Greetings, There are new security releases today. You can find these releases in the usual place at https://dist.torproject.org. Make sure (as usual) to check the signatures: my key is available at key.cgi?fingerprint=2133BC600AB133E1D826D173FE43009C4607B1FB Security issue is as follow: o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. For complete ChangeLog for each release, see: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.16 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.5.10 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.6.7 For the ReleaseNotes for the 0.4.6.x series as a whole, see: https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=tor-0.4.6.7 Cheers! David -- lMYBijO9FpmEGKJmZQ6s/yKCHF60TEF+oFM4trwRvVk=