[tor-commits] [tor/release-0.2.4] Changelog for 0.2.4.25
nickm at torproject.org
nickm at torproject.org
Mon Oct 20 01:50:44 UTC 2014
commit 0c8acf11981999f119e0072ec61ce519e43b8dbb
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Oct 19 21:43:09 2014 -0400
Changelog for 0.2.4.25
---
ChangeLog | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 0270959..b4920ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+Changes in version 0.2.4.25 - 2014-10-20
+ Tor 0.2.4.25 contains a response to the recent "POODLE" attack against
+ SSL3 (which doesn't affect Tor), and a response to a crash bug caused
+ by some operating systems' response to the "POODLE" attack (which does
+ affect Tor).
+
+ o Major security fixes (also in 0.2.5.9-rc):
+ - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+ today support TLS 1.0 or later, so we can safely turn off support
+ for this old (and insecure) protocol. Fixes bug 13426.
+
+ o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+ - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+ 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+ 13471. This is a workaround for an OpenSSL bug.
+
+
Changes in version 0.2.4.24 - 2014-09-22
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
connecting to hidden services, and it updates the location of one of
More information about the tor-commits
mailing list