Greetings, We released today 0.4.9.5 stable release which is the first stable of the 0.4.9.x series. Here is the announcement https://forum.torproject.org/t/stable-release-0-4-9-5/21227 Worth noting that 0.4.8.x series is now on the deprecating path for the next months and so we strongly encourage to upgrade as soon as possible. The release notes below. Cheers! David Changes in version 0.4.9.5 - 2026-02-12 This first stable release in the 0.4.9 series introduces a new circuit-level encryption design for better client security, as well as a more scalable way for large relay operators to annotate which relays they run so clients can avoid using too many of them in a single circuit. o Major features (cryptography): - Clients and relays can now negotiate Counter Galois Onion (CGO) relay cryptography, as designed by Jean Paul Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO provides improved resistance to several kinds of tagging attacks, better forward secrecy, and better forgery resistance. Closes ticket 41047. Implements proposal 359. o Major features (path selection): - Clients and relays now support "happy families", a system to simplify relay family operation and improve directory performance. With "happy families", relays in a family share a secret "family key", which they use to prove their membership in the family. Implements proposal 321; closes ticket 41009. Note that until enough clients are upgraded, relay operators will still need to configure MyFamily lists. But once clients no longer depend on those lists, we will be able to remove them entirely, thereby simplifying family operation, and making microdescriptor downloads approximately 80% smaller. For more information, see https://community.torproject.org/relay/setup/post-install/family-ids/ o Major bugfixes (conflux): - Ensure conflux guards obey family and subnet restrictions. Fixes bug 40976; bugfix on 0.4.8.1-alpha. o Major bugfixes (controller events): - Fix spikes occurring in bandwidth cache events on control connection. Fixes bug 31524; bugfix on 0.0.9pre5. o Major bugfixes (sandbox): - Fix sandbox to work on architectures that use Linux's generic syscall interface, extending support for AArch64 (ARM64) and adding support for RISC-V, allowing test_include.sh and the sandbox unit tests to pass on these systems even when building with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix on 0.2.5.1-alpha. o Minor features (client security, reliability): - When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire the circuit based on when it was last in use for any stream, not (as we did before) based on when a stream was last attached to it. Closes ticket 41157. Implements a minimal version of Proposal 368. o Minor features (exit relays): - Implement reevaluating new exit policy against existing connections. This is controlled by new config option ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676. - Implement a token-bucket based rate limiter for stream creation and resolve request. It is configured by the DoSStream* family of configuration options. Closes ticket 40736. - Add Monero ports to the ReducedExitPolicy. Closes ticket 41168. o Minor features (bridges): - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128. o Minor features (client extensibility): - Implement new HTTPTunnelPort features for interoperability with Arti's HTTP CONNECT proxy. This work adds new headers to requests to and replies from the HttpConnectPort, support for OPTIONS requests, tightens the expected syntax for Proxy-Authorization, and increases defense-in-depth against some kinds of cross-site HTTP attacks. Closes ticket 41156. Implements proposal 365. - Detect invalid SOCKS5 username/password combinations according to new extended parameters syntax. (Currently, this rejects any SOCKS5 username beginning with "<torS0X>", except for the username "<torS0X>0". Such usernames are now reserved to communicate additional parameters with other Tor implementations.) Implements proposal 351. o Minor features (sandboxing): - Allow the fstatat64 and statx syscalls on i386 architecture when glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat for stat operations, and statx for time64 support. Without this, SIGHUP configuration reload fails when using sandbox mode with %include directives on i386 with Debian Bookworm or newer. - Allow the lstat64 syscall on i386 architecture. This syscall is used by glob() in glibc 2.36+ when processing %include directives with directory patterns. o Minor features (security): - Increase the size of our finite-field Diffie Hellman TLS group (which we should never actually use!) to 2048 bits. Part of ticket 41067. - Require TLS version 1.2 or later. (Version 1.3 support will be required in the near future.) Part of ticket 41067. - Update TLS 1.2 client cipher list to match current Firefox. Part of ticket 41067. - Verify needle is smaller than haystack before calling memmem. Closes ticket 40854. o Minor features (onion services): - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst from torrc. - Reduce the minimum value of hsdir_interval to match recent tor- spec change. o Minor feature (directory authority): - Introduce MinimalAcceptedServerVersion to allow configuring the minimum accepted relay version without requiring a new tor release. Closes ticket 40817. o Minor features (metrics port): - New metrics on the MetricsPort for the number of BUG() calls that occurred at runtime. Fixes bugs 40839 and 41104; bugfix on 0.4.7.1-alpha. - Handle rephist tracking of ntor and ntor_v3 handshakes individually such that MetricsPort exposes the correct values. Fixes bug 40638; bugfix on 0.4.7.11. - Add new metrics for relays on the MetricsPort namely the count of drop cell, destroy cell and the number of circuit protocol violation seen that lead to a circuit close. Closes ticket 40816. o Minor features (forward-compatibility): - We now correctly parse microdescriptors and router descriptors that do not include TAP onion keys. (For backward compatibility, authorities continue to require these keys.) Implements part of proposal 350. o Minor features (portability, android): - Use /data/local/tmp for data storage on Android by default. Closes ticket 40487. Patch from Hans-Christoph Steiner. o Minor features (directory authority): - Export unsigned consensus documents once we have seen a threshold of signatures, as a step toward the consensus transparency experiment. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 12, 2026. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2026/02/12. o Minor features (windows): - Various compilation fixes for our Windows CI. Closes ticket 41214. o Minor bugfixes (exit relays): - Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha. o Minor bugfixes (spec conformance): - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH messages. Previously, it was always set to the maximum value. Fixes bug 41056; bugfix on 0.4.8.1-alpha. - Do not treat "15" as a recognized remote END reason code. Formerly, we treated it as synonymous with a local ENTRYPOLICY, which isn't a valid remote code at all. Fixes bug 41171; bugfix on 0.2.0.8-alpha. o Minor bugfixes (tooling): - Fix a false positive valgrind related to inspecting a bitfield next to another uninitialized bitfield. Fixes bug 41182; bugfix on 0.3.3.2-alpha. - Fix minor warnings from newer versions of shellcheck and clang. Fixes bug 41166; bugfix on 0.4.3.1-alpha and several other versions. - Fix a warning when compiling with GCC 14.2. Closes 41032. o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17. o Minor bugfix (client DNS): - Handle empty DNS reply without sending back an error and instead send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248; bugfix on 0.3.5.1-alpha. o Minor bugfixes (directory authorities): - After we added layer-two vanguards, directory authorities wouldn't think any of their vanguards were suitable for circuits, leading to a "Failed to find node for hop #2 of our path. Discarding this circuit." log message once per second from startup until they made a fresh consensus. Now they look to their existing consensus on startup, letting them build circuits properly from the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha. o Minor bugfixes (tests): - Fix a test failure with OpenSSL builds running at security level 1 or greater, which does not permit SHA-1 certificates. Fixes bug 41021; bugfix on 0.2.8.1-alpha. o Minor bugfixes (bridges): - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc. o Minor bugfixes (conflux, client): - Avoid a non fatal assert caused by data coming in on a conflux set that is being freed during shutdown. Fixes bug 40870; bugfix on 0.4.8.1-alpha. o Minor bugfixes (testing network): - Enabling TestingTorNetwork no longer forces fast hidden service intro point rotation. This reduces noise and errors when using hidden services with TestingTorNetwork enabled. Fixes bug 40922; bugfix on 0.3.2.1-alpha. o Minor bugfixes (relay): - Refuse to overwrite an existing *.secret_family_key when running tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha. o New system requirements: - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. Part of ticket 41059. - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. (We strongly recommend 3.0 or later, but still build with 1.1.1, even though it is not supported by the OpenSSL team, due to its presence in Debian oldstable.) Part of ticket 41059. o Removed features (relays): - Relays no longer support clients that falsely advertise TLS ciphers they don't really support. (Clients have not done this since 0.2.3.17-beta). Part of ticket 41031. - Relays no longer support clients that require obsolete v1 and v2 link handshakes. (The v3 link handshake has been supported since 0.2.3.6-alpha). Part of ticket 41031. - Relays no longer support the obsolete TAP circuit extension protocol. (For backward compatibility, however, relays still continue to include TAP keys in their descriptors.) Implements part of proposal 350. - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" authentication method, which used a dangerously short RSA key, and which required access TLS session internals. The current method ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. Closes ticket 41020. o Removed features (directory authorities): - Directory authorities no longer support consensus methods before method 32. Closes ticket 40835. - We include a new consensus method that removes support for computing "package" lines in consensus documents. This feature was never used, and support for including it in our votes was removed in 0.4.2.1-alpha. Finishes implementation of proposal 301. -- Ujvy1BFy+gzTuzkFTukHT4RrTnibOfMATpJQdf4zo7k=