Greetings!
Sorry for the short notice but we had to act fast on this one. Either today or tomorrow, we'll release 0.4.7.8 with an important security fix. This is tracked with TROVE-2022-001[0] and at the moment considered "High" severity.
We won't disclose just yet the nature of the issue but we believe it can easily be exploited remotely for all tor network components (service, client, relay, authority) hence the choice of severity.
Once the new version is released, we will recommend everyone on the 0.4.7.x series to upgrade immediately including Tor Browser.
It is unknown if this vulnerability is being exploited in the wild but we know it is being triggered (intentionally or not) on the network at the moment.
We'll be releasing more information about this issue after the release.
Thank you all for your precious work and help! David
[0] https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE