Greetings,

We just release the second alpha of the 0.4.9.x series.

https://forum.torproject.org/t/alpha-release-0-4-9-2-alpha/18206

Here it the rather large ChangeLog.

Cheers! David

Changes in version 0.4.9.2-alpha - 2025-04-02 This is the second alpha of the 0.4.9.x series. We have several new minor features and a big one, the happy families that was long awaited by relay operators. This release also fixes a number of bugs including major ones.

o Major feature (happy families): - Clients and relays now support "happy families", a system to simplify relay family operation and improve directory performance. With "happy families", relays in a family shares a secret "family key", which they use to prove their membership in the family. Implements proposal 321; closes ticket 41009. Note that until enough clients are upgraded, relay operators will still need to configure MyFamily lists. But once clients no longer depend on those lists, we will be able to remove them entirely, thereby simplifying family operation, and making microdescriptor downloads approximately 80% smaller. For more information, see https://community.torproject.org/relay/setup/post-install/family-ids/

o Major features (client): - Clients now respect "happy families" per proposal 321. This feature will eventually allow a much more compact representation for relay families, for a significant savings in directory download size.

o Minor feature (onion service, control port): - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst from torrc.

o Minor feature (testing, CI): - Use a fixed version of chutney (be881a1e) instead of its current HEAD. This version should also be preferred when testing locally.

o Minor features (compilation): - Fix a warning when compiling with GCC 14.2. Closes 41032.

o Minor features (continuous integration): - Upgrade CI runners to use Debian Bookworm instead of Bullseye. Closes ticket 41029.

o Minor features (fallbackdir): - Regenerate fallback directories generated on February 05, 2025. - Regenerate fallback directories generated on March 20, 2025.

o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/02/05. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/20. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/24.

o Minor features (recommended protocols): - Directory authorities now vote to recommend that clients support certain protocols beyond those that are required. These include improved support for connecting to relays on IPv6, NtorV3, and congestion control. Part of ticket 40836.

o Minor features (required protocols): - Directory authorities now vote to require clients to support the authenticated SENDME feature, which was introduced in 0.4.1.1-alpha. Part of ticket 40836. - Directory authorities now vote to require relays to support certain protocols, all of which have been implemented since 0.4.7.4-alpha or earlier. These include improved support for connecting to relays on IPv6, NtorV3, running as a rate-limited introduction point, authenticated SENDMEs, and congestion control. Part of ticket 40836.

o Major bugfix (control-events, bw-cache): - Fixes spikes occurring in bandwidth cache on control connection. Fixes bug 31524; bugfix on 0.4.8.12-dev.

o Major bugfixes (conflux): - Ensure conflux guards obey family and subnet restrictions. Fixes bug 40976; bugfix on 0.4.8.13.

o Major bugfixes (onion service directory cache): - When the OOM killer kicks in, cleanup the descriptor cache of an HSDir by looking at the lowest downloaded count instead of time in cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.

o Minor bugfix (client DNS): - Handle empty DNS reply without sending back an error and instead send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;

o Minor bugfix (conflux): - Avoid a non fatal assert when describing a conflux circuit on the control port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15.

o Minor bugfix (dirauth): - Fix typo in flag assignment approved-routers file. Fixes bug 41035; bugfix on 0.4.8.15

o Minor bugfixes (control port): - Correctly report conflux pair information to controller fields Fixes bug 40872; bugfix on 0.4.8.1-alpha

o Minor bugfixes (directory authorities): - After we added layer-two vanguards, directory authorities wouldn't think any of their vanguards were suitable for circuits, leading to a "Failed to find node for hop #2 of our path. Discarding this circuit." log message once per second from startup until they made a fresh consensus. Now they look to their existing consensus on startup, letting them build circuits properly from the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha.

o Minor bugfixes (relay flag usage): - Fix client usage of the MiddleOnly flag so that MiddleOnly relays are not used as HS IP or RP by clients or services. Additionally, give dirauths the ability to remove specific flags, as an alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha

o Minor bugfixes (sandbox, bwauth): - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on 0.2.2.1-alpha

o Minor bugfixes (tests): - Fix a test failure with OpenSSL builds running at security level 1 or greater, which does not permit SHA-1 certificates. (Fixes bug 41021; bugfix on 0.2.8.1-alpha.)

o Minor bugfixes (threads, memory): - Improvements in cleanup of resources used by threads. Fixes bug 40991; bugfix on 0.4.8.13-dev. - Rework start and exit of worker threads.

o Removed features: - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" authentication method, which used a dangerously short RSA key, and which required access TLS session internals. The current method ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. Closes ticket 41020.