[tor-relays] Please upgrade to new Tor release 0.4.7.16 or 0.4.8.8 ASAP!

[gus]

Dear relay operators,

Today (2023-11-03) the Network Team has released new Tor versions
0.4.7.16 and 0.4.8.8[1]. These updates contains a fix to a remote crash
bug (TROVE 2023 004). It is highly recommended that all relay operators
upgrade to the new versions as soon as possible to maintain the network
stability and security.

For those running their Tor relay using the Tor Debian repository,
expect the new deb package to be available soon.

The patches prevents the issue from causing a crash in Tor. However, it
will make Tor more noisy when the bug is triggered, including logging
information about the remote peer that is the source or destination of
the circuit in the path. Such information is important for our
developers to diagnose the specific invariant within Tor's TLS logic
that does not hold.

Eventually, a new version of Tor will need to be released in the future
that will remove the verbose logging of this issue.

Please note that this bug is specific to Tor relays and does not impact
Tor clients or Tor powered apps (Tor Browser, Orbot, OnionShare).

Thank you,
Gus

[1] https://forum.torproject.org/t/security-release-0-4-7-16-and-0-4-8-8/10064

-- 
The Tor Project
Community Team Lead
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20231103/238fa988/attachment.sig>