Hello!
We are happy to announce the first Tor Browser 8.5.1 release candidate
for wider testing. Bundles can be found at
https://people.torproject.org/~boklm/builds/8.5.1-build1/
Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims
at mostly fixing regressions and providing small improvements related to
our 8.5 release. Additionally, we disable the WebGL readPixel()
fingerprinting vector, realizing, though, that we need a more holistic
approach when trying to deal with the fingerprinting potential WebGL
comes with.
The full changelog since Tor Browser 8.5 is:
Tor Browser 8.5.1 -- June 4 2019
* All platforms
* Update Torbutton to 2.1.10
* Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update NoScript to 10.6.2
* Bug 29969: Remove workaround for Mozilla's bug 1532530
* Update HTTPS Everywhere to 2019.5.13
* Bug 30541: Disable WebGL readPixel() for web content
* Windows + OS X + Linux
* Bug 30560: Better match actual toolbar in onboarding toolbar graphic
* Android
* Bug 30635: Sync mobile default bridges list with desktop one
* Build System
* All platforms
* Bug 30480: Check that signed tag contains expected tag name
Georg
Hello!
In parallel to Tor Browser 8.5 we'll ship the first alpha in the 9.0
series, 9.0a1. Bundles for testing are up at:
https://people.torproject.org/~gk/builds/9.0a1-build1/
Apart from the many stability fixes for mobile (which made it into Tor
Browser 8.5 as well) this alpha comes with two major new features:
1) Tor Launcher is getting tighter integrated into the browser as a
preparation step for the switch to Firefox 68 ESR. That results in it
not showing up anymore on the about:addons page while still being
available (and we don't need to make a code-signing exception for it
either anymore, which is nice). See the underyling proposal for this
descision for full details.[1]
2) We backported Mozilla's Letterboxing feature[2] which allows us to
finally tackle the problem of not properly rounded screen dimensions in
case users start to maximize or otherwise resize the browser window.
Letterboxing is off by default for now, although we plan to enabled it
in one of the upcoming alpha releases. If you want to check it out and
report issues please add the `privacy.resistFingerprinting.letterboxing`
preference on about:config and set it to `true`. Many thanks to Tom
Ritter and anyone else at Mozilla who has been working on that problem
and designing the current approach.
The full changelog since 8.5a12 is:
Tor Browser 9.0a1 -- May 21 2019
* All platforms
* Update Firefox to 60.7.0esr
* Update Torbutton to 2.1.9
* Bug 30069: Use slider and about:tor localizations
* Bug 30115+27449+25145: Map browser + domain -> credentials to fix
UI issues
* Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
* Bug 30425: Revert armagadd-on-2.0 changes
* Bug 30497: Add Donate link to about:tor
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update HTTPS Everywhere to 2019.5.6.1
* Bug 24622: Proper first-party isolation of s3.amazonaws.com
* Bug 30425: Revert armagadd-on-2.0 changes
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.19
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 29627: Moat: add support for obfsproxy's meek_lite
* Bug 30139: Remove FTE bits
* Translations update
* Bug 28044: Integrate Tor Launcher into tor-browser
* Bug 30372: Backport letterboxing (bug 1538130)
* Bug 28369: Stop shipping pingsender executable
* Bug 30457: Remove defunct default bridges
* Bug 29045: Ensure that tor does not start up in dormant mode
* Bug 29641: Try to connect over IPv6 if needed
* Windows
* Bug 30319: Drop FTE releated bits
* Bug 29319: Remove FTE support for Windows
* OS X
* Bug 30241: Bump snowflake version to d11e55aabe
* Linux
* Bug 30319: Drop FTE releated bits
* Bug 30241: Bump snowflake version to d11e55aabe
* Android
* Bug 29982: Force single-pane UI on Tor Preferences
* Bug 30086: Prevent Sync-related crashes on Android
* Bug 30214: Kill background thread when Activity is null
* Bug 30239: Render Fragments after crash
* Bug 30136: Use 'Tor Browser' as brand name on mobile, too
* Bug 30069: Use slider and about:tor localizations
* Bug 30371: Stop hard-coding the content provider name in
tor-android-service
* Bug 30162: Tor Browser bootstrap process got stuck after
interrupting it
* Bug 30166: If specified, only use custom bridges for connecting
* Bug 30518: Add SocksPort flags for consistency across platforms
* Bug 30284: Fix broken start-up on KitKat devices
* Bug 30489: Remove Unused Resources from tor-android-service
* Build System
* Windows
* Bug 29307: Use Stretch for cross-compiling for Windows
* Bug 29731: Remove faketime for Windows builds
* Linux
* Bug 30377: Remove selfrando from our build system
* Bug 30448: Strip Browser/gtk2/libmozgtk.so
* Android
* Bug 29981: Add option to build without using containers
* Bug 30169: Switch to our tor-android-service repo
* Bug 30404: Remove Orbot Project
* Bug 30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Georg
[1]
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/102-integ…
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1407366
Hello!
After months of work we are happy to announce that a release candidate
for Tor Browser 8.5 is ready for testing. Bundles can be found at:
https://people.torproject.org/~boklm/builds/8.5-build2/
(Note: we plan to do a build3 soon to pick up last minute mobile fixes
and maybe some for Windows accessibility support, but otherwise those
bundles should match what we intend to ship if no blockers are found
during testing)
Among the many changes we made three ones are particularly worthy of
getting mentioned:
1) Tor Browser 8.5 is the first stable release that comes to Android.
During the past few months we worked to provide the protections users
already enjoying on desktop to the Android platform by making sure there
are no proxy bypasses, first-party isolation is working as expected and
most of the fingerprinting defenses are working. While there are still
feature gaps[1] between the desktop and mobile Tor Browser we are
confident that Tor Browser for Android provides essentially the same
protections that can be found on desktop platforms. Thanks to everyone
working on getting our mobile experience into shape, in particular to
Antonela, Matt, Igor, and Shane.
2) Our security slider is an important tool for Tor Browser users,
especially for those with particular security requirements. However, so
far it was hidden behind the Torbutton menu and hard to access. During
the Tor Browser 8.5 development period we revamped the experience
showing now the chosen security level on the toolbar and making
interactions with the slider easier. For the fully planned changes check
out proposal 101.[2]
3) We made Tor Browser 8.5 compatible with Firefox's Photon UI and
redesigned our logos and about:tor page across all the platforms we
support to provide the same look and feel and better accessibility.
All the changes made between Tor Browser 8.0.9 and 8.5 are:
Tor Browser 8.5 -- May 21 2019
* All platforms
* Update Firefox to 60.7.0esr
* Update Torbutton to 2.1.8
* Bug 25013: Integrate Torbutton into tor-browser for Android
* Bug 27111: Update about:tor desktop version to work on mobile
* Bug 22538+22513: Fix new circuit button for error pages
* Bug 25145: Update circuit display when back button is pressed
* Bug 27749: Opening about:config shows circuit from previous website
* Bug 30115: Map browser+domain to credentials to fix circuit display
* Bug 25702: Update Tor Browser icon to follow design guidelines
* Bug 21805: Add click-to-play button for WebGL
* Bug 28836: Links on about:tor are not clickable
* Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
* Bug 29825: Intelligently add new Security Level button to taskbar
* Bug 29903: No WebGL click-to-play on the standard security level
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 25658: Replace security slider with security level UI
* Bug 28628: Change onboarding Security panel to open new Security
Level panel
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 27478: Improved Torbutton icons for dark theme
* Bug 29239: Don't ship the Torbutton .xpi on mobile
* Bug 27484: Improve navigation within onboarding (strings)
* Bug 29768: Introduce new features to users (strings)
* Bug 28093: Update donation banner style to make it fit in small
screens
* Bug 28543: about:tor has scroll bar between widths 900px and 1000px
* Bug 28039: Enable dump() if log method is 0
* Bug 27701: Don't show App Blocker dialog on Android
* Bug 28187: Change tor circuit icon to torbutton.svg
* Bug 29943: Use locales in AB-CD scheme to match Mozilla
* Bug 26498: Add locale: es-AR
* Bug 28082: Add locales cs, el, hu, ka
* Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
* Bug 28075: Tone down missing SOCKS credential warning
* Bug 30425: Revert armagadd-on-2.0 changes
* Bug 30497: Add Donate link to about:tor
* Bug 30069: Use slider and about:tor localizations on mobile
* Bug 21263: Remove outdated information from the README
* Bug 28747: Remove NoScript (XPCOM) related unused code
* Translations update
* Code clean-up
* Update HTTPS Everywhere to 2019.5.6.1
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 29120: Enable media cache in memory
* Bug 24622: Proper first-party isolation of s3.amazonaws.com
* Bug 29082: Backport patches for bug 1469916
* Bug 28711: Backport patches for bug 1474659
* Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
* Bug 29028: Auto-decline most canvas warning prompts again
* Bug 27919: Backport SSL status API
* Bug 27597: Fix our debug builds
* Bug 28082: Add locales cs, el, hu, ka
* Bug 26498: Add locale: es-AR
* Bug 29916: Make sure enterprise policies are disabled
* Bug 29349: Remove network.http.spdy.* overrides from meek helper
user.js
* Bug 29327: TypeError: hostName is null on about:tor page
* Bug 30425: Revert armagadd-on-2.0 changes
* Windows + OS X + Linux
* Update OpenSSL to 1.0.2r
* Update Tor Launcher to 0.2.18.3
* Bug 27994+25151: Use the new Tor Browser logo
* Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status
reporting
* Bug 22402: Improve "For assistance" link
* Bug 27994: Use the new Tor Browser logo
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 27392: Update Moat URLs
* Bug 28082: Add locales cs, el, hu, ka
* Bug 26498: Add locale es-AR
* Bug 28039: Enable dump() if log method is 0
* Translations update
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design
guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 22343: Make 'Save Page As' obey first-party isolation
* Bug 29768: Introduce new features to users
* Bug 27484: Improve navigation within onboarding
* Bug 25658+29554: Replace security slider with security level UI
* Bug 25658+29554: Replace security slider with security level UI
* Bug 25405: Cannot use Moat if a meek bridge is configured
* Bug 28885: notify users that update is downloading
* Bug 29180: MAR download stalls when about dialog is opened
* Bug 27485: Users are not taught how to open security-slider dialog
* Bug 27486: Avoid about:blank tabs when opening onboarding pages
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 23359: WebExtensions icons are not shown on first start
* Bug 28628: Change onboarding Security panel to open new Security
Level panel
* Bug 27905: Fix many occurrences of "Firefox" in about:preferences
* Bug 28369: Stop shipping pingsender executable
* Bug 30457: Remove defunct default bridges
* Windows
* Bug 27503: Improve screen reader accessibility
* Bug 27865: Tor Browser 8.5a2 is crashing on Windows
* Bug 22654: Firefox icon is shown for Tor Browser on Windows 10
start menu
* Bug 28874: Bump mingw-w64 commit to fix WebGL crash
* Bug 12885: Windows Jump Lists fail for Tor Browser
* Bug 28618: Set MOZILLA_OFFICIAL for Windows build
* Bug 21704: Abort install if CPU is missing SSE2 support
* Bug 28002: Fix the precomplete file in the en-US installer
* OS X
* Bug 27623: Use MOZILLA_OFFICIAL for our builds
* Linux
* Bug 28022: Use `/usr/bin/env bash` for bash invocation
* Bug 27623: Use MOZILLA_OFFICIAL for our builds
* Android
* Bug 5709: Ship Tor Browser for Android
* Build System
* All platforms
* Bug 29868: Fix installation of python-future package
* Bug 25623: Disable network during build
* Bug 25876: Generate source tarballs during build
* Bug 28685: Set Build ID based on Tor Browser version
* Bug 29194: Set DEBIAN_FRONTEND=noninteractive
* Bug 29167: Upgrade go to 1.11.5
* Bug 29158: Install updated apt packages (CVE-2019-3462)
* Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
* Bug 27061: Enable verification of langpacks checksums
* Windows
* Bug 26148: Update binutils to 2.31.1
* Bug 27320: Build certutil for Windows
* OS X
* Bug 27320: Build certutil for macOS
* Linux
* Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
* Bug 26148: Update binutils to 2.31.1
* Bug 29758: Build firefox debug symbols for linux-i686
* Bug 29966: Use archive.debian.org for Wheezy images
* Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
* Android
* Bug 29981: Add option to build without using containers
Georg
[1]
https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…
[2]https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-sec…
Hello everyone,
I was not sure where to post this, but maybe QA is a good place.
I have a project that includes an automatic installation of a Tor proxy.
After the installation, I am able to test the proxy works as expected,
using the official site, i.e. https://check.torproject.org/
I am using curl / grep to test for a string like "Congratulations,
etc..."
However, I know this is not perfectly reliable, as the layout of the
HTML can change at any time.
I would like to know if there is a better way to do this, for instance a
special URL that would return the same information, in JSON or plain
text.
The plain text option is perfectly fine.
The Ansible script is here:
https://github.com/progmaticltd/homebox/blob/dev/tests/playbooks/roles/tor/…
Thanks a lot for your insights.
Kind regards,
André Rodier
Hello!
Tor Browser 8.5a9 is ready for testing. Bundles can be found at:
https://people.torproject.org/~boklm/builds/8.5a9-build2/
This new Tor Browser version picks up Firefox security bug fixes coming
with Firefox 60.6.0esr and ships the second alpha in Tor's 0.4.0 series,
0.4.0.2-alpha. Besides those and other regular component updates
(e.g. OpenSSL to 1.0.2r) we are proud to give three major features wider
testing in our alpha series:
Firstly, for our desktop users we redesigned our security controls,
exposing the security slider state directly on our reorganized toolbar.
The current code implements large parts of proposal 101[1] and we hope
we make the overall experience less confusing that way, especially for
unexperienced users. Thanks to Richard for all the hard work on this!
Secondly, we redesigned our boostrapping interface for Tor Browser on
Android, giving what we hope is a similar experience to the one provided
for desktop versions. This is the first big part in our efforts to drop
our dependency on Orbot while still making bootstraping progress and
bridge/pluggable transport configuration easily accessible. Thanks to
Matt for all the work on this feature!
Thirdly, we implemented pluggable transport support for our mobile
users, allowing them to bypass censorship with the help of obfs3, obfs4,
and meek. It is possible to use both built-in bridges and custom ones,
which users can obtain e.g. from BridgeDB or friends.
The full changelog since 8.5a8 is:
Tor Browser 8.5a9 -- March 19 2019
* All platforms
* Update Firefox to 60.6.0esr
* Update Torbutton to 2.1.5
* Bug 25658: Replace security slider with security level UI
* Bug 28628: Change onboarding Security panel to open new Security
Level panel
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 27478: Improved Torbutton icons for dark theme
* Bug 29021: Tell NoScript it is running within Tor Browser
* Bug 29239: Don't ship the Torbutton .xpi on mobile
* Translations update
* Bug 29120: Enable media cache in memory
* Bug 29445: Enable support for enterprise policies
* Windows + OS X + Linux
* Update Tor to 0.4.0.2-alpha
* Bug 29660: XMPP can not connect to SOCKS5 anymore
* Update OpenSSL to 1.0.2r
* Update Tor Launcher to 0.2.18.1
* Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status
reporting
* Bug 22402: Improve "For assistance" link
* Translations update
* Bug 25658+29554: Replace security slider with security level UI
* Bug 28885: notify users that update is downloading
* Bug 29180: MAR download stalls when about dialog is opened
* Bug 27485: Users are not taught how to open security-slider dialog
* Bug 27486: Avoid about:blank tabs when opening onboarding pages
* Bug 29440: Update about:tor when Tor Browser is updated
* Bug 23359: WebExtensions icons are not shown on first start
* Bug 28628: Change onboarding Security panel to open new Security
Level panel
* Android
* Bug 28329: Design Tor Browser for Android configuration UI
* Bug 28802: Support PTs in Tor Browser for Android
* Bug 29794: Update TBA built-in bridges
* Bug 27210: Add support for x86 on Android
* Bug 29633: Don't ship pdnsd anymore
* Bug 28708: about:tor is not the default homepage after upgrade
* Bug 29626: Application name is now "Always-On Notifications"
* Bug 29467: Backport fix for arc4random_buf bustage
* Build System
* All platforms
* Bug 25876: Generate source tarballs during build
* Bug 28685: Set Build ID based on Tor Browser version
* Bug 29194: Set DEBIAN_FRONTEND=noninteractive
* Linux
* Bug 26323: Build 32bit Linux bundles on 64bit Debian Wheezy
* Bug 29758: Build firefox debug symbols for linux-i686
* Android
* Bug 29632: Use HTTPS for downloading Gradle
Georg
[1]
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-secur…
Hi!
We are happy to announce the first Tor Browser 8.0.7 release candidate
for wider testing. Bundles can be found at
https://people.torproject.org/~boklm/builds/8.0.7-build3/
This new release updates Firefox to 60.6.0esr and Tor to the latest
stable version, 0.3.5.8. Moreover, it makes Tor Browser more
interoperable with Noscript by telling it that it is running in a Tor
Browser context.
The full changelog since 8.0.6 is:
Tor Browser 8.0.7 -- March 19 2019
* All platforms
* Update Firefox to 60.6.0esr
* Update Tor to 0.3.5.8
* Bug 29660: XMPP can not connect to SOCKS5 anymore
* Update Torbutton to 2.0.11
* Bug 29021: Tell NoScript it is running within Tor Browser
* Windows
* Bug 29081: Harden libwinpthread
* Linux
* Bug 27531: Add separate LD_LIBRARY_PATH for fteproxy
Georg
Hello!
Tor Browser 8.5a7 is ready for testing. Bundles can be found at:
https://people.torproject.org/~boklm/builds/8.5a7-build3/
This new Tor Browser version picks up Firefox security bug fixes coming
with Firefox 60.5.0esr and ships the first alpha in Tor's 0.4.1 series,
0.4.0.1-alpha.
This release also features a lot of improvements regarding our branding.
We ship our new Tor Browser logo for the first time in a release build
on desktop platforms and are eager to learn about bugs and general
feedback. Thanks for Antonela and Richard working on this!
Additionally, we fixed a number of crashes noticed in previous releases
(WebGL crashed on some Windows machines[1], the print dialog on some
Linux systems[2], and downloading files on some Android devices[3]).
Note: While the Windows binary files built on different machines are the
same, the resulting .exe files seem to differ building with
tbb-8.5a7-build3. We are still investigating the cause for this and hope
to have this fixed in the final release.[4]
The full changelog since 8.5a6 is:
Tor Browser 8.5a7 -- January 29 2019
* All Platforms
* Update Firefox to 60.5.0esr
* Update Torbutton to 2.1.4
* Bug 25702: Update Tor Browser icon to follow design guidelines
* Bug 21805: Add click-to-play button for WebGL
* Bug 28836: Links on about:tor are not clickable
* Bug 29035: Clean up our donation campaign and add newsletter
sign-up link
* Translations update
* Code clean-up
* Update HTTPS Everywhere to 2019.1.7
* Update NoScript to 10.2.1
* Bug 28873: Cascading of permissions is broken
* Bug 28720: Some videos are blocked outright on higher security levels
* Bug 29082: Backport patches for bug 1469916
* Bug 28711: Backport patches for bug 1474659
* Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
* Bug 29028: Auto-decline most canvas warning prompts again
* Bug 27597: Fix our debug builds
* Windows
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design
guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 22654: Firefox icon is shown for Tor Browser on Windows 10
start menu
* Bug 27503: Compile with accessibility support
* Bug 28874: Bump mingw-w64 commit to fix WebGL crash
* Bug 28546: Rebrand Tor Browser's Window's Installer
* Bug 12885: Windows Jump Lists fail for Tor Browser
* Bug 28618: Set MOZILLA_OFFICIAL for Windows build
* OS X
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design
guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Linux
* Update Tor to 0.4.0.1-alpha
* Bug 25702: Activity 1.1 Update Tor Browser icon to follow design
guidelines
* Bug 28111: Use Tor Browser icon in identity box
* Bug 27531: Fix crashing print dialog
* Android
* Bug 28705: Fix download crash on newer Android devices
* Bug 28814: Backport 1480079 to allow installing downloaded apps
* Build System
* All Platforms
* Bug 29158: Install updated apt packages (CVE-2019-3462)
* Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
* Windows
* Bug 26148: Update binutils to 2.31.1
* Bug 29081: Harden libwinpthread
* Linux
* Bug 26148: Update binutils to 2.31.1
* Android
* Bug 28752: Don't download tor-android-binary resources during build
Georg
[1] https://bugs.torproject.org/28874
[2] https://bugs.torproject.org/27531
[3] https://bugs.torproject.org/28705
[4] https://bugs.torproject.org/29185
Hi!
Tor Browser 8.0.5 is ready for testing. Bundles can be found at
https://people.torproject.org/~boklm/builds/8.0.5-build2/
This new release updates Firefox to 60.5.0esr and Tor to the first
stable release in the 0.3.5 series, 0.3.5.7.
Apart from that it contains a number of backports from the alpha series,
most notably the proper first-party isolation of range requests when
loading PDF documents.
We also updated NoScript and HTTPS Everywhere to their latest versions
and removed our donation campaign related code.
The full changelog since 8.0.4 is:
Tor Browser 8.0.5 -- January 29 2019
* All platforms
* Update Firefox to 60.5.0esr
* Update Tor to 0.3.5.7
* Update Torbutton to 2.0.10
* Bug 29035: Clean up our donation campaign and add newsletter
sign-up link
* Bug 27175: Add pref to allow users to persist custom noscript
settings
* Update HTTPS Everywhere to 2019.1.7
* Update NoScript to 10.2.1
* Bug 28873: Cascading of permissions is broken
* Bug 28720: Some videos are blocked outright on higher security levels
* Bug 26540: Enabling pdfjs disableRange option prevents pdfs from
loading
* Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
* Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
Georg
Hi!
Tor Browser 8.5a6 is ready for testing. Bundles can be found at:
https://people.torproject.org/~boklm/builds/8.5a6-build1/
This new Tor Browser version picks up Firefox security bug fixes coming
with Firefox 60.4.0esr and upgrades OpenSSL 1.0.2q.
The most exciting news, however, compared to the release earlier this
week comes from progress we made on our mobile builds. Tor Browser 8.5a6
is the first version that is built reproducibly and is localized in all
locales the desktop platforms support.
Moreover, we added an updated donation banner for our year-end donation
campaign.
Known issues: On newer Android versions (Android 7+) downloading a file
is crashing Tor Browser. This is tracked in
https://trac.torproject.org/projects/tor/ticket/28705 and we plan to
have a fix available in Tor Browser 8.5a7. Sorry for the inconvenience.
The full changelog since 8.5a5 is:
Tor Browser 8.5a6 -- December 11 2018
* All Platforms
* Update Firefox to 60.4.0esr
* Update OpenSSL to 1.0.2q
* Update Torbutton to 2.1.3
* Bug 28540: Use new text for 2018 donation banner
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 28075: Tone down missing SOCKS credential warning
* Bug 28747: Remove NoScript (XPCOM) related unused code
* Translations update
* Bug 28608: Disable background HTTP response throttling
* Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
* Bug 27290: Remove WebGL pref for min capability mode
* Bug 27919: Backport SSL status API
* Windows
* Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
* Android
* Bug 26843: Multi-locale support for Tor Browser on Android
* Build System
* Android
* Bug 25164: Add .apk to our sha256sums unsigned build file
* Bug 28696: Make path to Gradle dependencies reproducible
* Bug 28697: Use pregenerated keystore and fix timestamp issues
Georg
Hello everyone!
We are happy to announce that Tor Browser 8.0.4 is ready for testing.
Bundles can be found at
https://people.torproject.org/~boklm/builds/8.0.4-build2/
This new Tor Browser version contains updates to Tor (0.3.4.9), OpenSSL
(1.0.2q) and other bundle components. Most importantly, however, it is
based on Firefox 60.4.0esr containing fixes to Firefox security bugs.
We backported a number of patches from our alpha series where they got
some baking time. The most important ones are
1) a defense against protocol handler enumeration which should enhance
our fingerprinting resistance,
2) enabling Stylo for macOS users by bypassing a reproducibility issue
caused by Rust compilation and
3) setting back the sandboxing level on 5 Windows (the default), after
working around some Tor Launcher interference causing a broken Tor
Browser experience.
Additionally, we ship an updated donation banner for our year-end
donation campaign.
The full changelog since 8.0.3 is:
Tor Browser 8.0.4 -- December 11 2018
* All platforms
* Update Firefox to 60.4.0esr
* Update Tor to 0.3.4.9
* Update OpenSSL to 1.0.2q
* Update Torbutton to 2.0.9
* Bug 28540: Use new text for 2018 donation banner
* Bug 28515: Use en-US for english Torbutton strings
* Translations update
* Update HTTPS Everywhere to 2018.10.31
* Update NoScript to 10.2.0
* Bug 1623: Block protocol handler enumeration (backport of fix for
#680300)
* Bug 25794: Disable pointer events
* Bug 28608: Disable background HTTP response throttling
* Bug 28185: Add smallerRichard to Tor Browser
* Windows
* Bug 26381: about:tor page does not load on first start on Windows
* Bug 28657: Remove broken FTE bridge from Tor Browser
* OS X
* Bug 26263: App icon positioned incorrectly in macOS DMG installer
window
* Bug 26475: Fix Stylo related reproducibilitiy issue
* Linux
* Bug 26475: Fix Stylo related reproducibilitiy issue
* Bug 28657: Remove broken FTE bridge from Tor Browser
* Build System
* All Platforms
* Bug 27218: Generate multiple Tor Browser bundles in parallel
Georg
