[tor-commits] [tor/release-0.2.5] declare 0.2.3.x end-of-life more clearly
arma at torproject.org
arma at torproject.org
Fri Oct 24 02:08:15 UTC 2014
commit 42b42605f8d8eac25361be229354f6393967df4f
Author: Roger Dingledine <arma at torproject.org>
Date: Thu Oct 23 22:05:54 2014 -0400
declare 0.2.3.x end-of-life more clearly
---
ChangeLog | 33 +++++++++++++++----------------
ReleaseNotes | 61 +++++++++++++++++++++++++---------------------------------
2 files changed, 42 insertions(+), 52 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 749abf8..3daba3e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,25 +1,24 @@
Changes in version 0.2.5.10 - 2014-10-24
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
- It adds several new security features, including improved DoS
- resistance for relays, new compiler hardening options, and a
- system-call sandbox for hardened installations on Linux (requires
- seccomp2). The controller protocol has several new features, resolving
- IPv6 addresses should work better than before, and relays should be a
- little more CPU-efficient. We've added support for more (Open,Free)BSD
- transparent proxy types. We've improved the build system and testing
- intrastructure to allow unit testing of more parts of the Tor
- codebase. Finally, we've addressed several nagging pluggable transport
- usability issues, and included numerous other small bugfixes and
- features mentioned below.
-
- This release coincides with the likely end of further 0.2.3.x
- releases; see below for more information.
+ It adds several new security features, including improved
+ denial-of-service resistance for relays, new compiler hardening
+ options, and a system-call sandbox for hardened installations on Linux
+ (requires seccomp2). The controller protocol has several new features,
+ resolving IPv6 addresses should work better than before, and relays
+ should be a little more CPU-efficient. We've added support for more
+ OpenBSD and FreeBSD transparent proxy types. We've improved the build
+ system and testing infrastructure to allow unit testing of more parts
+ of the Tor codebase. Finally, we've addressed several nagging pluggable
+ transport usability issues, and included numerous other small bugfixes
+ and features mentioned below.
+
+ This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+ have accumulated many known flaws; everyone should upgrade.
o Deprecated versions:
- - Tor 0.2.3.x is approaching its end-of-life too; we do not plan on
- releasing further updates for it except under highly unusual
- circumstances.
+ - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+ attention for some while.
Changes in version 0.2.5.9-rc - 2014-10-20
diff --git a/ReleaseNotes b/ReleaseNotes
index cf7c145..337470b 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -5,43 +5,32 @@ each development snapshot, see the ChangeLog file.
Changes in version 0.2.5.10 - 2014-10-24
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
- It adds several new security features, including improved DoS
- resistance for relays, new compiler hardening options, and a
- system-call sandbox for hardened installations on Linux (requires
- seccomp2). The controller protocol has several new features, resolving
- IPv6 addresses should work better than before, and relays should be a
- little more CPU-efficient. We've added support for more (Open,Free)BSD
- transparent proxy types. We've improved the build system and testing
- intrastructure to allow unit testing of more parts of the Tor
- codebase. Finally, we've addressed several nagging pluggable transport
- usability issues, and included numerous other small bugfixes and
- features mentioned below.
-
- This release coincides with the likely end of further 0.2.3.x
- releases; see below for more information.
-
- o Deprecated versions:
- - Tor 0.2.2.x has reached end-of-life; it has received no patches or
- attention for some while. Directory authorities no longer accept
- descriptors from relays running any version of Tor prior to Tor
- 0.2.3.16-alpha. Resolves ticket 11149.
- - Tor 0.2.3.x is approaching its end-of-life too; we do not plan on
- releasing further updates for it except under highly unusual
- circumstances.
-
- o Major features (client security):
+ It adds several new security features, including improved
+ denial-of-service resistance for relays, new compiler hardening
+ options, and a system-call sandbox for hardened installations on Linux
+ (requires seccomp2). The controller protocol has several new features,
+ resolving IPv6 addresses should work better than before, and relays
+ should be a little more CPU-efficient. We've added support for more
+ OpenBSD and FreeBSD transparent proxy types. We've improved the build
+ system and testing infrastructure to allow unit testing of more parts
+ of the Tor codebase. Finally, we've addressed several nagging pluggable
+ transport usability issues, and included numerous other small bugfixes
+ and features mentioned below.
+
+ This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+ have accumulated many known flaws; everyone should upgrade.
+
+ o Major features (security):
- The ntor handshake is now on-by-default, no matter what the
directory authorities recommend. Implements ticket 8561.
-
- o Major features (other security):
- - Disable support for SSLv3. All versions of OpenSSL in use with Tor
- today support TLS 1.0 or later, so we can safely turn off support
- for this old (and insecure) protocol. Fixes bug 13426.
- - Warn about attempts to run hidden services and relays in the same
- process: that's probably not a good idea. Closes ticket 12908.
- Make the "tor-gencert" tool used by directory authority operators
create 2048-bit signing keys by default (rather than 1024-bit, since
1024-bit is uncomfortably small these days). Addresses ticket 10324.
+ - Warn about attempts to run hidden services and relays in the same
+ process: that's probably not a good idea. Closes ticket 12908.
+ - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+ today support TLS 1.0 or later, so we can safely turn off support
+ for this old (and insecure) protocol. Fixes bug 13426.
o Major features (relay security, DoS-resistance):
- When deciding whether we have run out of memory and we need to
@@ -74,8 +63,6 @@ Changes in version 0.2.5.10 - 2014-10-24
even when pluggable transports are in use, and report usage
statistics in their extra-info descriptors. Resolves tickets 4773
and 5040.
-
- o Major features (bridges):
- Don't launch pluggable transport proxies if we don't have any
bridges configured that would use them. Now we can list many
pluggable transports, and Tor will dynamically start one when it
@@ -132,6 +119,10 @@ Changes in version 0.2.5.10 - 2014-10-24
are dumped to stderr (if possible) and to any logs that are
reporting errors. Implements ticket 9299.
+ o Deprecated versions:
+ - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+ attention for some while.
+
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
@@ -544,7 +535,7 @@ Changes in version 0.2.5.10 - 2014-10-24
write out that file if we successfully switch to the new config
option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
- o Minor bugfixes (Directory server):
+ o Minor bugfixes (directory server):
- No longer accept malformed http headers when parsing urls from
headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
bugfix on 0.0.6pre1.
More information about the tor-commits
mailing list