New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803
    k239

    September 12, 2012

    Permalink

    Shouldn't I be prompted to do such an important upgrade at torproject.org? I was not. Realized the importance of upgrading as I arrived at this blog.

    k239

    September 12, 2012

    Permalink

    The speed of internet browsing is very slow in this Tor Browser Bundle (2.2.39-1). I checked it in two different Windows-7 and faced the same problem.

    k239

    September 12, 2012

    Permalink

    please convince the Tails developers to include Tor 0.2.2.39 in their pending new release.

    k239

    September 12, 2012

    Permalink

    When I go to the Tor Check page, it notifies me I need an update even though I'm using 2.2.39-1

    k239

    September 12, 2012

    Permalink

    I downloaded, verified and installed tor-browser-2.2.39-1_en-US.exe before the bundle gave notice it was available. But launching it keeps telling me there is an update available and it is the same one.

    Thanks for all the hard work.

    k239

    September 13, 2012

    Permalink

    I use new version but each time i start browserbundle it says

    There is a security update available for the Tor Browser Bundle.

    Click here to go to the download page

    what's going on ?

    Like the previous release this new release (2.2.39-1) works very well for me. But the old bug that brings up the security update message each time the browser is started has somehow crept back into this release, which wasn't the case in 2.2.38-2. I also think it is not ok that the locally configured homepage is automatically overwritten by the TBB version check URL.

    Under Windows XP, I downloaded the latest Tor Bundle 2.2.39-1 for Windows, and after I went online with it, I updated the extentions listed under addons, and when the browser came back up the main window read:
    ==================================
    Congratulations. Your browser is configured to use Tor.

    There is a security update available for the Tor Browser Bundle.

    Click here to go to the download page
    ==================================
    How come at first it was a "Congratulations ........", then after the browser came up again, it said "There is a security update available for the Tor Browser Bundle. ..... Click here to go to the download page" What security update? I checked, and all that I ever saw was the one that I just logged on with. Can you look into this?

    Thank you.

    Updated to Tor Browser Bundle (2.2.39-1) but check.torproject.org/ is still telling me "There is a security update available for the Tor Browser Bundle."

    may want to fix this

    Please tell Sebastian Hahn to mark the update date in the Obfsproxy TBB main page as now I can only identify the update from the download link

    I'm trying to update my relay to this stable version, but everything in http://deb.torproject.org/torproject.org including under "stable" seems to be the experimental version. Is there somewhere else I should be looking? Should I just wait for it to come through the built-in repositories?

    We moved our debs to Tor 0.2.3.x since Debian Wheezy is imminent, and we want to make sure that 0.2.3 is what gets into wheezy.

    The 0.2.3 branch is basically stable now, so I wouldn't worry.

    I am sorry to say, Firefox crashes at automatic startup (called by Vidalia). I use the newest Tor Browser Bundle on 10.5.8.
    Something can be done?
    thank you

    Isn't OS X 10.5.8 dead and unmaintained?

    I think that we're heading towards not supporting 10.5 anymore, since nobody else does.

    I am working with TenFourFox Browser 10.0.7 and the Addon Torbutton 1.4.6.1 on PowerPC Mac 10.5.8 and Vidalia 0.2.2.39 … and these apps works too.

    Many Thanks for do the developer(s) !

    I suppose you should prompt us to upgrade at
    https://check.torproject.org/?lang=en-US&small=1&uptodate=1

    eeeew,
    I just tried to update to this today and ZoneAlarm antivirus is detecting the following baddie

    not-a-virus:NetTool.Win32.Tor.d

    It detects it in both the install archive and the tor.exe after installing. The file was downloaded twice, once through Tor network, and then direct.

    Using ZA "Extreme Security" version 9.3.037.000 with
    Antivirus version 8.0.2.48
    DAT file version 1093569472

    Anyone else experience this?

    I think everyone else would experience this if they would use ZoneAlarm. As it says "not-a-virus:NetTool.Win32.Tor.d" simply detects the network app Tor that is not a virus but may not be allowed on some networks if that is against their administration policy.

    It is merely ZoneAlarm being overly aggresive (and in general, terrible).
    Don't worry about it.

    This same thing happened with ZA on another application and it turnned out that what you said here was exactly the case with that situation. Zone Alarm tech support then corrected their def file to resolve the false positive.

    Probaby right, but it just makes me wonder why this same thing did not happen then with ZA and the previous Tor release(s).

    Same problem here. Is this a virus or what?

    Yes. I am experiencing this just now and looking for info.

    Yes, and I am also trying to find out the significance of this response...

    As always, thanks Erinn for your hard work here :)

    hi, I see this update released on 12th, but Tor Check page notified me only today the 15th that there is an update, I downloaded, verified and installed, but not like usually, Kaspersky shows some warnings not like before,
    http://i47.tinypic.com/t0n6yo.jpg

    I'm having the same problem.
    It is starting today.

    Same here :( is this virus?

    Same here...what is this?

    I'm using Firefox.
    I got this message.
    I just wanted to inform you.
    Thanks

    ------------------
    IP check ( http://ip-check.info )
    77.207.111.206
    Warning: Your IP address is neither anonymized by JonDonym nor by Tor.
    Start the test for details.
    ------------------

    Some, like me, who had not installed this security release were not prompted to do so, other who had done so were prompted after that fact. Straange?

    The 0.2.3.22-rc as well as the 0.2.3.20-rc is looping with 100 % CPU usage. It is a fairly new behaviour caused by an unknown reason. Falling back to 0.2.2.39 the CPU usage is now around 10%

    My Antivirus says that Tor is a "Potentially unwanted program" (PUP) and blocked it. I unlocked it manually afterwards. The problem only occurs with the newest version of TBB. No trouble between my Antivirusprogramm and older Tor-Versions.

    Tor Browser Bundle 2.2.39-1
    Panda Cloud Antivirus Free 2.0.1

    Panda Cloud don't like this file
    \Tor Browser\App\tor.exe

    I'm running a relay and am wondering if we can continue to get stable rpms built for RHEL/Centos as well? The previous yum setup was nice, but I can install the rpms manually if I have to. But building them myself from source is a lot more work since I would have to do it on a separate build machine. My relay is still on 0.2.2.35, so I am considering just shutting it down until 0.2.3 becomes more stable and I have the time to review the config and make the switchover to the new version.

    Panda Cloud Antivirus Free 2.0.1. versus Tor Browser Bundle 2.2.39-1

    - - -

    Panda Cloud Antivirus says that tor.exe is a virus and locks it.

    "Classified as: High risk

    Status: Unrestricted ready*

    Cause: The program is an unclassified virus or it can be used for malicious or fraudulent purposes."

    *Because I've unlocked it.

    Screenshot
    oi50.tinypic.com/330e0j8.jpg

    Although the download page states "this package requires no installation" when I run the .dmg file it installs another version of TBB without bringing in my bookmarks or add-ons. This is the first time I have updated TBB - am I doing something wrong?

    I have the same issue with Kaspersky.

    Dear Tor developers

    I'm runing 2.2.38-2 on Windows 7. The page check.torproject.org/... doesn't reminder me the update of new version 2.2.39-1. Is it a website technical problem or not? Or when does the check page show the update info of new release when not?

    Thanks from china for your great work on Tor.

    plz help
    iran cut the tor.

    Thanks to Tor I can use the internet more freely. Thanks people!

    Third time I ask, never received an answer. If you say new bundles, does that include the Vidalia Bundle as well?

    Is anyone else having troubles using twitter with this and the last bundle? I try to get on twitter and it wont load it, but other websites it do, then when i get on twitter it stop loading pages after a minute. also, when i finally get twitter loaded a pop up for java comes up, which has never happened until lately. wtf, tor.

    Twitter doesn't work properly with the previous bundle either. About half of nodes can't connect to it. Just keep trying 'New Identity' until it works.

    Twitter with TOR I have concluded as impossible. these ToR people like to tout it as a tool for activists to use social networks. I call bullshit though.

    Firstly you really have to enable Java, which I did.

    I have tried to open a twitter Sockpuppet and have just opened three accounts on Tor, which were all immediately suspended after first login.

    Problem is on Twitter's side, not TOR, Twitter doesent really supporrt anonymity.

    How to twitter anonymously?

    this new version slows down my computer , uses a lot of memory even 650MB.

    very slow, please fix

    I am wondering if it is safe to one's anonymity to use bridges. While I was using TBB 0.2.3.8 with bridges recently, I decided to check if I was using Tor by visiting the 'Are you using Tor" page at torproject.org. I was about to visit a sensitive 'political' website which is always being closely monitored by the authorities.

    To my surprise the message I got was in RED saying "Sorry, you are not using Tor"!! I checked the Torbutton icon and there was no red cross over it. Everything looked OK. I immediately switched off the bridges and checked again. The message had changed to "Congratulation. Your browser is configured to use Tor". Therefore the bridge that was chosen for my traffic is responsible for this. Am I right?

    As this has happened on two occasions I have stopped using bridges altogether because I have no way of knowing if I am using Tor or not even if everything seems to be OK.

    I am not a technical person. I think the mistake I have made is not taking a screenshot of the negative messages I received showing the relevant IP addresses which I would include in this post.

    I am using OSX 10.6.8 (intel). Perhaps there should be an icon located in the status bar indicating that one's traffic is NOT going through Tor even if everything seems to be working OK.

    I am wondering if anyone has ever experienced this. Thank you.

    I cannot find the check at first, but you must mean:
    https://check.torproject.org/