Tor Browser 9.0.2 is now available from the Tor Browser download page [1] and also from our distribution directory [2].
1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0.2/
This release features important security updates [3] to Firefox.
3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
This new stable release is picking up security fixes for Firefox 68.3.0esr and updating our external extensions (NoScript and HTTPS Everywhere) to their latest versions.
Apart from backports for patches that already landed in alpha releases and fixing an error in our circuit display and improving our letterboxing support, Tor Browser 9.0.2 provides properly localized Android bundles again as well.
_Reproducible Builds_
The issue with reproducible builds mentioned in the 9.0.1 blog post [4] is still present in this release. We however made progress on understanding the issue [5] and are getting closer to a fix.
4: https://blog.torproject.org/new-release-tor-browser-901 5: https://trac.torproject.org/projects/tor/ticket/32053
_ChangeLog_
The full changelog since Tor Browser 9.0.1 is:
* All Platforms * Update Firefox to 68.3.0esr * Bump NoScript to 11.0.9 * Bug 32362: NoScript TRUSTED setting doesn't work * Bug 32429: Issues with about:blank and NoScript on .onion sites * Bump HTTPS Everywhere to 2019.11.7 * Bug 27268: Preferences clean-up in Torbutton code * Translations update * Windows + OS X + Linux * Bug 32125: Fix circuit display for bridge without a fingerprint * Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017) * Windows * Bug 31989: Backport backout of old mingw-gcc patch * Bug 32616: Disable GetSecureOutputDirectoryPath() functionality * Android * Bug 32365: Localization is broken in Tor Browser 9 on Android * Build System * All Platforms * Bug 32413: Bump Go version to 1.12.13
tor-announce@lists.torproject.org