Greetings, We have just put out a security release of C-tor: https://forum.torproject.org/t/security-release-0-4-8-9/10155 Here is the changelog. Cheers! Changes in version 0.4.8.9 - 2023-11-09 This is another security release fixing a high severity bug affecting onion services which is tracked by TROVE-2023-006. We are also releasing a guard major bugfix as well. If you are an onion service operator, we strongly recommend to update as soon as possible. o Major bugfixes (guard usage): - When Tor excluded a guard due to temporary circuit restrictions, it considered *additional* primary guards for potential usage by that circuit. This could result in more than the specified number of guards (currently 2) being used, long-term, by the tor client. This could happen when a Guard was also selected as an Exit node, but it was exacerbated by the Conflux guard restrictions. Both instances have been fixed. Fixes bug 40876; bugfix on 0.3.0.1-alpha. o Major bugfixes (onion service, TROVE-2023-006): - Fix a possible hard assert on a NULL pointer when recording a failed rendezvous circuit on the service side for the MetricsPort. Fixes bug 40883; bugfix on 0.4.8.1-alpha o Minor features (fallbackdir): - Regenerate fallback directories generated on November 09, 2023. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/11/09. -- t7qMgZ+4ZWHcUKLU6S12UPw6gttdkJVfcSjOX8+FeL8=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-announce mailing list tor-announce@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce