[tor-reports] December 2014 Report for the Tor Browser Team
mikeperry at torproject.org
Mon Jan 5 14:21:38 UTC 2015
In December, the Tor Browser team released 4.0.2 and 4.5-alpha-2.
The 4.0.2 updates the 4.0.x users to the latest Firefox 31.3.0ESR
release. It also fixed a regression in third party cache isolation
(tracking protection) that appeared in the 4.0 release, due to changes
in the underlying Firefox cache implementation. It also features
fixes to the mingw-w64 compiler that were resulting in crash bugs on
Windows[6,7]. We also fixed an update failure for Windows XP users.
The 4.5-alpha-2 release features fixes to the security slider and
circuit status UI[9,10], as well as a fix for a third party tracking
regression in the use of HTTP authentication that was caused due to
over-zealous removal of Torbutton code.
Beyond the 4.5-alpha-2 work, we have also implemented the code changes
necessary for signing incremental updates. With these changes,
updates will be authenticated through the pinned HTTPS certificate, as
well as individual file signatures. This will prevent compromise of
dist.torproject.org from yielding the ability to distribute malicious
updates to our users. We also improved the Canvas permissions prompt to
eliminate warnings during the display of PDFs, and during use of the Web
At the end of the month, Mike Perry and Seth Schoen gave a talk at the
Chaos Communications Congress on Reproducible Builds, covering the work
in Tor Browser, as well as related efforts by F-Droid and Debian. A
video recording of their talk can be viewed online.
The full list of tickets closed by the Tor Browser team in September can
be seen using the TorBrowserTeam201412 tag on our bug tracker. This
list is a bit sparse due to both the holidays and because of the large
volume of patches waiting for review to be merged in the next 4.5-alpha
Next month, we will continue to stabilize 4.5-alpha. The merge window
for Firefox 38 is also approaching in mid-February. Our primary target
for this merge window is our third party tracking protection patches.
At the end of January, we will be holding a Usability Sprint at the
University of California at Berkeley, with the goal of performing user
studies and providing feedback for future usability improvements to the
browser. For more details, see the wiki page.
The full list of tickets that the Tor Browser team plans to work on in
January can be seen using the TorBrowserTeam201501 tag on our bug
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Digital signature
More information about the tor-reports