[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] Tor Browser 8.0.1 is released

To: tor-announce@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-announce] Tor Browser 8.0.1 is released
From: Nicolas Vigier <boklm@xxxxxxxxxxxxxxxx>
Date: Sat, 22 Sep 2018 18:54:53 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 22 Sep 2018 12:55:51 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-announce/>
List-help: <mailto:tor-announce-request@lists.torproject.org?subject=help>
List-id: "announce: Important announcements relating to Tor" <tor-announce.lists.torproject.org>
List-post: <mailto:tor-announce@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=unsubscribe>
Sender: "tor-announce" <tor-announce-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.23 (2014-03-12)

Tor Browser 8.0.1 is now available from the Tor Browser Project page [1]
and also from our distribution directory [2].

1: https://www.torproject.org/download/download-easy.html
2: https://www.torproject.org/dist/torbrowser/8.0.1/

This release features important security updates [3] to Firefox. Note
that we just picked up the necessary patches this time but did not bump
the Firefox version to 60.2.1esr as we needed to start building before
Mozilla was ready. Thus, users are fine with Tor Browser 8.0.1 even if
the Firefox version says 60.2.0esr.

3: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/

Moreover, Alex Catarineu from Cliqz found a mistake we made that would
make it possible to trick a user into installing an unsigned Torbutton
extension. Thus, all users are encouraged to update older Tor Browser
versions to 8.0.1 and keep in mind that installing third party extensions
is potentially dangerous to Tor Browser's privacy guarantees and
therefore strongly discouraged.

Tor Browser 8.0.1 is shipping the first stable Tor in the 0.3.4 series
(0.3.4.8) which solves an annoying crash bug [4] on older macOS systems
(10.9.x).

4: https://trac.torproject.org/projects/tor/ticket/27482

We found a better solution to our User Agent treatment [5]: on desktop
platforms Tor Browser will send a Windows User Agent at the network
level now while still allowing to query the unspoofed User Agent with
JavaScript. This takes concerns about any server passively logging the
User Agent into account while still avoiding broken websites as good as
we can. Thanks to everyone who helped with this issue.

5: https://trac.torproject.org/projects/tor/ticket/26146

Finally, we included a banner for signing up to Tor News which allows
anyone to stay up-to-date about things going on in the Tor universe
(which is, admittedly, sometimes hard to keep track of).

_Known Issues_

We already collected a number of unresolved bugs since Tor Browser
7.5.6 and tagged them with our tbb-8.0-issues [6] keyword to keep them
on our radar. While we fixed a number of them for the 8.0.1 release,
there are still issues remaining. The most important ones are listed
below:

6: https://trac.torproject.org/projects/tor/query?status=!closed&amp;keywords=~tbb-8.0-issues

* WebGL is broken [7] right now.

7: https://trac.torproject.org/projects/tor/ticket/27290

* Accessibility support is broken [8] on Windows. We are considering
options to address this issue right now.

8: https://trac.torproject.org/projects/tor/ticket/27503

* Tor Browser 8 is not starting anymore on some older Ubuntu/Mint
Linux systems [9]. We still have issues to reproduce this bug but
hope we can fix it in the next release.

9: https://trac.torproject.org/projects/tor/ticket/27508

* Tor Browser 8 is not starting anymore on CentOS 6 [10]. We have a
fix in our upcoming 8.5a2 to give it a bit of testing. Users affected
by this bug may resort to that alpha version for now. We plan to
backport the patch in the next stable release.

10: https://trac.torproject.org/projects/tor/ticket/27552

* NoScript is not saving per-site permissions anymore [11]. We have
a potential patch for this bug in our 8.5a2 release as well and
plan to backport it, too, in the next stable release in case no
issues with it are found.

11: https://trac.torproject.org/projects/tor/ticket/27175

Note: The changelog file has an incorrect release date (September 24
instead of September 22).

The full changelog since Tor Browser 8.0 is:

* All platforms
* Update Tor to 0.3.4.8
* Update Torbutton to 2.0.7
* Bug 27097: Tor News signup banner
* Bug 27663: Add New Identity menuitem again
* Bug 26624: Only block OBJECT on highest slider level
* Bug 26555: Don't show IP address for meek or snowflake
* Bug 27478: Torbutton icons for dark theme
* Bug 27506+14520: Move status version to upper left corner for RTL locales
* Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
* Bug 27558: Update the link to "Your Guard note may not change" text
* Translations update
* Update Tor Launcher to 0.2.16.6
* Bug 27469: Adapt Moat URLs
* Translations update
* Clean-up
* Update NoScript to 10.1.9.6
* Bug 27763: Restrict Torbutton signing exemption to mobile
* Bug 26146: Spoof HTTP User-Agent header for desktop platforms
* Bug 27543: QR code is broken on web.whatsapp.com
* Bug 27264: Bookmark items are not visible on the boomark toolbar
* Bug 27535: Enable TLS 1.3 draft version
* Backport of Mozilla bug 1490585, 1475775, and 1489744
* OS X
* Bug 27482: Fix crash during start-up on macOS 10.9.x systems
* Linux
* Bug 26556: Fix broken Tor Browser icon path on Linux

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

Prev by Author: [tor-announce] Tor Browser 8.0 is released
Previous by thread: [tor-announce] Tor 0.3.4.8 is released! (Also 0.2.9.17, 0.3.2.12, and 0.3.3.10).
Index(es):
- Author
- Thread