[tor-announce] Tor Browser 9.0.2 is released

Nicolas Vigier boklm at mars-attacks.org
Tue Dec 3 20:03:15 UTC 2019 

Tor Browser 9.0.2 is now available from the Tor Browser download page [1]
and also from our distribution directory [2].

    1: https://www.torproject.org/download/
    2: https://www.torproject.org/dist/torbrowser/9.0.2/

This release features important security updates [3] to Firefox.

    3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/

This new stable release is picking up security fixes for Firefox 68.3.0esr
and updating our external extensions (NoScript and HTTPS Everywhere) to
their latest versions.

Apart from backports for patches that already landed in alpha releases
and fixing an error in our circuit display and improving our letterboxing
support, Tor Browser 9.0.2 provides properly localized Android bundles
again as well.


_Reproducible Builds_

The issue with reproducible builds mentioned in the 9.0.1 blog post [4]
is still present in this release. We however made progress on understanding
the issue [5] and are getting closer to a fix.

    4: https://blog.torproject.org/new-release-tor-browser-901
    5: https://trac.torproject.org/projects/tor/ticket/32053


_ChangeLog_

The full changelog since Tor Browser 9.0.1 is:

 * All Platforms
   * Update Firefox to 68.3.0esr
   * Bump NoScript to 11.0.9
     * Bug 32362: NoScript TRUSTED setting doesn't work
     * Bug 32429: Issues with about:blank and NoScript on .onion sites
   * Bump HTTPS Everywhere to 2019.11.7
   * Bug 27268: Preferences clean-up in Torbutton code
   * Translations update
 * Windows + OS X + Linux
   * Bug 32125: Fix circuit display for bridge without a fingerprint
   * Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
 * Windows
   * Bug 31989: Backport backout of old mingw-gcc patch
   * Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
 * Android
   * Bug 32365: Localization is broken in Tor Browser 9 on Android
 * Build System
   * All Platforms
     * Bug 32413: Bump Go version to 1.12.13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20191203/b10981ea/attachment.sig>

More information about the tor-announce mailing list