[tor-reports] November 2016 Report for the Tor Browser Team
Georg Koppen
gk at torproject.org
Mon Dec 5 21:15:00 UTC 2016
Hi,
In November we made six releases, Tor Browser 6.0.6[1], 6.0.7[2],
6.5a4[3], 6.5a5[4], and 6.5a4-hardened[5] + 6.5a5-hardened[6].
The first round of releases on November 15/16 was updating our users to
Firefox 45.5.0esr and contained new tor releases as well (0.2.8.9 for
the stable series and 0.2.9.5-alpha for the alpha and hardened one).
Moreover, we fixed a lot of usability issues related to the new OS X
Sierra that made some changes to our code necessary. Tor Browser
6.5a4 and 6.5a4-hardened got a number of bug fixes related to our unix
domain socket usage and we resolved other SponsorU related tickets[7][8].
The second round of releases at the end of November was due to a 0-day
exploit that affected not only Firefox but Tor Browser as well.[9] We
released 6.0.7 within one day and the alpha and hardened bundles
followed suit on December 1.
Apart from spending time on release preparations we worked on finishing
up the remaining pieces for our SponsorU work: sandboxing on Linux and
OS X and hardening our memory allocator.[10][11][12] We plan to ship
those major features in the next alpha bundles which are due
mid-December to give them a wider userbase for testing.
The full list of tickets closed by the Tor Browser team in November is
accessible using the TorBrowserTeam201611 tag in our bug tracker[13].
For December we plan to release Tor Browser 6.0.8, 6.5a6 and
6.5a6-hardened. Tickets on our radar for this month can be seen with the
TorBrowserTeam201612 tag in our bug tracker[14].
Georg
[1] https://blog.torproject.org/blog/tor-browser-606-released
[2] https://blog.torproject.org/blog/tor-browser-607-released
[3] https://blog.torproject.org/blog/tor-browser-65a4-released
[4] https://blog.torproject.org/blog/tor-browser-65a5-released
[5] https://blog.torproject.org/blog/tor-browser-65a4-hardened-released
[6] https://blog.torproject.org/blog/tor-browser-65a5-hardened-released
[7] https://bugs.torproject.org/20439
[8] https://bugs.torproject.org/19459 which fixed a bunch of other bugs,
like 15953, 13437, 18175, and 20590.
[9]
https://blog.mozilla.org/security/2016/11/30/fixing-an-svg-animation-vulnerability/
[10] https://bugs.torproject.org/19750
[11] https://bugs.torproject.org/20121
[12] https://bugs.torproject.org/10281
[13]chttps://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201611
[14]
https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201612
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20161205/acd27c14/attachment.sig>
More information about the tor-reports
mailing list