[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] Tor Browser 6.5.1 is released

To: tor-announce@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-announce] Tor Browser 6.5.1 is released
From: Nicolas Vigier <boklm@xxxxxxxxxxxxxxxx>
Date: Wed, 8 Mar 2017 10:20:46 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 08 Mar 2017 04:23:35 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-announce/>
List-help: <mailto:tor-announce-request@lists.torproject.org?subject=help>
List-id: "announce: Important announcements relating to Tor" <tor-announce.lists.torproject.org>
List-post: <mailto:tor-announce@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=unsubscribe>
Sender: "tor-announce" <tor-announce-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.23 (2014-03-12)

Tor Browser 6.5.1 is now available from the Tor Browser Project page [1]
and also from our distribution directory [2].

    1: https://www.torproject.org/download/download-easy.html
    2: https://www.torproject.org/dist/torbrowser/6.5.1/

This release features important security updates [3] to Firefox.

    3: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/

This is the first minor release in the 6.5 series and it mainly contains
updates to several of our Tor Browser components: Firefox got updated
to 45.8.0esr, Tor to 0.2.9.10, OpenSSL to 1.0.1k, and HTTPS-Everywhere
to 5.2.11. 

Additionally, we updated the bridges we ship with Tor Browser and fixed
some regressions that came with our last release.

In Tor Browser 6.5 we introduced filtering of content requests to
resource:// and chrome:// URIs [4] in order to neuter a fingerprinting
vector. This change however breaks the Session Manager addon [5]. Users
who think having extensions like that one working is much more important
than avoiding the possible information leakage associated with that can
now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting'
preference, setting it to 'true' to disable our defense against this
type of fingerprinting. 

    4: https://trac.torproject.org/projects/tor/ticket/8725
    5: https://trac.torproject.org/projects/tor/ticket/21396

An other regression introduced in Tor Browser 6.5 is the resizing of
the window [6]. We are currently working on a fix for this issue.

    6: https://trac.torproject.org/projects/tor/ticket/20905

Here is the full changelog since 6.5:

 * All Platforms
   * Update Firefox to 45.8.0esr
   * Tor to 0.2.9.10
   * OpenSSL to 1.0.2k
   * Update Torbutton to 1.9.6.14
     * Bug 21396: Allow leaking of resource/chrome URIs (off by default)
     * Bug 21574: Add link for zh manual and create manual links dynamically
     * Bug 21330: Non-usable scrollbar appears in tor browser security settings
     * Translation updates
   * Update HTTPS-Everywhere to 5.2.11
   * Bug 21514: Restore W^X JIT implementation removed from ESR45
   * Bug 21536: Remove scramblesuit bridge
   * Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
 * Linux
   * Bug 21326: Update the "Using a system-installed Tor" section in start script

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

Prev by Author: [tor-announce] Tor 0.2.9.10 is released
Previous by thread: [tor-announce] Tor 0.2.9.10 is released
Index(es):
- Author
- Thread