Hi, friends!
There's a new alpha release out today: Tor 0.4.5.1-alpha. The website hasn't updated yet, but you can find the source at the usual place on https://dist.torproject.org/ .
Note that I've updated my pgp key with a new expiration date: you may need to refresh it from the keyservers if it seems to be expired.
Here is a changelog for this release: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.5.1-alpha
Please note that this release has a fix for a medium-severity issue, TROVE-2020-005.
The impact of this security issue is that if an adversary steals or factors a relay's RSA legacy identity key without stealing its Ed25519 identity key, there is a timing-dependent active attack that the attacker could use to mis-route a small number of circuits through a TLS connection under the attacker's control. (The attacker could not use this to read traffic; only to observe traffic patterns.)
We're going to backport this fix, and others, to the supported stable release series in the next week or so, so it would be great to have testing on 0.4.5.1-alpha in the meantime.
all best wishes,,