Hi!
Tor Browser 5.5a5 is ready for testing. Bundles can be found on
https://people.torproject.org/~gk/builds/5.5a5-build1/
Apart from the usual Firefox update (to version 38.5.0esr) this release features a new Tor (0.2.7.6) + an updated OpenSSL (1.0.1q) and NoScript (2.7). Moreover, we fixed an annoying bug in our circuit display (circuits weren't visible sometimes), isolated SharedWorkers to the firts-party domain and improved the font fingerprinting defense.
There are more noteworthy things that need to get testing and would benefit from feedback: we polished the about:tor experience, disabled the RC4 fallback option in TLS connections and improved our defense against fingerprinting the keyboard layout.
Last but not least: A number of bundles (en-US, de, fa, fr, nl, ru, tr and zh-CN ones) will have a donation banner activated encouraging users to donate money to us. Testing (the layout of) it in these locales on different operating systems would be especially helpful. The banner is visible on the about:tor page and should be so only ten times. It features either Roger or Laura or Cory which is randomly chosen.
There are additonal features/bug fixes coming with this release which can be found in the full changelog:
Tor Browser 5.5a5 -- December 15 2015 * All Platforms * Update Firefox to 38.5.0esr * Update Tor to 0.2.7.6 * Update OpenSSL to 1.0.1q * Update NoScript to 2.7 * Update Torbutton to 1.9.4.2 * Bug 16940: After update, load local change notes * Bug 16990: Avoid matching '250 ' to the end of node name * Bug 17565: Tor fundraising campaign donation banner * Bug 17770: Fix alignments on donation banner * Bug 17792: Include donation banner in some non en-US Tor Browsers * Bug 17108: Polish about:tor appearance * Bug 17568: Clean up tor-control-port.js * Translation updates * Update Tor Launcher to 0.2.8.1 * Bug 17344: Enumerate available language packs for language prompt * Code clean-up * Translation updates * Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875) * Bug 15564: Isolate SharedWorkers by first-party domain * Bug 16940: After update, load local change notes * Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313) * Bug 17747: Add ndnop3 as new default obfs4 bridge * Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646) * Bug 17369: Disable RC4 fallback * Bug 17442: Remove custom updater certificate pinning * Bug 16863: Avoid confusing error when loop.enabled is false * Bug 17502: Add a preference for hiding "Open with" on download dialog * Bug 17446: Prevent canvas extraction by third parties (fixup of #6253) * Bug 16441: Suppress "Reset Tor Browser" prompt * Windows * Bug 13819: Ship expert bundles with console enabled * Bug 17250: Fix broken Japanese fonts * OS X * Bug 17661: Whitelist font .Helvetica Neue DeskInterface
Georg