Hello!
We are happy to announce the first Tor Browser 9.5.1 release candidate
for wider testing. Packages can be found at:
https://people.torproject.org/~gk/builds/9.5.1-build2/
Tor Browser 9.5.1 contains important security patches, and minor bug
fixes.
The full changelog since Tor Browser 9.5 is:
Tor Browser 9.5.1 -- June 30 2020
* All Platforms
* Update Firefox to 68.10.0esr
* Update NoScript to 11.0.32
* Translations update
* Bug 40009: Improve tor's client auth stability
* Windows + OS X + Linux
* Bug 34361: "Prioritize .onion sites when known" appears under General
* Bug 34362: Improve Onion Service Authentication prompt
* Bug 34369: Fix learn more link in Onion Auth prompt
* Bug 34379: Fix learn more for Onion-Location
* Bug 34347: The Tor Network part on the onboarding is not new anymore
Please let us know if you discover any issues with this build.
Thanks,
Matt
Hello!
We are happy to announce the first Tor Browser 9.5 release candidate
for wider testing. Packages can be found at:
https://people.torproject.org/~gk/builds/9.5-build2/
Tor Browser 9.5 is a very exciting update as it is the first stable
release of the 9.5 series.
The full changelog since Tor Browser 9.0.10 is:
* All Platforms
* Update Firefox to 68.9.0esr
* Update HTTPS-Everywhere to 2020.5.20
* Update NoScript to 11.0.26
* Update Tor to 0.4.3.5
* Translations update
* Bug 21549: Disable wasm for now until it is properly audited
* Bug 27268: Preferences clean-up in Torbutton code
* Bug 28745: Remove torbutton.js unused code
* Bug 28746: Remove torbutton isolation and fp prefs sync
* Bug 30237: Control port module improvements for v3 client authentication
* Bug 30786: Add th locale
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 30851: Move default preferences to 000-tor-browser.js
* Bug 30888: move torbutton_util.js to modules/utils.js
* Bug 31134: Govern graphite again by security settings
* Bug 31395: Remove inline script in aboutTor.xhtml
* Bug 31499: Update libevent to 2.1.11-stable
* Bug 33877: Disable Samples and Regression tests For Libevent Build
* Bug 31573: Catch SessionStore.jsm exception
* Bug 32318: Backport Mozilla's fix for bug 1534339
* Bug 32414: Make Services.search.addEngine obey FPI
* Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
* Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
* Bug 33342: Avoid disconnect search addon error after removal
* Bug 33726: Fix patch for #23247: Communicating security expectations for .onion
* Bug 34157: Backport fix for Mozilla Bug 1511941
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.21.8
* Translations update
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 30237: Add v3 onion services client authentication prompt
* Bug 30786: Add th locale
* Bug 30787: Add lt locale
* Bug 30788: Add ms locale
* Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
* Bug 19251: Show improved error pages for onion service errors
* Bug 19757: Support on-disk storage of v3 client auth keys
* Bug 21952: Implement Onion-Location
* Bug 27604: Fix broken Tor Browser after moving it to a different directory
* Bug 28005: Implement .onion alias urlbar rewrites
* Bug 30237: Improve TBB UI of hidden service client authorization
* Bug 32076: Upgrade to goptlib v1.1.0
* Bug 32220: Improve the letterboxing experience
* Bug 32418: Allow updates to be disabled via an enterprise policy.
* Bug 32470: Backport fix for bug 1590538
* Bug 32645: Update URL bar onion indicators
* Bug 32658: Create a new MAR signing key
* Bug 32674: Point the about:tor "Get involved" link to the community portal
* Bug 32767: Remove Disconnect search
* Bug 33698: Update "About Tor Browser" links in Tor Browser
* Bug 33707: Swap out onion icon in circuit display with new one
* Bug 34032: Use Securedrop's Official https-everywhere ruleset
* Bug 34196: Update site info URL with the onion name
* Bug 34321: Add Learn More onboarding item
* Windows
* Bug 22919: Improve the random number generator for the boundaries in multipart/form-data
* Bug 29614: Use SHA-256 algorithm for Windows timestamping
* Bug 33113: Bump NSIS version to 3.05
* OS X
* Bug 32505: Tighten our rules in our entitlements file for macOS
* Linux
* Bug 34315: Avoid reading policies from /etc/firefox on Linux
* Android
* Bug 26529: Notify user about possible proxy-bypass before opening external app
* Bug 30767: Custom obfs4 bridge does not work on Tor Browser for Android
* Bug 32303: Obfs4 is broken on Android Q
* Bug 33359: Use latest Version of TOPL and Remove Patches
* Bug 33931: obfs4 bridges are used instead of meek if meek is selected in Tor Browser for Android alpha
* Build System
* All Platforms
* Go to 1.13.11
* Bug 33380: Add *.json to sha256sums-unsigned-build.txt
* Windows
* Bug 33802: --enable-secure-api is not supported anymore in mingw-w64
* Linux
* Bug 32976: Build and bundle geckodriver
* Bug 34242: Fix creation of Linux containers
* Android
* Bug 28765: LibEvent Build for Android
* Bug 28766: Tor Build for Android
* Bug 28803: Integrate building Pluggable Transports for Android
* Bug 30461: Clean up tor-android-service project
* Bug 32993: Package Tor With Tor Android Service Project
* Bug 33685: Add Support for Building zlib for Android
Thanks,
Matt
Hello!
We are happy to announce the first Tor Browser 9.0.10 release candidate
for wider testing. Packages can be found at:
https://people.torproject.org/~gk/builds/9.0.10-build1/
Tor Browser 9.0.10 is not a very exciting update, but it contains
important security patches.
The full changelog since Tor Browser 9.0.9 is:
Tor Browser 9.0.10 -- May 5 2020
* All Platforms
* Update Firefox to 68.8.0esr
* Bump NoScript to 11.0.25
* Windows + OS X + Linux
* Bug 34017: Bump openssl version to 1.1.1g
Thanks,
Matt
Hello!
This list has been quiet for some time. We are happy to announce the
first Tor Browser 9.0.7 release candidate for wider testing. Packages
can be found at
https://people.torproject.org/~sysrqb/builds/9.0.7-build1/
Tor Browser 9.0.7 contains updates to a number of its components. Above
all, it includes Tor 0.4.2.7 which contains important security fixes. In
addition, on the Safest security level, javascript is now disabled for
the entire browser. Along with NoScript 11.0.19, this mitigates a bug in
Firefox that allowed Javascript execution on Safest. Javascript may be
enabled while using the Safest security level by enabling the
`javascript.enabled` preference in `about:config` and then modifying
NoScript's settings, as usual.
The full changelog since Tor Browser 9.0.6 is:
Tor Browser 9.0.7 -- March 20 2020
* All Platforms
* Bump NoScript to 11.0.19
* Bug 33613: Disable Javascript on Safest security level
* Windows + OS X + Linux
* Bump Tor to 0.4.2.7
Hello!
We are happy to announce that Tor Browser 9.0.2 is ready for testing.
Bundles can be found at
https://people.torproject.org/~gk/builds/9.0.2-build2/
This new stable release is picking up security fixes for Firefox
68.3.0esr and updating our external extensions (NoScript and HTTPS
Everywhere) to their latest versions.
Apart from backports for patches that already landed in alpha releases
and fixed both an error in our circuit display and improved our
letterboxing support Tor Browser 9.0.2 provides properly localized
Android bundles again as well.
The full changelog since Tor Browser 9.0.1 is
Tor Browser 9.0.2 -- December 3 2019
* All Platforms
* Update Firefox to 68.3.0esr
* Bump NoScript to 11.0.9
* Bug 32362: NoScript TRUSTED setting doesn't work
* Bug 32429: Issues with about:blank and NoScript on .onion sites
* Bump HTTPS Everywhere to 2019.11.7
* Bug 27268: Preferences clean-up in Torbutton code
* Translations update
* Windows + OS X + Linux
* Bug 32125: Fix circuit display for bridge without a fingerprint
* Bug 32250: Backport enhanced letterboxing support (bug 1546832 and
1556017)
* Windows
* Bug 31989: Backport backout of old mingw-gcc patch
* Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
* Android
* Bug 32365: Localization is broken in Tor Browser 9 on Android
* Build System
* All Platforms
* Bug 32413: Bump Go version to 1.12.13
Georg
Hello!
We are pleased to announce that Tor Browser 9.0 is ready for testing.
Bundles can be found at
https://people.torproject.org/~gk/builds/9.0-build2/
Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and
contains a number of updates to other components as well (including Tor
to 0.4.1.6 and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5
for Android).
Besides all the patch rebasing and toolchain updates, which we needed to
do, we managed to make progress on three longstanding topics:
1) Consolidating our toolbar: We removed the onion button from the
toolbar and exposed a New Identity button instead to make this important
feature easier to access.
2) Better integration of Torbutton and Tor Launcher: Both extensions are
now tightly integrated into Tor Browser which results in them not
showing up anymore on the about:addons page. Moreover, we used the
opportunity to redesign the bridge and proxy configuration dialogs and
include them directly into the browser's preference settings now. They
are easier to access on about:preferences#tor compared to some submenu
behind the onion button.
3) Better localization support: Besides fixing bugs in our currently
shipped localized bundles (ar and ko come to mind here) we managed to
provide Tor Browser in two more locales, Macedonian (mk) and Romanian
(ro), after a lengthy period of testing and ironing out issues in our
alpha series. Many thanks to everyone who helped with that, in
particular to our translators.
The full changelog since Tor Browser 8.5.6 is
Tor Browser 9.0 -- October 22 2019
* All Platforms
* Update Firefox to 68.2.0esr
* Bug 31740: Remove some unnecessary RemoteSettings instances
* Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
* Bug 28196: about:preferences is not properly translated anymore
* Bug 19417: Disable asmjs on safer and safest security levels
* Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
* Bug 31935: Disable profile downgrade protection
* Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
* Bug 31602: Remove Pocket indicators in UI and disable it
* Bug 31914: Fix eslint linter error
* Bug 30429: Rebase patches for Firefox 68 ESR
* Bug 31144: Review network code changes for Firefox 68 ESR
* Bug 10760: Integrate Torbutton into Tor Browser directly
* Bug 25856: Remove XUL overlays from Torbutton
* Bug 31322: Fix about:tor assertion failure debug builds
* Bug 29430: Add support for meek_lite bridges to bridgeParser
* Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
* Bug 30683: Prevent detection of locale via some *.properties
* Bug 31298: Backport patch for #24056
* Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
* Bug 27601: Browser notifications are not working anymore
* Bug 30845: Make sure internal extensions are enabled
* Bug 28896: Enable extensions in private browsing by default
* Bug 31563: Reload search extensions if extensions.enabledScopes has
changed
* Bug 31396: Fix communication with NoScript for security settings
* Bug 31142: Fix crash of tab and messing with about:newtab
* Bug 29049: Backport JS Poison Patch
* Bug 25214: Canvas data extraction on locale pdf file should be allowed
* Bug 30657: Locale is leaked via title of link tag on non-html page
* Bug 31015: Disabling SVG hides UI icons in extensions
* Bug 30681: Set security.enterprise_roots.enabled to false
* Bug 30538: Unable to comment on The Independent Newspaper
* Bug 31209: View PDF in Tor Browser is fuzzy
* Translations update
* Windows + OS X + Linux
* Update Tor to 0.4.1.6
* Update OpenSSL to 1.1.1d
* Bug 31844: OpenSSL 1.1.1d fails to compile for some
platforms/architectures
* Update Tor Launcher to 0.2.20.1
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 32154: Custom bridge field only allows one line of input
* Bug 31286: New strings for about:preferences#tor
* Bug 31303: Do not launch tor in browser toolbox
* Bug 32112: Fix bad & escaping in translations
* Bug 31491: Clean up the old meek http helper browser profiles
* Bug 29197: Remove use of overlays
* Bug 31300: Modify Tor Launcher so it is compatible with ESR68
* Bug 31487: Modify moat client code so it is compatible with ESR68
* Bug 31488: Moat: support a comma-separated list of transports
* Bug 30468: Add mk locale
* Bug 30469: Add ro locale
* Bug 30319: Remove FTE bits
* Translations update
* Bug 32092: Fix Tor Browser Support link in preferences
* Bug 32111: Fixed issue parsing user-provided bridge strings
* Bug 31749: Fix security level panel spawning events
* Bug 31920: Fix Security Level panel when its toolbar button moves
to overflow
* Bug 31748+31961: Fix 'Learn More' links in Security Level
preferences and panel
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 31059: Enable Letterboxing
* Bug 30468: Add mk locale
* Bug 30469: Add ro locale
* Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
* Bug 31251: Security Level button UI polish
* Bug 31344: Register SecurityLevelPreference's 'unload' callback
* Bug 31286: Provide network settings on about:preferences#tor
* Bug 31886: Fix ko bundle bustage
* Bug 31768: Update onboarding for Tor Browser 9
* Bug 27511: Add new identity button to toolbar
* Bug 31778: Support dark-theme for the Circuit Display UI
* Bug 31910: Replace meek_lite with meek in circuit display
* Bug 30504: Deal with New Identity related browser console errors
* Bug 31929: Don't escape DTD entity in ar
* Bug 31747: Some onboarding UI is always shown in English
* Bug 32041: Replace = with real hamburguer icon ≡
* Bug 30304: Browser locale can be obtained via DTD strings
* Bug 31065: Set network.proxy.allow_hijacking_localhost to true
* Bug 24653: Merge securityLevel.properties into torbutton.dtd
* Bug 31164: Set up default bridge at Karlstad University
* Bug 15563: Disable ServiceWorkers on all platforms
* Bug 31598: Disable warning on window resize if letterboxing is enabled
* Bug 31562: Fix circuit display for error pages
* Bug 31575: Firefox is phoning home during start-up
* Bug 31491: Clean up the old meek http helper browser profiles
* Bug 26345: Hide tracking protection UI
* Bug 31601: Disable recommended extensions again
* Bug 30662: Don't show Firefox Home when opening new tabs
* Bug 31457: Disable per-installation profiles
* Bug 28822: Re-implement desktop onboarding for ESR 68
* Windows
* Bug 31942: Re-enable signature check for language packs
* Bug 29013: Enable stack protection for Firefox on Windows
* Bug 30800: ftp:// on Windows can be used to leak the system time zone
* Bug 31547: Back out patch for Mozilla's bug 1574980
* Bug 31141: Fix typo in font.system.whitelist
* Bug 30319: Remove FTE bits
* OS X
* Bug 30126: Make Tor Browser compatible with macOS 10.15
* Bug 31607: App menu items stop working on macOS
* Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
* Bug 29818: Adapt #13379 patch for 68esr
* Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
* Linux
* Bug 31942: Re-enable signature check for language packs
* Bug 31646: Update abicheck to require newer libstdc++.so.6
* Bug 31968: Don't fail if /proc/cpuinfo is not readable
* Bug 24755: Stop using a heredoc in start-tor-browser
* Bug 31550: Put curly quotes inside single quotes
* Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop
* Bug 30319: Remove FTE bits
* Android
* Update Tor to 0.4.1.5
* Bug 31010: Rebase mobile patches for Fennec 68
* Bug 31010: Don't use addTrustedTab() on mobile
* Bug 30607: Support Tor Browser running on Android Q
* Bug 31192: Support x86_64 target on Android
* Bug 30380: Cancel dormant by startup
* Bug 30943: Show version number on mobile
* Bug 31720: Enable website suggestions in address bar
* Bug 31822: Security slider is not really visible on Android anymore
* Bug 24920: Only create Private tabs in permanent Private Browsing Mode
* Bug 31730: Revert aarch64-workaround against JIT-related crashes
* Bug 32097: Fix conflicts in mobile onboarding while rebasing to
68.2.0esr
* Build System
* All Platforms
* Bug 30585: Provide standalone clang 8 project across all platforms
* Bug 30376: Use Rust 1.34 for Tor Browser 9
* Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
* Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
* Bug 31621: Fix node bug that makes large writes to stdout fail
* Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
* Bug 31293: Make sure the lo interface inside the containers is up
* Bug 27493: Clean up mozconfig options
* Bug 31308: Sync mozconfig files used in tor-browser over to
tor-browser-build for esr68
* Windows
* Bug 29307: Use Stretch for cross-compiling for Windows
* Bug 29731: Remove faketime for Windows builds
* Bug 30322: Windows toolchain update for Firefox 68 ESR
* Bug 28716: Create mingw-w64-clang toolchain
* Bug 28238: Adapt firefox and fxc2 projects for Windows builds
* Bug 28716: Optionally omit timestamp in PE header
* Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
* Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
* Bug 9898: Provide clean fix for strcmpi issue in NSPR
* Bug 29013: Enable stack protection support for Firefox on Windows
* Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
* Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
* Bug 31584: Clean up mingw-w64 project
* Bug 31596: Bump mingw-w64 version to pick up fix for #31567
* Bug 29187: Bump NSIS version to 3.04
* Bug 31732: Windows nightly builds are busted due to mingw-w64
commit bump
* Bug 29319: Remove FTE support for Windows
* OS X
* Bug 30323: MacOS toolchain update for Firefox 68 ESR
* Bug 31467: Switch to clang for cctools project
* Bug 31465: Adapt tor-browser-build projects for macOS notarization
* Linux
* Bug 31448: gold and lld break linking 32bit Linux bundles
* Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
* Bug 31450: Still use GCC for our ASan builds
* Bug 30321: Linux toolchain update for Firefox ESR 68
* Bug 30736: Install yasm from wheezy-backports
* Bug 31447: Don't install Python just for Mach
* Bug 30448: Strip Browser/gtk2/libmozgtk.so
* Android
* Bug 30324: Android toolchain update for Fennec 68
* Bug 31173: Update android-toolchain project to match Firefox
* Bug 31389: Update Android Firefox to build with Clang
* Bug 31388: Update Rust project for Android
* Bug 30665: Get Firefox 68 ESR working with latest android toolchain
* Bug 30460: Update TOPL project to use Firefox 68 toolchain
* Bug 30461: Update tor-android-service project to use Firefox 68
toolchain
* Bug 28753: Use Gradle with --offline when building the browser part
* Bug 31564: Make Android bundles based on ESR 68 reproducible
* Bug 31981: Remove require-api.patch
* Bug 31979: TOPL: Sort dependency list
* Bug 30665: Remove unnecessary build patches for Firefox
Georg
Hello!
We are happy to announce the first release candidate for the upcoming
Tor Browser 9.0a4. Bundles can be found at
https://people.torproject.org/~boklm/builds/9.0a4-build1/
Tor Browser 9.0a4 contains updates to a number of bundle parts, most
importantly Firefox (60.8.0esr) and Tor (0.4.1.3-alpha).
In our ongoing efforts to reach more users with Tor Browser we include
native macedonian bundles for the first time and ship Tor Browser for
the aarch64 architecture on mobile. And, finally, we have implemented
fixes for accessibility support on Windows systems (big thanks to
Richard Pospesel for the hard work here), which now deserve a wider testing.
Similar to the stable series we include a fundraising banner to help us
getting more donations. Please donate if you can!
The full changelog since 9.0a3 is
Tor Browser 9.0a4 -- July 9 2019
* All platforms
* Update Firefox to 60.8.0esr
* Update Torbutton to 2.2.1
* Bug 30577: Add Fundraising Banner
* Bug 31041: Stop syncing network.cookie.lifetimePolicy
* Bug 30468: Add mk locale
* Translations update
* Update Tor Launcher to 0.2.19.2
* Bug 30468: Add mk locale
* Translations update
* Update HTTPS Everywhere to 2019.6.27
* Bug 31055+31058: Remove four default bridges
* Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
* Windows + OS X + Linux
* Update Tor to 0.4.1.3-alpha
* Bug 30468: Add mk locale
* Bug 31059: Enable Letterboxing
* Windows
* Bug 27503: Provide full support for accessibility tools
* Bug 30575: Don't allow enterprise policies in Tor Browser
* OS X
* Bug 30631: Blurry Tor Browser icon on macOS app switcher
* Android
* Bug 28119: Tor Browser for aarch64
* Bug 30573: Sanitize old tabs and wait for tor before opening new tabs
Georg
Hi!
We are happy to announce the first Tor Browser 8.5.4 release candidate
for wider testing. Bundles can be found at
https://people.torproject.org/~gk/builds/8.5.4-build2/
Tor Browser 8.5.4 contains updates to a number of its components. Above
all, we include Firefox 60.8.0esr which contains important security
fixes. Moreover, after some testing in the alpha series, we start
shipping Tor 0.4.0.5 and update OpenSSL to 1.0.2s for the desktop platforms.
Finally, we add a fundraising banner to help us getting more donations.
Please donate if you can!
The full changelog since Tor Browser 8.5.3 is:
Tor Browser 8.5.4 -- July 9 2019
* All platforms
* Update Firefox to 60.8.0esr
* Update Torbutton to 2.1.12
* Bug 30577: Add Fundraising Banner
* Bug 31041: Stop syncing network.cookie.lifetimePolicy
* Translations update
* Update HTTPS Everywhere to 2019.6.27
* Bug 31055+31058: Remove four default bridges
* Bug 30712: Backport fix for Mozilla's bug 1552993
* Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
* Windows + OS X + Linux
* Update Tor to 0.4.0.5
* Update OpenSSL to 1.0.2s
* Bug 29045: Ensure that tor does not start up in dormant mode
* OS X
* Bug 30631: Blurry Tor Browser icon on macOS app switcher
