Tor Browser 4.5.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the complete changelog since 4.5.1:
- All Platforms
- Update Tor to 0.2.6.9
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is disabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
That is our current
That is our current understanding, yes. Thus, even pointing to a system tor or copying a self-compiled tor into the respective Tor Browser directory should not break things for users.
The regular Tor Browser update in two weeks will ship with OpenSSL 1.0.1o then.
By the way: "The regular Tor
By the way:
"The regular Tor Browser update in two weeks"
Will this update be 4.5.x or 5.x.x ??
4.5.3 ad 5.0a3
4.5.3 ad 5.0a3
To: mikeperry, gk, arma,
To: mikeperry, gk, arma, erinn, et. al.
Firstly thanks for bringing out the latest update.
Secondly, according to gk, the next update of Tor Browser will include OpenSSL 1.0.1o.
Please, please, co-ordinate with Tails' developers so that Tails will have a Tor Browser that includes OpenSSL 1.0.1o and the latest updates from you guys. Your ability to work with Tails as a team and in-sync would be appreciated. For your info, according to Tails' website, the next update of Tails is scheduled for June 30.
> Update OpenSSL to 1.0.1n I
> Update OpenSSL to 1.0.1n
I take it then that Tor/Firefox are not effected by the HMAC ABI breakage that required the v1.0.1o release of OpenSSL the day after v1.0.1n?