[tor-reports] August 2015 Report for the Tor Browser Team
Mike Perry
mikeperry at torproject.org
Tue Sep 1 20:38:13 UTC 2015
In August, the Tor Browser team made three sets of releases: 5.0/5.5a1,
5.0.1, and 5.0.2/5.5a2. [1,2,3,4,5]. The month was quite hectic as a
result, with most of our time spent on release management and related
issues.
The 5.0 release transitioned our stable users to Firefox 38-ESR. The
changes since 5.0a4 were limited primarily to cosmetic issues[6,7],
though we did reset the NoScript whitelist because it was discovered
that a previous NoScript update had altered it[8]. We did disable two
fingerprinting defenses (font normalization[9], and keyboard
normalization[10]) due to concerns about their user impact. Those
defenses remain enabled for 5.5a1.
Unfortunately, a non-exploitable crash bug[11] was discovered with Tor
Browser 5.0 on some sites (specifically Tumblr and Google Maps, but
likely others as well). This issue was introduced in 5.0a4 by an update
to one of our tracking protection patches for Firefox 38-ESR. We
released a fix for this issue the following week, in 5.0.1.
Mozilla then released an out-of-cycle point update to Firefox 38, to fix
two internally disclosed security issues[12]. This prompted us to
release 5.0.2 and 5.5a2, which we released on the same day as the
Mozilla release, thanks to heads up, coordination, and assistance from
the Mozilla developers.
This out-of-cycle release did force us to revert fixes for several other
regressions that were discovered in 5.0 and 5.0.1 in order to release on
time. The current set of fixed but as-yet unreleased regression tickets
can be found on our bugtracker[13].
The full list of tickets closed by the Tor Browser team in August can be
seen using the TorBrowserTeam201508 tag on our bug tracker[14].
In early September, we will focus primarily on finishing off fixes for
the remaining regressions discovered in the 5.0 release[15]. Our next
planned point release will be on September 22nd. We hope to have the
major regressions addressed by then.
After this, at the end of September, many of us will meet to discuss and
update the long-term roadmap[16] for the coming months at the Tor
developer meeting.
The full list of tickets that the Tor Browser team plans to work on in
September can be seen using the TorBrowserTeam201509 tag on our bug
tracker[17].
1. https://blog.torproject.org/blog/tor-browser-50-released
2. https://blog.torproject.org/blog/tor-browser-55a1-released
3. https://blog.torproject.org/blog/tor-browser-501-released
4. https://blog.torproject.org/blog/tor-browser-502-released
5. https://blog.torproject.org/blog/tor-browser-55a2-released
6. https://bugs.torproject.org/16722
7. https://bugs.torproject.org/16488
8. https://bugs.torproject.org/16730
9. https://bugs.torproject.org/13313
10. https://bugs.torproject.org/15646
11. https://bugs.torproject.org/16771
12. https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.2.1
13. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0-regression&status=closed
14. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201508
15. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0-regression
16. https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser
17. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201509
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20150901/58b50c04/attachment.sig>
More information about the tor-reports
mailing list