New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803
    Anonymous

    September 12, 2012

    Permalink

    Shouldn't I be prompted to do such an important upgrade at torproject.org? I was not. Realized the importance of upgrading as I arrived at this blog.

    Anonymous

    September 12, 2012

    Permalink

    The speed of internet browsing is very slow in this Tor Browser Bundle (2.2.39-1). I checked it in two different Windows-7 and faced the same problem.

    Anonymous

    September 12, 2012

    Permalink

    please convince the Tails developers to include Tor 0.2.2.39 in their pending new release.

    Anonymous

    September 12, 2012

    Permalink

    When I go to the Tor Check page, it notifies me I need an update even though I'm using 2.2.39-1

    Anonymous

    September 12, 2012

    Permalink

    I downloaded, verified and installed tor-browser-2.2.39-1_en-US.exe before the bundle gave notice it was available. But launching it keeps telling me there is an update available and it is the same one.

    Thanks for all the hard work.

    Anonymous

    September 13, 2012

    Permalink

    I use new version but each time i start browserbundle it says

    There is a security update available for the Tor Browser Bundle.

    Click here to go to the download page

    what's going on ?

    Anonymous

    September 13, 2012

    Permalink

    Like the previous release this new release (2.2.39-1) works very well for me. But the old bug that brings up the security update message each time the browser is started has somehow crept back into this release, which wasn't the case in 2.2.38-2. I also think it is not ok that the locally configured homepage is automatically overwritten by the TBB version check URL.

    Anonymous

    September 13, 2012

    Permalink

    Under Windows XP, I downloaded the latest Tor Bundle 2.2.39-1 for Windows, and after I went online with it, I updated the extentions listed under addons, and when the browser came back up the main window read:
    ==================================
    Congratulations. Your browser is configured to use Tor.

    There is a security update available for the Tor Browser Bundle.

    Click here to go to the download page
    ==================================
    How come at first it was a "Congratulations ........", then after the browser came up again, it said "There is a security update available for the Tor Browser Bundle. ..... Click here to go to the download page" What security update? I checked, and all that I ever saw was the one that I just logged on with. Can you look into this?

    Thank you.

    Anonymous

    September 13, 2012

    Permalink

    Updated to Tor Browser Bundle (2.2.39-1) but check.torproject.org/ is still telling me "There is a security update available for the Tor Browser Bundle."

    may want to fix this

    Anonymous

    September 13, 2012

    Permalink

    Please tell Sebastian Hahn to mark the update date in the Obfsproxy TBB main page as now I can only identify the update from the download link

    Anonymous

    September 13, 2012

    Permalink

    I'm trying to update my relay to this stable version, but everything in http://deb.torproject.org/torproject.org including under "stable" seems to be the experimental version. Is there somewhere else I should be looking? Should I just wait for it to come through the built-in repositories?

    We moved our debs to Tor 0.2.3.x since Debian Wheezy is imminent, and we want to make sure that 0.2.3 is what gets into wheezy.

    The 0.2.3 branch is basically stable now, so I wouldn't worry.

    Anonymous

    September 14, 2012

    Permalink

    I am sorry to say, Firefox crashes at automatic startup (called by Vidalia). I use the newest Tor Browser Bundle on 10.5.8.
    Something can be done?
    thank you

    Anonymous

    September 14, 2012

    Permalink

    eeeew,
    I just tried to update to this today and ZoneAlarm antivirus is detecting the following baddie

    not-a-virus:NetTool.Win32.Tor.d

    It detects it in both the install archive and the tor.exe after installing. The file was downloaded twice, once through Tor network, and then direct.

    Using ZA "Extreme Security" version 9.3.037.000 with
    Antivirus version 8.0.2.48
    DAT file version 1093569472

    Anyone else experience this?

    I think everyone else would experience this if they would use ZoneAlarm. As it says "not-a-virus:NetTool.Win32.Tor.d" simply detects the network app Tor that is not a virus but may not be allowed on some networks if that is against their administration policy.

    This same thing happened with ZA on another application and it turnned out that what you said here was exactly the case with that situation. Zone Alarm tech support then corrected their def file to resolve the false positive.

    Anonymous

    September 15, 2012

    Permalink

    hi, I see this update released on 12th, but Tor Check page notified me only today the 15th that there is an update, I downloaded, verified and installed, but not like usually, Kaspersky shows some warnings not like before,
    http://i47.tinypic.com/t0n6yo.jpg

    Anonymous

    September 15, 2012

    Permalink

    I'm using Firefox.
    I got this message.
    I just wanted to inform you.
    Thanks

    ------------------
    IP check ( http://ip-check.info )
    77.207.111.206
    Warning: Your IP address is neither anonymized by JonDonym nor by Tor.
    Start the test for details.
    ------------------

    Anonymous

    September 15, 2012

    Permalink

    Some, like me, who had not installed this security release were not prompted to do so, other who had done so were prompted after that fact. Straange?

    Anonymous

    September 15, 2012

    Permalink

    The 0.2.3.22-rc as well as the 0.2.3.20-rc is looping with 100 % CPU usage. It is a fairly new behaviour caused by an unknown reason. Falling back to 0.2.2.39 the CPU usage is now around 10%

    Anonymous

    September 15, 2012

    Permalink

    My Antivirus says that Tor is a "Potentially unwanted program" (PUP) and blocked it. I unlocked it manually afterwards. The problem only occurs with the newest version of TBB. No trouble between my Antivirusprogramm and older Tor-Versions.

    Tor Browser Bundle 2.2.39-1
    Panda Cloud Antivirus Free 2.0.1

    Panda Cloud don't like this file
    \Tor Browser\App\tor.exe

    Anonymous

    September 15, 2012

    Permalink

    I'm running a relay and am wondering if we can continue to get stable rpms built for RHEL/Centos as well? The previous yum setup was nice, but I can install the rpms manually if I have to. But building them myself from source is a lot more work since I would have to do it on a separate build machine. My relay is still on 0.2.2.35, so I am considering just shutting it down until 0.2.3 becomes more stable and I have the time to review the config and make the switchover to the new version.

    Anonymous

    September 15, 2012

    Permalink

    Panda Cloud Antivirus Free 2.0.1. versus Tor Browser Bundle 2.2.39-1

    - - -

    Panda Cloud Antivirus says that tor.exe is a virus and locks it.

    "Classified as: High risk

    Status: Unrestricted ready*

    Cause: The program is an unclassified virus or it can be used for malicious or fraudulent purposes."

    *Because I've unlocked it.

    Screenshot
    oi50.tinypic.com/330e0j8.jpg

    Anonymous

    September 15, 2012

    Permalink

    Although the download page states "this package requires no installation" when I run the .dmg file it installs another version of TBB without bringing in my bookmarks or add-ons. This is the first time I have updated TBB - am I doing something wrong?

    Anonymous

    September 16, 2012

    Permalink

    Dear Tor developers

    I'm runing 2.2.38-2 on Windows 7. The page check.torproject.org/... doesn't reminder me the update of new version 2.2.39-1. Is it a website technical problem or not? Or when does the check page show the update info of new release when not?

    Thanks from china for your great work on Tor.

    Anonymous

    September 18, 2012

    Permalink

    Third time I ask, never received an answer. If you say new bundles, does that include the Vidalia Bundle as well?

    Anonymous

    September 20, 2012

    Permalink

    Is anyone else having troubles using twitter with this and the last bundle? I try to get on twitter and it wont load it, but other websites it do, then when i get on twitter it stop loading pages after a minute. also, when i finally get twitter loaded a pop up for java comes up, which has never happened until lately. wtf, tor.

    Twitter doesn't work properly with the previous bundle either. About half of nodes can't connect to it. Just keep trying 'New Identity' until it works.

    Twitter with TOR I have concluded as impossible. these ToR people like to tout it as a tool for activists to use social networks. I call bullshit though.

    Firstly you really have to enable Java, which I did.

    I have tried to open a twitter Sockpuppet and have just opened three accounts on Tor, which were all immediately suspended after first login.

    Problem is on Twitter's side, not TOR, Twitter doesent really supporrt anonymity.

    How to twitter anonymously?

    Anonymous

    September 20, 2012

    Permalink

    this new version slows down my computer , uses a lot of memory even 650MB.

    very slow, please fix

    Anonymous

    September 23, 2012

    Permalink

    I am wondering if it is safe to one's anonymity to use bridges. While I was using TBB 0.2.3.8 with bridges recently, I decided to check if I was using Tor by visiting the 'Are you using Tor" page at torproject.org. I was about to visit a sensitive 'political' website which is always being closely monitored by the authorities.

    To my surprise the message I got was in RED saying "Sorry, you are not using Tor"!! I checked the Torbutton icon and there was no red cross over it. Everything looked OK. I immediately switched off the bridges and checked again. The message had changed to "Congratulation. Your browser is configured to use Tor". Therefore the bridge that was chosen for my traffic is responsible for this. Am I right?

    As this has happened on two occasions I have stopped using bridges altogether because I have no way of knowing if I am using Tor or not even if everything seems to be OK.

    I am not a technical person. I think the mistake I have made is not taking a screenshot of the negative messages I received showing the relevant IP addresses which I would include in this post.

    I am using OSX 10.6.8 (intel). Perhaps there should be an icon located in the status bar indicating that one's traffic is NOT going through Tor even if everything seems to be working OK.

    I am wondering if anyone has ever experienced this. Thank you.