April 2025 - tor-announce - lists.torproject.org

New Release: Tor Browser 14.5.1 (Android, Windows, macOS, Linux)
by Giorgio Maone 29 Apr '25

29 Apr '25

Hi everyone, Tor Browser 14.5.1 has now been published for all platforms. For details please see our blog post <https://blog.torproject.org/new-release-tor-browser-1451/>. Changelog: * All Platforms o Bug tor-browser#43670 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43670>: Rebase stable onto 128.10.0esr o Bug tor-browser#43691 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43691>: Backport security fixes from Firefox 138 o Bug tor-browser-build#41446 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update anti-censorship.gpg keyring with shelikhoo's latest public key * Windows + macOS + Linux o Updated Firefox to 128.10.0esr o Bug tor-browser#43659 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43659>: Set new tabs to default to Tor Browser Home (about:tor) on desktop o Bug tor-browser#43672 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43672>: Incorrect initial letterbox size when the interface font size is 13px. * Android o Updated GeckoView to 128.10.0esr * Build System o All Platforms + Bug tor-browser-build#41435 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Skip update-responses update entries for versions without incremental or full update mar -- ma1

1 0

New Release: Tor Browser 13.5.16 (Windows Windows 7/8/8.1, macOS 10.12-10.14)
by Giorgio Maone 29 Apr '25

29 Apr '25

Hi everyone, Tor Browser 13.5.16 has now been published for legacy Windows and macOS platforms. For details please see our blog post <https://blog.torproject.org/new-release-tor-browser-13516/>. Changelog: * All Platforms o Updated Firefox to 115.23.0esr o Bug tor-browser#43673 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43673>: Rebase Tor Browser 13.5.x onto Firefox 115.23.0esr o Bug tor-browser#43691 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43691>: Backport security fixes from Firefox 138 -- ma1

1 0

New Release: Tor Browser 14.5 (Android, Windows, macOS, Linux)
by Giorgio Maone 16 Apr '25

16 Apr '25

Hi everyone, Tor Browser 14.5 has now been published for all platforms. For details please see our blog post <https://blog.torproject.org/new-release-tor-browser-145/>. Changelog: * All Platforms o Bug tor-browser#41710 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41710>: Refactor about:torconnects relation to TorConnectParent o Bug tor-browser#41921 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41921>: Clean up initialisation and bridges conflict between TorSettings and TorConnect o Bug tor-browser#42300 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42300>: Do not store logs inside TorProvider o Bug tor-browser#43308 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43308>: Only allow "about:" pages to have access to contentaccessible branding assets o Bug tor-browser#43323 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43323>: Expose a stable asset from chrome:// to identify Tor, Base, and Mullvad Browser o Bug tor-browser#43334 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43334>: Developer Tools lacks data for Responsive Design Mode and Compatibility o Bug tor-browser#43336 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43336>: Move branding files out of torbutton o Bug tor-browser#43337 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43337>: Add branding files to translation CI o Bug tor-browser#43345 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43345>: Translation CI: Exclude android strings from the legacy branch o Bug tor-browser#43446 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43446>: Change the Tor Browser name between releases o Bug tor-browser#43463 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43463>: Include moat circumvention countries in the build (tor-browser part) o Bug tor-browser#43488 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43488>: Handle Moat connection errors and other non-bootstrapping errors in TorConnect o Bug tor-browser#43490 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43490>: Use lower case "n" for "Tor network" in the UI o Bug tor-browser#43524 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43524>: Enable new locales: be, bg and pt-PT o Bug tor-browser#43529 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43529>: AutoBootstrapAttempt cancel does not await BootstrapAttempt.cancel o Bug tor-browser#43551 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43551>: Backport Mozilla Bug 1924070 - modify H.264 extradata to match sample conversion code. o Bug tor-browser#43575 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43575>: Cleanup channel preferences o Bug tor-browser#43628 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43628>: Handle unavailability of NetworkLinkService API in Tor Connect * Windows + macOS + Linux o Bug tor-browser#40473 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40473>: Tor logs UI not updated as new logs come in o Bug tor-browser#41051 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41051>: Replace Noto Sans Myanmar with Pyidaungsu o Bug tor-browser#41755 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41755>: Show the link to about:support in the help menu o Bug tor-browser#41831 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41831>: Some .tor.onion sites are not displaying the underlying V3 onion address o Bug tor-browser#41919 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41919>: Add temporarily visible web content-size overlay after resizing window when letterboxing is enabled o Bug tor-browser#42186 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42186>: Drop about:tbupdate o Bug tor-browser#42550 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42550>: Do not re-try auto-bootstrapping after the user selects a specific region in about:torconnect o Bug tor-browser#42597 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42597>: Lox.generateInvite does not convert JSON object to string o Bug tor-browser#42656 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42656>: about:torconnect new url location override (maybeUpdateOpenLocationForTorConnect) mostly does nothing o Bug tor-browser#42670 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42670>: Letterboxing sometimes visible even if disabled o Bug tor-browser#42720 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42720>: Link to release notes missing from "About Tor Browser" window o Bug tor-browser#42739 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42739>: Fix localization in the profile error dialog o Bug tor-browser#42802 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42802>: Make use of |:has| CSS selector o Bug tor-browser#43130 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43130>: Adjust preferences for contrast theme or forced colors o Bug tor-browser#43189 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43189>: Remove privacy.resistFingerprinting.spoofOsInUserAgentHeader machinery entirely o Bug tor-browser#43205 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43205>: newwin / letterboxing rounding with subpixels is off o Bug tor-browser#43237 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43237>: Tweak Tor circuit display panel for screen readers o Bug tor-browser#43254 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43254>: Cancel Moat requests when no longer needed o Bug tor-browser#43263 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43263>: Onion site keys: add some alerts for screen readers o Bug tor-browser#43294 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43294>: Replace |Actor| |willDestroy| with |didDestroy| o Bug tor-browser#43314 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43314>: Tidy up connection preferences for screen readers and keyboard users o Bug tor-browser#43320 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43320>: Improve how bridge settings appear in search results o Bug tor-browser#43321 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43321>: Do not focus the connect button if the user has never connected before o Bug tor-browser#43328 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43328>: Improve tor log dialog o Bug tor-browser#43398 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43398>: tor-urlbar-button-plain hover styling is overwritten by tor-button rule o Bug tor-browser#43405 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43405>: Handle failing to apply tor settings o Bug tor-browser#43406 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43406>: Hide the "Onion Available" button whilst the "Connect" button is shown o Bug tor-browser#43461 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43461>: Drop our wordmark padding o Bug tor-browser#43462 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43462>: Use NetworkLinkService instead of Moat for the internet test o Bug tor-browser#43465 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43465>: Show the urlbar Connect button during a bootstrap or final error o Bug tor-browser#43466 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43466>: Drop unnecessary CSS rules in branding aboutDialog.css o Bug tor-browser#43647 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43647>: Race condition in about:tor prevents displaying localised survey banner o Bug tor-browser#43469 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43469>: Rename "Quickstart" toggle as "Connect automatically" (Desktop) o Bug tor-browser#43502 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43502>: Move openTorConnect and getRedirectUrl to TorConnectParent o Bug tor-browser#43531 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43531>: Use "label" attribute rather than textContent for the bridge dialog XUL buttons o Bug tor-browser#43547 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43547>: Cannot remove the final bridge o Bug tor-browser#43563 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43563>: TorConnect country/region names should change based on the app language o Bug tor-browser#43632 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43632>: Letterboxing size indicator may display data from a background tab o Bug tor-browser#43642 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43642>: New tab shows letterboxing size indicator o Bug tor-browser#43653 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43653>: privacy.resistFingerprinting.spoofOsInUserAgentHeader is still in our pref file even though we ripped out the code * Windows o Bug tor-browser#43402 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43402>: set browser.startup.blankWindow false * Linux o Bug tor-browser#30970 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30970>: Different window borders in XFCE can lead to different, not rounded window sizes o Bug tor-browser#41786 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41786>: Remove old fontconfig stuff at the next watershed update o Bug tor-browser#41799 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41799>: Make lack of fonts.conf less of a footgun o Bug tor-browser#43330 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43330>: System fonts leak when emptying the allow list on Linux o Bug tor-browser-build#41297 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add video codecs dependencies (recommends) on the Debian package o Bug tor-browser-build#41298 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove |--detach| parameter from .desktop files o Bug tor-browser-build#41312 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove comment in start-browser about --class and --name parameters * Android o Bug tor-browser#41188 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41188>: Implement Android-native Connection Assist UI o Bug tor-browser#42251 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42251>: Expose TorConnect lifecycle events to fenix o Bug tor-browser#42651 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42651>: Finishing bootstrapping kicks the user out of settings, interupting whatever they were doing o Bug tor-browser#43091 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43091>: Delete unused android strings o Bug tor-browser#43198 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43198>: Remove "Learn more" link from Android's no-internet error o Bug tor-browser#43199 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43199>: Bootstrapping bar needs a little TLC on Android (Part 1) o Bug tor-browser#43222 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43222>: All tor logs timestamps reset to current time when opening screen o Bug tor-browser#43229 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43229>: Buttons that open links can be accessed before torbrowser is bootstrapped, leaving the app in a bad state o Bug tor-browser#43232 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43232>: Make the Android Meek transport easier to debug o Bug tor-browser#43241 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43241>: Improve hiding non-private tab features on Android o Bug tor-browser#43251 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43251>: Enable tab suggestions and autocomplete for private tabs on Android o Bug tor-browser#43329 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43329>: Remove remaining traces of the old Bootstrap on Android o Bug tor-browser#43350 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43350>: Remove all caps comment from android string o Bug tor-browser#43351 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43351>: Don't force ALL CAPS for the fenix snackbar action button text o Bug tor-browser#43359 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43359>: Improper handling of TorBootstrapChangeListener with respect to system onDestroy() calls for HomeActivity o Bug tor-browser#43360 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43360>: Replace custom variable isBeingRecreated with built-in isFinishing function o Bug tor-browser#43361 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43361>: Move code relating to |onTerminate()| in |FenixApplication.kt| o Bug tor-browser#43368 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43368>: Add @Suppress for incorrect linting error "Overriding method should call super. onNewIntent" o Bug tor-browser#43408 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43408>: Access TorConnect.quickstart separately from TorSettings.getSettings on Android o Bug tor-browser#43464 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43464>: TBA Alpha and Nightly cannot be debugged with about:debugging o Bug tor-browser#43473 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43473>: Rename "Quickstart" toggle as "Connect automatically" (Android) o Bug tor-browser#43480 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43480>: Split up TorConnectionAssistViewModel for better readibility and performance. o Bug tor-browser#43498 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43498>: Uplift tor-browser#43129: about:neterror cannot display SVG on Android with Security Level Safest o Bug tor-browser#43528 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43528>: Improper handling of TorBootstrapChangeListener in HomeActivity o Bug tor-browser#43565 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43565>: The quit button on Android doesn't actually exit o Bug tor-browser#43576 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43576>: Connection Assist on Android Polish o Bug tor-browser#43581 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43581>: Bookmarks are failing to load on Tor Browser Android Alpha 14.5a5 o Bug tor-browser#43593 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43593>: Use "region" instead of "country" in connect assist o Bug tor-browser#43604 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43604>: TorDomainIsolator routinely clears Android browser circuit data o Bug tor-browser#43648 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43648>: Survey banner isn't displaying for other locales on Android o Bug tor-browser#43633 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43633>: TorAndroidIntegration.regionNamesGet() always returns region names in english o Bug tor-browser-build#41422 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Patch viaduct in Application Services to always return a backend error * Build System o All Platforms + Bug tor-browser-build#41040 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add configuration to rbm.conf to select channel and platforms + Bug tor-browser-build#41121 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Use the official Go binaries for bootstrapping + Bug tor-browser-build#41281 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Better dev defaults for fetch variable + Bug tor-browser-build#41288 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Avoid unneeded git checkouts when possible + Bug tor-browser-build#41304 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add a browser commit tag+signing script + Bug tor-browser-build#41306 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Container dependencies are sorted before resolving templates + Bug tor-browser-build#41307 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Container dependencies are not filtered for duplicates + Bug tor-browser-build#41326 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove var/torbrowser_legacy_version from rbm.conf in alpha/nightly + Bug tor-browser-build#41358 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update sign-tag script to handle rapid-release nightly branches + Bug tor-browser-build#41365 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Indent download*.json files + Bug tor-browser-build#41372 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Handle branding names in tor-browser-build + Bug tor-browser-build#41379 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Include moat circumvention countries in the build (tor-browser-build part) + Bug tor-browser-build#41381 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Usability improvements for the browser commit tagging script + Bug tor-browser-build#41389 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove need to update set-config.tbb-version + Bug tor-browser-build#41394 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Fix upload-update_responses-to-staticiforme for mullvadbrowser + Bug tor-browser-build#41398 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Build snowflake from main on nightlies + Bug tor-browser-build#41406 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Restore -desktop and -android Makefile targets. + Bug tor-browser-build#41409 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Create a script for quickly setting up protected branches + Bug tor-browser-build#41411 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update licenses for PTs + Bug tor-browser-build#41417 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Bump the conjure version we ship + Bug tor-browser-build#41419 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add comment in downloads.json to mention that the file is deprecated, and that download-$platform.json should be used instead + Bug tor-browser-build#41426 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Set the Lyrebird version + Bug rbm#40006 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40006>: Add option to avoid doing a git checkout when using the exec template function + Bug rbm#40079 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40079>: Make |fetch: if_needed| fetch existing branches + Bug rbm#40081 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40081>: Support apt option for not installing recommended dependencies + Bug rbm#40082 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40082>: With |fetch: if_needed|, rbm is doing a git fetch when it shouldn't, when using a fixed commit + Bug rbm#40083 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40083>: rbm creates out/$project directories with mode 0700 o Windows + Linux + Android + Updated Go to 1.23.8 + Bug tor-browser-build#41386 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Upgrade Go to 1.23 for Windows, Linux, and Android o Windows + macOS + Linux + Bug tor-browser-build#40799 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove legacy locale iteration in build and signing scripts + Bug tor-browser-build#41356 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add redirects to make 14.0a4 a watershed + Bug tor-browser-build#41363 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Change update-response generation script to create one commit per OS+arch tuple + Bug tor-browser-build#41374 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove support for migrate_archs and migrate_langs in update_responses + Bug tor-browser-build#41401 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Replace Noto Sans Myanmar with Pyidaungsu o Windows + macOS + Bug tor-browser-build#41349 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Wrong copyright year makes build non-reproducible o macOS + Bug tor-browser-build#41403 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: The rcodesign step has a wrong dmg name in alpha o Linux + Bug tor-browser-build#41142 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Complete the toolchain for linux-aarch64 + Bug tor-browser-build#41266 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Build the Tor and Mullvad Browsers for aarch64 Linux + Bug tor-browser-build#41329 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Do not install python2.7-minimal in the linux-aarch64 firefox container + Bug tor-browser-build#41331 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Make update_responses find linux-aarch64 mar files o Android + Bug tor-browser#42669 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42669>: Convert majority of application-services functionality to no-op + Bug tor-browser#43518 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43518>: Verify existence of localProperties.dependencySubstitutions.geckoviewTopsrcdir before substituting + Bug tor-browser-build#41387 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Fix Golang toolchain breakage for lyrebird: linkname + Bug tor-browser-build#41400 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add branding localization to GeckoView -- ma1

1 0

New Release: Tor Browser 14.5a6 (Android, Windows, macOS, Linux)
by Giorgio Maone 09 Apr '25

09 Apr '25

Hi everyone, Tor Browser 14.5a6 has now been published for all platforms. For details please see our blog post <https://blog.torproject.org/new-alpha-release-tor-browser-145a6/>. Changelog: * All Platforms o Updated Tor to 0.4.9.2-alpha o Bug tor-browser#43322 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43322>: Stop blocking all fonts in FontFace o Bug tor-browser#43443 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43443>: Drop effective top level domain for |au.securedrop.tor.onion| o Bug tor-browser#43585 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43585>: Rebase Tor Browser alpha onto 128.9.0esr o Bug tor-browser#43601 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43601>: Backport security fixes from Firefox 137 o Bug tor-browser#43628 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43628>: Handle unavailability of NetworkLinkService API in Tor Connect o Bug tor-browser-build#41425 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Snowflake needs to be listed separately on torrc-defaults * Windows + macOS + Linux o Updated Firefox to 128.9.0esr o Bug tor-browser#41919 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41919>: Add temporarily visible web content-size overlay after resizing window when letterboxing is enabled o Bug tor-browser#43130 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43130>: Adjust preferences for contrast theme or forced colors o Bug tor-browser#43531 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43531>: Use "label" attribute rather than textContent for the bridge dialog XUL buttons o Bug tor-browser#43563 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43563>: TorConnect country/region names should change based on the app language * Android o Updated GeckoView to 128.9.0esr o Bug tor-browser#43464 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43464>: TBA Alpha and Nightly cannot be debugged with about:debugging o Bug tor-browser#43565 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43565>: The quit button on Android doesn't actually exit o Bug tor-browser#43576 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43576>: Connection Assist on Android Polish o Bug tor-browser#43581 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43581>: Bookmarks are failing to load on Tor Browser Android Alpha 14.5a5 o Bug tor-browser#43593 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43593>: Use "region" instead of "country" in connect assist o Bug tor-browser#43604 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43604>: TorDomainIsolator routinely clears Android browser circuit data o Bug tor-browser-build#41422 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Patch viaduct in Application Services to always return a backend error * Build System o All Platforms + Updated Go to 1.23.8 + Bug tor-browser-build#41365 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Indent download*.json files + Bug tor-browser-build#41406 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Restore -desktop and -android Makefile targets. + Bug tor-browser-build#41407 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Use Lyrebird also for the Snowflake PT + Bug tor-browser-build#41409 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Create a script for quickly setting up protected branches + Bug tor-browser-build#41411 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update licenses for PTs + Bug tor-browser-build#41417 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Bump the conjure version we ship + Bug tor-browser-build#41419 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add comment in downloads.json to mention that the file is deprecated, and that download-$platform.json should be used instead + Bug tor-browser-build#41420 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update the changelog script for label updates + Bug tor-browser-build#41426 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Set the Lyrebird version + Bug rbm#40083 <https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40083>: rbm creates out/$project directories with mode 0700 o macOS + Bug tor-browser-build#41403 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: The rcodesign step has a wrong dmg name in alpha o Android + Bug tor-browser-build#41400 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add branding localization to GeckoView + Bug tor-browser-build#41410 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Use the Lyrebird name on Android -- ma1

1 0

[RELEASE] Tor alpha 0.4.9.2-alpha
by David Goulet 02 Apr '25

02 Apr '25

Greetings, We just release the second alpha of the 0.4.9.x series. https://forum.torproject.org/t/alpha-release-0-4-9-2-alpha/18206 Here it the rather large ChangeLog. Cheers! David Changes in version 0.4.9.2-alpha - 2025-04-02 This is the second alpha of the 0.4.9.x series. We have several new minor features and a big one, the happy families that was long awaited by relay operators. This release also fixes a number of bugs including major ones. o Major feature (happy families): - Clients and relays now support "happy families", a system to simplify relay family operation and improve directory performance. With "happy families", relays in a family shares a secret "family key", which they use to prove their membership in the family. Implements proposal 321; closes ticket 41009. Note that until enough clients are upgraded, relay operators will still need to configure MyFamily lists. But once clients no longer depend on those lists, we will be able to remove them entirely, thereby simplifying family operation, and making microdescriptor downloads approximately 80% smaller. For more information, see https://community.torproject.org/relay/setup/post-install/family-ids/ o Major features (client): - Clients now respect "happy families" per proposal 321. This feature will eventually allow a much more compact representation for relay families, for a significant savings in directory download size. o Minor feature (onion service, control port): - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst from torrc. o Minor feature (testing, CI): - Use a fixed version of chutney (be881a1e) instead of its current HEAD. This version should also be preferred when testing locally. o Minor features (compilation): - Fix a warning when compiling with GCC 14.2. Closes 41032. o Minor features (continuous integration): - Upgrade CI runners to use Debian Bookworm instead of Bullseye. Closes ticket 41029. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 05, 2025. - Regenerate fallback directories generated on March 20, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/02/05. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/20. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/24. o Minor features (recommended protocols): - Directory authorities now vote to recommend that clients support certain protocols beyond those that are required. These include improved support for connecting to relays on IPv6, NtorV3, and congestion control. Part of ticket 40836. o Minor features (required protocols): - Directory authorities now vote to require clients to support the authenticated SENDME feature, which was introduced in 0.4.1.1-alpha. Part of ticket 40836. - Directory authorities now vote to require relays to support certain protocols, all of which have been implemented since 0.4.7.4-alpha or earlier. These include improved support for connecting to relays on IPv6, NtorV3, running as a rate-limited introduction point, authenticated SENDMEs, and congestion control. Part of ticket 40836. o Major bugfix (control-events, bw-cache): - Fixes spikes occurring in bandwidth cache on control connection. Fixes bug 31524; bugfix on 0.4.8.12-dev. o Major bugfixes (conflux): - Ensure conflux guards obey family and subnet restrictions. Fixes bug 40976; bugfix on 0.4.8.13. o Major bugfixes (onion service directory cache): - When the OOM killer kicks in, cleanup the descriptor cache of an HSDir by looking at the lowest downloaded count instead of time in cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha. o Minor bugfix (client DNS): - Handle empty DNS reply without sending back an error and instead send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248; o Minor bugfix (conflux): - Avoid a non fatal assert when describing a conflux circuit on the control port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfix (dirauth): - Fix typo in flag assignment approved-routers file. Fixes bug 41035; bugfix on 0.4.8.15 o Minor bugfixes (control port): - Correctly report conflux pair information to controller fields Fixes bug 40872; bugfix on 0.4.8.1-alpha o Minor bugfixes (directory authorities): - After we added layer-two vanguards, directory authorities wouldn't think any of their vanguards were suitable for circuits, leading to a "Failed to find node for hop #2 of our path. Discarding this circuit." log message once per second from startup until they made a fresh consensus. Now they look to their existing consensus on startup, letting them build circuits properly from the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha. o Minor bugfixes (relay flag usage): - Fix client usage of the MiddleOnly flag so that MiddleOnly relays are not used as HS IP or RP by clients or services. Additionally, give dirauths the ability to remove specific flags, as an alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha o Minor bugfixes (sandbox, bwauth): - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on 0.2.2.1-alpha o Minor bugfixes (tests): - Fix a test failure with OpenSSL builds running at security level 1 or greater, which does not permit SHA-1 certificates. (Fixes bug 41021; bugfix on 0.2.8.1-alpha.) o Minor bugfixes (threads, memory): - Improvements in cleanup of resources used by threads. Fixes bug 40991; bugfix on 0.4.8.13-dev. - Rework start and exit of worker threads. o Removed features: - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" authentication method, which used a dangerously short RSA key, and which required access TLS session internals. The current method ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. Closes ticket 41020. -- PEQQHf0Mu+LG/0COSU7iNuNQPwIUol84CpOuS0SYbXY=

1 0

New Release: Tor Browser 14.0.9 (Android, Windows, macOS, Linux)
by Giorgio Maone 01 Apr '25

01 Apr '25

Hi everyone, Tor Browser 14.0.9 has now been published for all platforms. For details please see our blog post <https://blog.torproject.org/new-release-tor-browser-1409/>. Changelog: * All Platforms o Updated Tor to 0.4.8.16 o Bug tor-browser#43580 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43580>: Backport tor-browser#43443: Drop effective top level domain for |au.securedrop.tor.onion| o Bug tor-browser#43584 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43584>: Rebase Tor Browser stable onto 128.9.0esr o Bug tor-browser#43601 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43601>: Backport security fixes from Firefox 137 * Windows + macOS + Linux o Updated Firefox to 128.9.0esr * macOS + Linux + Android o Bug tor-browser#43553 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43553>: Backport tor-browser#43504: Implement User Survey UX (Desktop) * Android o Updated GeckoView to 128.9.0esr o Bug tor-browser#43552 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43552>: Backport tor-browser#43505: Impement User Survey UX (Android) o Bug tor-browser#43578 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43578>: Backport tor-browser#43556: Add the "Dismiss" translations in the survey banner * Build System o All Platforms + Updated Go to 1.22.12 + Bug tor-browser-build#41407 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Use Lyrebird also for the Snowflake PT + Bug tor-browser-build#41420 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update the changelog script for label updates o Windows + macOS + Linux + Bug tor-browser-build#41378 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Backport Bug 41363: Make separate update_responses commit for each platform o macOS + Linux + Android + Bug tor-browser-build#41375 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Backport Bug 41374+40799: Remove support for migrate_archs and migrate_langs in update_responses + Remove legacy locale iteration in update-responses and dmg2mar + Bug tor-browser-build#41383 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Add clairehurst to list of accepted firefox/geckoview signers + Bug tor-browser-build#41384 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: OpenSSL hash files have changed format + Bug tor-browser-build#41399 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Update snowflake to 2.11.0 and lyrebird to 0.6.0 + Bug tor-browser-build#41378 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Backport Bug 41363: Make separate update_responses commit for each platform o Linux + Bug tor-browser-build#41337 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Remove libstdc++ from Linux tor-expert-bundle o Android + Bug tor-browser-build#41410 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…>: Use the Lyrebird name on Android -- ma1

1 0