You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Changes in version 0.4.8.10 - 2023-12-08
This is a security release fixing a high severity bug (TROVE-2023-007)
affecting Exit relays supporting Conflux. We strongly recommend to update as
soon as possible.
o Major bugfixes (TROVE-2023-007, exit):
- Improper error propagation from a safety check in conflux leg
linking lead to a desynchronization of which legs were part of a
conflux set, ultimately causing a UAF and NULL pointer dereference
crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 08, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/12/08.
o Minor bugfixes (bridges, statistics):
- Correctly report statistics for client count over Pluggable
transport. Fixes bug 40871; bugfix on 0.4.8.4
Changes in version 0.4.8.9 - 2023-11-09
This is another security release fixing a high severity bug affecting onion
services which is tracked by TROVE-2023-006. We are also releasing a guard
major bugfix as well. If you are an onion service operator, we strongly
recommend to update as soon as possible.
o Major bugfixes (guard usage):
- When Tor excluded a guard due to temporary circuit restrictions,
it considered *additional* primary guards for potential usage by
that circuit. This could result in more than the specified number
of guards (currently 2) being used, long-term, by the tor client.
This could happen when a Guard was also selected as an Exit node,
but it was exacerbated by the Conflux guard restrictions. Both
instances have been fixed. Fixes bug 40876; bugfix
on 0.3.0.1-alpha.
o Major bugfixes (onion service, TROVE-2023-006):
- Fix a possible hard assert on a NULL pointer when recording a
failed rendezvous circuit on the service side for the MetricsPort.
Fixes bug 40883; bugfix on 0.4.8.1-alpha
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 09, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/09.
Changes in version 0.4.8.8 - 2023-11-03
We are releasing today a fix for a high security issue, TROVE-2023-004, that
is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
as soon as posssible.
o Major bugfixes (TROVE-2023-004, relay):
- Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. Fixes bug 40874; bugfix
on 0.2.7.2-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 03, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03.
o Minor bugfixes (directory authority):
- Look at the network parameter "maxunmeasuredbw" with the correct
spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
o Minor bugfixes (vanguards addon support):
- Count the conflux linked cell as valid when it is successfully
processed. This will quiet a spurious warn in the vanguards addon.
Fixes bug 40878; bugfix on 0.4.8.1-alpha.
Changes in version 0.4.8.7 - 2023-09-25
This version fixes a single major bug in the Conflux subsystem on the client
side. See below for more information. The upcoming Tor Browser 13 stable will
pick this up.
o Major bugfixes (conflux):
- Fix an issue that prevented us from pre-building more conflux sets
after existing sets had been used. Fixes bug 40862; bugfix
on 0.4.8.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 25, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/09/25.
Changes in version 0.4.8.6 - 2023-09-18
This version contains an important fix for onion service regarding congestion
control and its reliability. Apart from that, uneeded BUG warnings have been
suppressed especially about a compression bomb seen on relays. We strongly
recommend, in particular onion service operators, to upgrade as soon as
possible to this latest stable.
o Major bugfixes (onion service):
- Fix a reliability issue where services were expiring their
introduction points every consensus update. This caused
connectivity issues for clients caching the old descriptor and
intro points. Bug reported and fixed by gitlab user
@hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
o Minor features (debugging, compression):
- Log the input and output buffer sizes when we detect a potential
compression bomb. Diagnostic for ticket 40739.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 18, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/09/18.
o Minor bugfix (defensive programming):
- Disable multiple BUG warnings of a missing relay identity key when
starting an instance of Tor compiled without relay support. Fixes
bug 40848; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (bridge authority):
- When reporting a pseudo-networkstatus as a bridge authority, or
answering "ns/purpose/*" controller requests, include accurate
published-on dates from our list of router descriptors. Fixes bug
40855; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (compression, zstd):
- Use less frightening language and lower the log-level of our run-
time ABI compatibility check message in our Zstd compression
subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
The text was updated successfully, but these errors were encountered:
Wasabi currently bundles 0.4.8.5 (#11501). Newest version is 0.4.8.10, there have been some bugfixes.
Full list of changes:
The text was updated successfully, but these errors were encountered: