[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] Tor Browser 7.5.6 is released



Tor Browser 7.5.6 is now available from the Tor Browser Project page [1]
and also from our distribution directory.

    1: https://www.torproject.org/download/download-easy.html
    2: https://www.torproject.org/dist/torbrowser/7.5.6/

This release features important security updates [3] to Firefox.

    3: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/

Tor Browser 7.5.6 updates Firefox to 52.9.0esr and includes newer
versions of NoScript and HTTPS Everywhere. Moreover, we added the latest
Tor stable version, 0.3.3.7 [4].

    4: https://blog.torproject.org/tor-0337-released

This Tor Browser version additionally contains a number of backported
patches from the alpha, most notably the feature to treat cookies set
by .onion domain as secure as well [5].

    5: https://trac.torproject.org/projects/tor/ticket/21537

For Windows users we activated an option that prevents an accidental
proxy bypass when dealing with UNC paths [6].

    6: https://trac.torproject.org/projects/tor/ticket/26424

The full changelog since Tor Browser 7.5.5 is:

 * All platforms
   * Update Firefox to 52.9.0esr
   * Update Tor to 0.3.3.7
   * Update Tor Launcher to 0.2.14.5
     * Bug 20890: Increase control port connection timeout
   * Update HTTPS Everywhere to 2018.6.21
     * Bug 26451: Prevent HTTPS Everywhere from freezing the browser
   * Update NoScript to 5.1.8.6
   * Bug 21537: Mark .onion cookies as secure
   * Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
   * Bug 25721: Backport patches from Mozilla's bug 1448771
   * Bug 25147+25458: Sanitize HTML fragments for chrome documents
   * Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
 * Windows
   * Bug 26424: Disable UNC paths to prevent possible proxy bypasses

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce