This version of Tor is the latest in the 0.3.2 alpha series. It includes fixes for several important security issues. All Tor users should upgrade to this release, or to one of the other releases coming out today. (The next announcement will be about the stable releases.)
Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, including a fix for intermittent bootstrapping failures that some people have been seeing since the 0.3.0.x series.
You can download the source from the usual place on the website. Binary packages should be available soon. Tor Browser is likely to skip this alpha, and pick up the next one, which should be out in early November.
Remember: This is an alpha release, and it's likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.
Please test this alpha out -- many of these fixes will soon be backported to stable Tor versions if no additional bugs are found in them.
Changes in version 0.3.2.5-alpha - 2017-11-22
- Major bugfixes (bootstrapping):
- Fetch descriptors aggressively whenever we lack enough to build circuits, regardless of how many descriptors we are missing. Previously, we would delay launching the fetch when we had fewer than 15 missing descriptors, even if some of those descriptors were blocking circuits from building. Fixes bug 23985; bugfix on 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, when we began treating missing descriptors from our primary guards as a reason to delay circuits.
- Don't try fetching microdescriptors from relays that have failed to deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.
- Minor features (directory authority):
- Make the "Exit" flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.
Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, especially including a major reliability issue that has been plaguing fast exit relays in recent months.
Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes numerous small bugs in earlier versions of 0.3.2.x, and adds a new directory authority, Bastet.
Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It includes support for our next-generation ("v3") onion service protocol, and adds a new circuit scheduler for more responsive forwarding decisions from relays. There are also numerous other small features and bugfixes here.
There's a new stable Tor release series available! After months of work, you can now download the source code for Tor 0.3.1.7 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.
Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
Hello! We found a security issue in the onion service code (CVE-2017-0380, TROVE-2017-008) that can cause sensitive information to be written to your logs if you have set the SafeLogging option to 0. If you are not running an onion service, or you have not changed the SafeLogging option from its default, you are not affected. If you are running 0.2.5, you are not affected. (0.2.4, 0.2.6, and 0.2.7 are no longer supported.) For more information, including workaround steps, see the advisory.
Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1 release series, including a bug that produced weird behavior on Windows directory caches.
This is the first release candidate in the Tor 0.3.1 series. If we find no new bugs or regressions here, the first stable 0.3.1 release will be nearly identical to it. Please help find bugs! If we don't find any new critical problems, we'll be calling this release series "stable" soon.
If you build Tor from source, you can find Tor 0.3.1.6-rc at the usual place (at the Download page on our website). Otherwise, you'll probably want to wait until packages are available. There should be a new Tor Browser release later this month.
Changes in version 0.3.1.6-rc - 2017-09-05
- Major bugfixes (windows, directory cache):
- On Windows, do not try to delete cached consensus documents and diffs before they are unmapped from memory--Windows won't allow that. Instead, allow the consensus cache directory to grow larger, to hold files that might need to stay around longer. Fixes bug 22752; bugfix on 0.3.1.1-alpha.
- Minor features (directory authority):
- Improve the message that authorities report to relays that present RSA/Ed25519 keypairs that conflict with previously pinned keys. Closes ticket 22348.
Source code for a new Tor release (0.3.0.10) is now available on the website; packages should be available over the next several days. The Tor Browser team tells me they will have a release out next week.
Reminder: Tor 0.2.4, 0.2.6, and 0.2.7 are no longer supported, as of 1 August of this year. If you need a release with long-term support, 0.2.9 is what we recommend: we plan to support it until at least 1 Jan 2020.
Tor 0.3.0.10 backports a collection of small-to-medium bugfixes from the current Tor alpha series. OpenBSD users and TPROXY users should upgrade; others are probably okay sticking with 0.3.0.9.
Changes in version 0.3.0.10 - 2017-08-02
- Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
- Tor's repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the "Integrations" menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
- Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
- Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ".