New Alpha Release: Tor

by nickm | February 11, 2020

There's a new alpha release available for download. If you build Tor from source, you can download the source code for from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the coming week.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the second stable alpha release in the Tor 0.4.3.x series. It fixes several bugs present in the previous alpha release. Anybody running the previous alpha should upgrade and look for bugs in this one instead.

Changes in version - 2020-02-10

  • Major bugfixes (onion service client, authorization):
    • On a NEWNYM signal, purge entries from the ephemeral client authorization cache. The permanent ones are kept. Fixes bug 33139; bugfix on
  • Minor features (best practices tracker):
    • Practracker now supports a --regen-overbroad option to regenerate the exceptions file, but only to revise exceptions to be _less_ tolerant of best-practices violations. Closes ticket 32372.


  • Minor features (continuous integration):
    • Run Doxygen Makefile target on Travis, so we can learn about regressions in our internal documentation. Closes ticket 32455.
    • Stop allowing failures on the Travis CI stem tests job. It looks like all the stem hangs we were seeing before are now fixed. Closes ticket 33075.
  • Minor bugfixes (build system):
    • Revise configure options that were either missing or incorrect in the configure summary. Fixes bug 32230; bugfix on
  • Minor bugfixes (controller protocol):
    • Fix a memory leak introduced by refactoring of control reply formatting code. Fixes bug 33039; bugfix on
    • Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix on
    • When receiving "ACTIVE" or "DORMANT" signals on the control port, report them as SIGNAL events. Previously we would log a bug warning. Fixes bug 33104; bugfix on
  • Minor bugfixes (logging):
    • If we encounter a bug when flushing a buffer to a TLS connection, only log the bug once per invocation of the Tor process. Previously we would log with every occurrence, which could cause us to run out of disk space. Fixes bug 33093; bugfix on
    • When logging a bug, do not say "Future instances of this warning will be silenced" unless we are actually going to silence them. Previously we would say this whenever a BUG() check failed in the code. Fixes bug 33095; bugfix on
  • Minor bugfixes (onion service v2):
    • Move a series of v2 onion service warnings to protocol-warning level because they can all be triggered remotely by a malformed request. Fixes bug 32706; bugfix on
  • Minor bugfixes (onion service v3, client authorization):
    • When removing client authorization credentials using the control port, also remove the associated descriptor, so the onion service can no longer be contacted. Fixes bug 33148; bugfix on
  • Minor bugfixes (pluggable transports):
    • When receiving a message on standard error from a pluggable transport, log it at info level, rather than as a warning. Fixes bug 33005; bugfix on
  • Minor bugfixes (rust, build):
    • Fix a syntax warning given by newer versions of Rust that was creating problems for our continuous integration. Fixes bug 33212; bugfix on
  • Minor bugfixes (TLS bug handling):
    • When encountering a bug in buf_read_from_tls(), return a "MISC" error code rather than "WANTWRITE". This change might help avoid some CPU-wasting loops if the bug is ever triggered. Bug reported by opara. Fixes bug 32673; bugfix on
  • Code simplification and refactoring (mainloop):
    • Simplify the ip_address_changed() function by removing redundant checks. Closes ticket 33091.
  • Documentation (manpage):
    • Split "Circuit Timeout" options and "Node Selection" options into their own sections of the tor manpage. Closes tickets 32928 and 32929. Work by Swati Thacker as part of Google Season of Docs.


Please note that the comment area below has been archived.

February 12, 2020


Its prob just a mcafee issue, but after i downloaded this update, mcafee tried to quarantine a couple of the cache files as "ransomware"

Yeah, that's known to happen sometimes. Virus scanners often give false positives on our software. Be careful, and check the signatures on anything you download, but I wouldn't worry too much, especially if you're building Tor from source.

March 04, 2020


Hello Tor Comrades,

When did Tor, or what version of Tor, has the DDoS defenses enabled?
Is there a flag to 'activate' it ?

Running Am i covered ?