Tor Browser 5.0.4 is released
This release features important security updates to Firefox.
Additionally, we included Yan Zhu's fix for not leaking the Referer header when leaving a .onion domain and are shipping an updated NoScript version.
These and all the other changes (minor bug fixes and clean-ups) can be found in the complete changelog since 5.0.3:
- All Platforms
- Update Firefox to 38.4.0esr
- Update NoScript to 126.96.36.199
- Update Torbutton to 188.8.131.52
- Bug 9623: Spoof Referer when leaving a .onion domain
- Bug 16735: about:tor should accommodate different fonts/font sizes
- Bug 16937: Don't translate the homepage/spellchecker dictionary string
- Bug 17164: Don't show text-select cursor on circuit display
- Bug 17351: Remove unused code
- Translation updates
- Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
- Bug 17318: Remove dead ScrambleSuit bridge
- Bug 17473: Update meek-amazon fingerprint
- Bug 16983: Isolate favicon requests caused by the tab list dropdown
- Bug 17102: Don't crash while opening a second Tor Browser
- Bug 16906: Don't depend on Windows crypto DLLs
- Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
I really do appreciate the effort the Tor team puts into their software. Thank you for all the humanitarian work that has saved countless lives and freedoms.
I have one suggestion that might fall on deaf ears due the massive workload this team has. Please bare with me and strongly consider the following.
A relatively new systems programming language called Rust poses many benefits over the C family while still maintaining much of its valued speed. Rust avoids memory leaks, reduces overall code error, retains much of the speed of C, and as a result of its inbuilt safety measures, reduces complexity and lines of code.
An example of this is the Maidsafe project's rapid port of several years worth of C++ code over to Rust in under 6 months. As a result, development speed has dramatically improved, and the code has been reduced from nearly a million lines down to only 20 thousand. This has reduced attack surfaces, eliminated memory leaks, and generally makes the code more readable/audit-able. The lead developer David Irvine has credited Rust for improved security. It's even claimed that they wouldn't be so close to launched if it had not been for the transition over to rust. Their testnet is now only several days away (an unexpected bug in one of their libraries is the only thing left).
I really hope the Tor team really considers rust for future development. I suspect that as a result of the work that team has done with rust, its popularity will increase and the benefits understood.
Please check this post on their forums, but keep in mind that rust is now at 1.4 stable. It was yet unreleased at the time of the discussion. https://forum.safenetwork.io/t/rust-vs-c/3216
HERE IS THEIR GITHUB: https://github.com/maidsafe
Please tell me what you think :-)