[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Upcoming stable releases to fix a medium-severity security issue


I'm planning to put out new Tor source releases some time Thursday or
Friday.  They will be versions,,, and

These versions will, among the usual array of bugfixes, fix a
medium-severity security issue: a remote denial-of-service attack
vector against relays and clients running version and
later. While we don't currently know an exploit for the issue, we hope
that all affected relays will upgrade.  The issue is traced as
TROVE-2019-001, Tor bug #29168, and CVE-2019-8955.

One more reminder: the 0.3.3.x series was scheduled to reach
end-of-life as of February 22.  We've extended that to February 28,
but after that date, there will be no more security updates for the
0.3.3.x series.  If you need a version that will receive long-term
support, we recommend that you stick with 0.3.5.x, which will be
supported until 2022.

best wishes,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to