Tor Browser 5.0.4 is released
This release features important security updates to Firefox.
Additionally, we included Yan Zhu's fix for not leaking the Referer header when leaving a .onion domain and are shipping an updated NoScript version.
These and all the other changes (minor bug fixes and clean-ups) can be found in the complete changelog since 5.0.3:
- All Platforms
- Update Firefox to 38.4.0esr
- Update NoScript to 220.127.116.11
- Update Torbutton to 18.104.22.168
- Bug 9623: Spoof Referer when leaving a .onion domain
- Bug 16735: about:tor should accommodate different fonts/font sizes
- Bug 16937: Don't translate the homepage/spellchecker dictionary string
- Bug 17164: Don't show text-select cursor on circuit display
- Bug 17351: Remove unused code
- Translation updates
- Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
- Bug 17318: Remove dead ScrambleSuit bridge
- Bug 17473: Update meek-amazon fingerprint
- Bug 16983: Isolate favicon requests caused by the tab list dropdown
- Bug 17102: Don't crash while opening a second Tor Browser
- Bug 16906: Don't depend on Windows crypto DLLs
- Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)
I really do appreciate the effort the Tor team puts into their software. Thank you for all the humanitarian work that has saved countless lives and freedoms.
I have one suggestion that might fall on deaf ears due the massive workload this team has. Please bare with me and strongly consider the following.
A relatively new systems programming language called Rust poses many benefits over the C family while still maintaining much of its valued speed. Rust avoids memory leaks, reduces overall code error, retains much of the speed of C, and as a result of its inbuilt safety measures, reduces complexity and lines of code.
An example of this is the Maidsafe project's rapid port of several years worth of C++ code over to Rust in under 6 months. As a result, development speed has dramatically improved, and the code has been reduced from nearly a million lines down to only 20 thousand. This has reduced attack surfaces, eliminated memory leaks, and generally makes the code more readable/audit-able. The lead developer David Irvine has credited Rust for improved security. It's even claimed that they wouldn't be so close to launched if it had not been for the transition over to rust. Their testnet is now only several days away (an unexpected bug in one of their libraries is the only thing left).
I really hope the Tor team really considers rust for future development. I suspect that as a result of the work that team has done with rust, its popularity will increase and the benefits understood.
Please check this post on their forums, but keep in mind that rust is now at 1.4 stable. It was yet unreleased at the time of the discussion. https://forum.safenetwork.io/t/rust-vs-c/3216
HERE IS THEIR GITHUB: https://github.com/maidsafe
Please tell me what you think :-)
While an interesting concept, is there any reason to believe this is any different than any other new programming language that tries to give performance relatively close to C (Or at least C++) yet include additional safety measures? Rust is still a new language; I'd say give it a few years to figure out if it's still around and actually being used outside of a few diehards. I'd hesitate moving a long term project to a new programming language before the initial hype has worn off.
Of course, Tor Project really can't control what most of firefox is written in, so any decisions they make about programming languages can't apply to the browser itself.