[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] [RELEASE] Security Release of Tor - 0.4.8.9



Greetings,

We have just put out a security release of C-tor:

https://forum.torproject.org/t/security-release-0-4-8-9/10155

Here is the changelog.
Cheers!

Changes in version 0.4.8.9 - 2023-11-09
  This is another security release fixing a high severity bug affecting onion
  services which is tracked by TROVE-2023-006. We are also releasing a guard
  major bugfix as well. If you are an onion service operator, we strongly
  recommend to update as soon as possible.

  o Major bugfixes (guard usage):
    - When Tor excluded a guard due to temporary circuit restrictions,
      it considered *additional* primary guards for potential usage by
      that circuit. This could result in more than the specified number
      of guards (currently 2) being used, long-term, by the tor client.
      This could happen when a Guard was also selected as an Exit node,
      but it was exacerbated by the Conflux guard restrictions. Both
      instances have been fixed. Fixes bug 40876; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (onion service, TROVE-2023-006):
    - Fix a possible hard assert on a NULL pointer when recording a
      failed rendezvous circuit on the service side for the MetricsPort.
      Fixes bug 40883; bugfix on 0.4.8.1-alpha

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 09, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/11/09.

-- 
t7qMgZ+4ZWHcUKLU6S12UPw6gttdkJVfcSjOX8+FeL8=

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce