Tor is released, with important fixes

by nickm | August 24, 2016

Tor continues development of the 0.2.9 series with several new features and bugfixes. It also includes an important authority update and an important bugfix from Everyone who sets the ReachableAddresses option, and all bridges, are strongly encouraged to upgrade to, or to

You can download the source from the usual place on the website.
Packages should be available over the next several days. Remember
to check the signatures!
Please note: This is an alpha release. You should only try this one if you are interested in tracking Tor development, testing new features, making sure that Tor still builds on unusual platforms, or generally trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.
Below are the changes since

Changes in version - 2016-08-24

  • Directory authority changes (also in
    • The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". Closes tickets 19728 and 19690.
  • Major bugfixes (client, security, also in
    • Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on


  • Major features (user interface):
    • Tor now supports the ability to declare options deprecated, so that we can recommend that people stop using them. Previously, this was done in an ad-hoc way. Closes ticket 19820.
  • Major bugfixes (directory downloads):
    • Avoid resetting download status for consensuses hourly, since we already have another, smarter retry mechanism. Fixes bug 8625; bugfix on
  • Minor features (config):
    • Warn users when descriptor and port addresses are inconsistent. Mitigates bug 13953; patch by teor.
  • Minor features (geoip):
    • Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 Country database.
  • Minor features (user interface):
    • There is a new --list-deprecated-options command-line option to list all of the deprecated options. Implemented as part of ticket 19820.
  • Minor bugfixes (code style):
    • Fix an integer signedness conversion issue in the case conversion tables. Fixes bug 19168; bugfix on
  • Minor bugfixes (compilation):
    • Build correctly on versions of libevent2 without support for evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix on
    • Fix a compilation warning on GCC versions before 4.6. Our ENABLE_GCC_WARNING macro used the word "warning" as an argument, when it is also required as an argument to the compiler pragma. Fixes bug 19901; bugfix on
  • Minor bugfixes (compilation, also in
    • Remove an inappropriate "inline" in tortls.c that was causing warnings on older versions of GCC. Fixes bug 19903; bugfix on
  • Minor bugfixes (fallback directories, also in
    • Avoid logging a NULL string pointer when loading fallback directory information. Fixes bug 19947; bugfix on and Report and patch by "rubiate".
  • Minor bugfixes (logging):
    • Log a more accurate message when we fail to dump a microdescriptor. Fixes bug 17758; bugfix on Patch from Daniel Pinto.
  • Minor bugfixes (memory leak):
    • Fix a series of slow memory leaks related to parsing torrc files and options. Fixes bug 19466; bugfix on
  • Deprecated features:
    • A number of DNS-cache-related sub-options for client ports are now deprecated for security reasons, and may be removed in a future version of Tor. (We believe that client-side DNS cacheing is a bad idea for anonymity, and you should not turn it on.) The options are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache.
    • A number of options are deprecated for security reasons, and may be removed in a future version of Tor. The options are: AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks.
    • The *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. These options may someday be removed. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress.
  • Documentation:
    • Correct the IPv6 syntax in our documentation for the VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
  • Removed code:
    • We no longer include the (dead, deprecated) bufferevent code in Tor. Closes ticket 19450. Based on a patch from U+039b.


Please note that the comment area below has been archived.

August 27, 2016


Has this version severely broken access to hidden services ? Any connection attempt to dot.onions seem to fail - also, failed attempts not logged to console any more ! Everything was still working as usual under - config NOT modified (Windows XP)

August 27, 2016


Re : comment about onions not working. Scratch that ! I can still access the Duckduckgo hidden service. Most others unavailable (???) Still, failures and timeouts wrt/ hidden onions not appearing intje log any more.