgrade go to 1.11.5
    • Linux
      • Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
Anonymous

March 04, 2019

Permalink

Hi ! Can somebody tell me when Tor Browser will support TLS 1.3 ? Firefox does, Tor Browser doesn't. Knowing that using Tor means going through exit nodes which can easily be in government or hacker hands, the higher version of TLS would be appreciate. Thanks for your great job ;)

Tor Browser currently supports TLS 1.3, kind of. But for supporting the final specification version we'd need to have a backport from Firefox code. This is tracked in https://trac.torproject.org/projects/tor/ticket/27141. Not sure when this will happen. Chances are high that you'll get proper TLS 1.3 support with Tor Browser 9, though, which we plan to get out later this year.

Anonymous

March 04, 2019

Permalink

opened tor checked which update it is on mac, says 8.0.6. your site says should be, Tor Browser 8.5a8, correct or is it safe to use?

Anonymous

March 05, 2019

Permalink

Look at the times:
Tor NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
[03-05 09:42:22] Torbutton INFO: tor SOCKS: https://www.https-rulesets.org/v1//latest-rulesets-timestamp via
--unknown--:87480448065ca417db2a73c5a773970b
[03-05 09:42:25] Torbutton INFO: Message received from NoScript: [{"__meta":{"name":"started","recipientInfo":null},"_messageName":"started"},{"id":"{uuid}","url":"moz-extension://uuid/_generated_background_page.html","envType":"addon_child","extensionId":"{uuid}","contextId":4},null]
[03-05 09:42:59] TorLauncher INFO: NOTICE CONSENSUS_ARRIVED
Tor NOTICE: I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6383/6549).
Tor NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
[03-05 09:43:01] TorLauncher INFO: NOTICE ENOUGH_DIR_INFO
Tor NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits

Anonymous

March 06, 2019

Permalink

A suggestion for future alpha release posts, please could you start the post with a warning that this is a build for testers and include a link to download the latest stable (i.e. non-alpha) build? Something like

Note this is an experimental build for testing new features. For normal users please download the browser here [link].

It seems these alpha announcements always get a lot of newbie questions, so I wouldn't be surprised if some were downloading the alpha thinking it was stable. Especially considering there is no mention of alpha in the main text, newbies won't know what the "a" in the version number means and if they're not software developers they may not know what "alpha build" even means.

Anonymous

March 07, 2019

Permalink

Android Version:

Could you please provide a separate APK for Tor Browser only? In this new bundle, when a user exits the Tor Browser, the Orbot client too closes with it and this also turns off VPN and results in a connection drop.

Plus the new Tor Browser/Orbot does not support Android's "Alwasy-on" VPN feature which helps keep the connection alive in case of a drop from network and stops data leak. This increases privacy and security as well.

I found a Reddit post very similar to my request and I request you to provide a separate APK for Tor Browser.

Ref.: https://www.reddit.com/r/TOR/comments/af9brd/separate_apk_for_torbrowse…