Tor 0.2.8.7 is released, with important fixes
Tor 0.2.8.7 fixes an important bug related to the ReachableAddresses option in 0.2.8.6, and replaces a retiring bridge authority. Everyone who sets the ReachableAddresses option, and all bridges, are strongly encouraged to upgrade.
You can download the source from the Tor website. Packages should be available over the next week or so.
Below is a list of changes since 0.2.8.6.
Changes in version 0.2.8.7 - 2016-08-24
- Directory authority changes:
- The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". Closes tickets 19728 and 19690.
- Major bugfixes (client, security):
- Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 Country database.
- Minor bugfixes (compilation):
- Remove an inappropriate "inline" in tortls.c that was causing warnings on older versions of GCC. Fixes bug 19903; bugfix on 0.2.8.1-alpha.
- Minor bugfixes (fallback directories):
- Avoid logging a NULL string pointer when loading fallback directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha. Report and patch by "rubiate".
if you trust some routers/countries etc you can enumerate them in the "ReachableAddresses" option.
so "Everyone who sets the ReachableAddresses option" means previous tor versions follow this restriction when building circuits, 0.2.8.7 - don't.
tor design is slowly moving away from user controlling circuits building.