Greetings, We just released 0.4.8.18 stable and 0.4.9.3-alpha: https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3... Here is the ChangeLog for both. Cheers! Changes in version 0.4.9.3-alpha - 2025-09-16 This is the third alpha release and likely the last before going stable. This release contains the new CGO circuit encryption. See proposal 359 for more details. Several TLS minor fixes which will strengthen the link security. o New system requirements: - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. Part of ticket 41059. - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. (We strongly recommend 3.0 or later, but still build with 1.1.1, even though it is not supported by the OpenSSL team, due to its presence in Debian oldstable.) Part of ticket 41059. o Major features (cell format): - Tor now has (unused) internal support to encode and decode relay messages in the new format required by our newer CGO encryption algorithm. Closes ticket 41051. Part of proposal 359. o Major features (cryptography): - Clients and relays can now negotiate Counter Galois Onion (CGO) relay cryptography, as designed by Jean Paul Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO provides improved resistance to several kinds of tagging attacks, better forward secrecy, and better forgery resistance. Closes ticket 41047. Implements proposal 359. o Major bugfixes (onion service directory cache): - Preserve the download counter of an onion service descriptor across descriptor uploads, so that recently updated descriptors don't get pruned if there is memory pressure soon after update. Additionally, create a separate torrc option MaxHSDirCacheBytes that defaults to the former 20% of MaxMemInQueues threshold, but can be controlled by relay operators under DoS. Also enforce this theshold during HSDir uploads. Fixes bug 41006; bugfix on 0.4.8.14. o Minor features (security): - Increase the size of our finite-field Diffie Hellman TLS group (which we should never actually use!) to 2048 bits. Part of ticket 41067. - Require TLS version 1.2 or later. (Version 1.3 support will be required in the near future.) Part of ticket 41067. - Update TLS 1.2 client cipher list to match current Firefox. Part of ticket 41067. o Minor features (security, TLS): - When we are running with OpenSSL 3.5.0 or later, support using the ML-KEM768 for post-quantum key agreement. Closes ticket 41041. o Minor feature (client, TLS): - Set the TLS 1.3 cipher list instead of falling back on the default value. o Minor feature (padding, logging): - Reduce the amount of messages being logged related to channel padding timeout when log level is "notice". o Minor features (bridges): - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128. o Minor features (fallbackdir): - Regenerate fallback directories generated on September 16, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/09/16. o Minor features (hidden services): - Reduce the minimum value of hsdir_interval to match recent tor- spec change. o Minor features (hsdesc POW): - Tolerate multiple PoW schemes in onion service descriptors, for future extensibility. Implements torspec ticket 272. o Minor features (performance TLS): - When running with with OpenSSL 3.0.0 or later, support using X25519 for TLS key agreement. (This should slightly improve performance for TLS session establishment.) o Minor features (portability): - Fix warnings when compiling with GCC 15. Closes ticket 41079. o Minor bugfix (conflux): - Remove the pending nonce if we realize that the nonce of the unlinked circuit is not tracked anymore. Should avoid the non fatal assert triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfixes (bridges, pluggable transport): - Fix a bug causing the initial tor process to hang intead of exiting with RunAsDaemon, when pluggable transports are used. Fixes bug 41088; bugfix on 0.4.9.1-alpha. o Minor bugfixes (circuit handling): - Prevent circuit_mark_for_close() from being called twice on the same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev. - Prevent circuit_mark_for_close() from being called twice on the same circuit. Second fix attempt Fixes bug 41106; bugfix on 0.4.8.17 o Minor bugfixes (compilation): - Fix linking on systems without a working stdatomic.h. Fixes bug 41076; bugfix on 0.4.9.1-alpha. o Minor bugfixes (compiler warnings): - Make sure the two bitfields in the half-closed edge struct are unsigned, as we're using them for boolean values and assign 1 to them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. o Minor bugfixes (logging, metrics port): - Count BUG statements for the MetricsPort only if they are warnings or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch contributed by shadowcoder. o Minor bugfixes (protocol): - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH messages. Previously, it was always set to the maximum value. Fixes bug 41056; bugfix on 0.4.8.1-alpha. o Minor bugfixes (relay): - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes bug 41043; bugfix on 0.4.9.2-alpha. o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17-dev. o Removed features: - Relays no longer support clients that falsely advertise TLS ciphers they don't really support. (Clients have not done this since 0.2.3.17-beta). Part of ticket 41031. - Relays no longer support clients that require obsolete v1 and v2 link handshakes. (The v3 link handshake has been supported since 0.2.3.6-alpha). Part of ticket 41031. Changes in version 0.4.8.18 - 2025-09-16 This is a minor release with a major onion service directory cache (HSDir) bug fix. A series of minor bugfixes as well. As always, we strongly recommend to upgrade as soon as possible. o Major bugfixes (onion service directory cache): - Preserve the download counter of an onion service descriptor across descriptor uploads, so that recently updated descriptors don't get pruned if there is memory pressure soon after update. Additionally, create a separate torrc option MaxHSDirCacheBytes that defaults to the former 20% of MaxMemInQueues threshold, but can be controlled by relay operators under DoS. Also enforce this theshold during HSDir uploads. Fixes bug 41006; bugfix on 0.4.8.14. o Minor feature (padding, logging): - Reduce the amount of messages being logged related to channel padding timeout when log level is "notice". o Minor features (fallbackdir): - Regenerate fallback directories generated on September 16, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/09/16. o Minor bugfix (conflux): - Remove the pending nonce if we realize that the nonce of the unlinked circuit is not tracked anymore. Should avoid the non fatal assert triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfixes (circuit handling): - Prevent circuit_mark_for_close() from being called twice on the same circuit. Second fix attempt Fixes bug 41106; bugfix on 0.4.8.17 o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17-dev. -- 7foVekONn2ef4TNka+FUrpiKMgHwqW5UJwOt0iGfiXQ=