[tor-announce] Tor Browser 9.5 is released

Georg Koppen gk at torproject.org
Tue Jun 2 19:23:23 UTC 2020 

Hello!

Tor Browser 9.5 is now available from the Tor Browser download page [1]
and also from our distribution directory [2]. Version 9.5 is a new major
stable upgrade.

1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/9.5/

This new Tor Browser release is focused on helping users understand and
use onion services.

This release updates Firefox to 68.9.0esr, NoScript to 11.0.26, and Tor
to version 0.4.3.5. Also, this release features important security
updates [3] to Firefox.

3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/

Please see the blog post [4] for more details about this version.

4: https://blog.torproject.org/new-release-tor-browser-95

The full changelog since Tor Browser 9.0.10 is:
 * All Platforms
   * Update Firefox to 68.9.0esr
   * Update HTTPS-Everywhere to 2020.5.20
   * Update NoScript to 11.0.26
   * Update Tor to 0.4.3.5
   * Translations update
   * Bug 21549: Disable wasm for now until it is properly audited
   * Bug 27268: Preferences clean-up in Torbutton code
   * Bug 28745: Remove torbutton.js unused code
   * Bug 28746: Remove torbutton isolation and fp prefs sync
   * Bug 30237: Control port module improvements for v3 client
authentication
   * Bug 30786: Add th locale
   * Bug 30787: Add lt locale
   * Bug 30788: Add ms locale
   * Bug 30851: Move default preferences to 000-tor-browser.js
   * Bug 30888: move torbutton_util.js to modules/utils.js
   * Bug 31134: Govern graphite again by security settings
   * Bug 31395: Remove inline script in aboutTor.xhtml
   * Bug 31499: Update libevent to 2.1.11-stable
     * Bug 33877: Disable Samples and Regression tests For Libevent Build
   * Bug 31573: Catch SessionStore.jsm exception
   * Bug 32318: Backport Mozilla's fix for bug 1534339
   * Bug 32414: Make Services.search.addEngine obey FPI
   * Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
   * Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
   * Bug 33342: Avoid disconnect search addon error after removal
   * Bug 33726: Fix patch for #23247: Communicating security
expectations for .onion
   * Bug 34157: Backport fix for Mozilla Bug 1511941
 * Windows + OS X + Linux
   * Update Tor Launcher to 0.2.21.8
     * Translations update
     * Bug 19757: Support on-disk storage of v3 client auth keys
     * Bug 30237: Add v3 onion services client authentication prompt
     * Bug 30786: Add th locale
     * Bug 30787: Add lt locale
     * Bug 30788: Add ms locale
     * Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
   * Bug 19251: Show improved error pages for onion service errors
   * Bug 19757: Support on-disk storage of v3 client auth keys
   * Bug 21952: Implement Onion-Location
   * Bug 27604: Fix broken Tor Browser after moving it to a different
directory
   * Bug 28005: Implement .onion alias urlbar rewrites
   * Bug 30237: Improve TBB UI of hidden service client authorization
   * Bug 32076: Upgrade to goptlib v1.1.0
   * Bug 32220: Improve the letterboxing experience
   * Bug 32418: Allow updates to be disabled via an enterprise policy.
   * Bug 32470: Backport fix for bug 1590538
   * Bug 32645: Update URL bar onion indicators
   * Bug 32658: Create a new MAR signing key
   * Bug 32674: Point the about:tor "Get involved" link to the community
portal
   * Bug 32767: Remove Disconnect search
   * Bug 33698: Update "About Tor Browser" links in Tor Browser
   * Bug 33707: Swap out onion icon in circuit display with new one
   * Bug 34032: Use Securedrop's Official https-everywhere ruleset
   * Bug 34196: Update site info URL with the onion name
   * Bug 34321: Add Learn More onboarding item
 * Windows
   * Bug 22919: Improve the random number generator for the boundaries
in multipart/form-data
   * Bug 29614: Use SHA-256 algorithm for Windows timestamping
   * Bug 33113: Bump NSIS version to 3.05
 * OS X
   * Bug 32505: Tighten our rules in our entitlements file for macOS
 * Linux
   * Bug 34315: Avoid reading policies from /etc/firefox on Linux
 * Android
   * Bug 26529: Notify user about possible proxy-bypass before opening
external app
   * Bug 30767: Custom obfs4 bridge does not work on Tor Browser for Android
   * Bug 32303: Obfs4 is broken on Android Q
   * Bug 33359: Use latest Version of TOPL and Remove Patches
   * Bug 33931: obfs4 bridges are used instead of meek if meek is
selected in Tor Browser for Android alpha
 * Build System
   * All Platforms
     * Go to 1.13.11
     * Bug 33380: Add *.json to sha256sums-unsigned-build.txt
   * Windows
     * Bug 33802: --enable-secure-api is not supported anymore in mingw-w64
   * Linux
     * Bug 32976: Build and bundle geckodriver
     * Bug 34242: Fix creation of Linux containers
   * Android
     * Bug 28765: LibEvent Build for Android
     * Bug 28766: Tor Build for Android
     * Bug 28803: Integrate building Pluggable Transports for Android
     * Bug 30461: Clean up tor-android-service project
     * Bug 32993: Package Tor With Tor Android Service Project
     * Bug 33685: Add Support for Building zlib for Android

Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20200602/1ed3f78d/attachment.sig>

More information about the tor-announce mailing list