Greetings,
We released today 0.4.9.5 stable release which is the first stable of the
0.4.9.x series.
Here is the announcement
https://forum.torproject.org/t/stable-release-0-4-9-5/21227
Worth noting that 0.4.8.x series is now on the deprecating path for the next
months and so we strongly encourage to upgrade as soon as possible.
The release notes below.
Cheers!
David
Changes in version 0.4.9.5 - 2026-02-12
This first stable release in the 0.4.9 series introduces a new
circuit-level encryption design for better client security, as well
as a more scalable way for large relay operators to annotate which
relays they run so clients can avoid using too many of them in a
single circuit.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major features (path selection):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family share a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.1-alpha.
o Major bugfixes (controller events):
- Fix spikes occurring in bandwidth cache events on control connection.
Fixes bug 31524; bugfix on 0.0.9pre5.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor features (client security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor features (exit relays):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (client extensibility):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor features (sandboxing):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor features (onion services):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow configuring
the minimum accepted relay version without requiring a new tor
release. Closes ticket 40817.
o Minor features (metrics port):
- New metrics on the MetricsPort for the number of BUG() calls that
occurred at runtime. Fixes bugs 40839 and 41104; bugfix on
0.4.7.1-alpha.
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (directory authority):
- Export unsigned consensus documents once we have seen a threshold
of signatures, as a step toward the consensus transparency
experiment.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 12, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database,
as retrieved on 2026/02/12.
o Minor features (windows):
- Various compilation fixes for our Windows CI. Closes ticket 41214.
o Minor bugfixes (exit relays):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. Fixes bug
41021; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (bridges):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (testing network):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (relay):
- Refuse to overwrite an existing *.secret_family_key when running
tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Removed features (relays):
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
o Removed features (directory authorities):
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
--
Ujvy1BFy+gzTuzkFTukHT4RrTnibOfMATpJQdf4zo7k=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-announce mailing list -- tor-announce@xxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to tor-announce-leave@xxxxxxxxxxxxxxxxxxxx