[tor-reports] December 2015 Report for the Tor Browser Team

Georg Koppen gk at torproject.org
Tue Jan 5 11:55:57 UTC 2016


In December, the Tor Browser team made 4 releases: 5.0.5[1], 5.0.6[2],
5.5a5[3], and 5.5a5-hardened[4].

The 5.0.5 stable release featured improvements in our fingerprinting
defenses[5][6], code for our donation campaign[7][8][9] and a
long-wanted fix for our circuit display[10]. Unfortunately, a follow-up
release, 5.0.6, was needed as Mozilla fixed another couple of serious
bugs in the final ESR 38.5.0 release based on the second candidate build
which we missed (we started using the first one)[11].

In the 5.5a5 release, we additionally cleaned up our about:tor
appearance[12], improved font and keyboard fingerprinting
defenses[13][14][15][16] and disabled the RC4 fallback option in TLS
connections[17]. Moreover, the changelog shown after an update is
generated locally now[18].

For 5.5a5-hardened, we compiled the Firefox part with -fwrapv guarding
against some type of undefined behavior[19]. Apart from that it contains
the same changes as 5.5a5.

The full list of tickets closed by the Tor Browser team in December can
be seen using the TorBrowserTeam201512 tag on our bug tracker[20].

In January, we plan to release 5.0.7, 5.5a6 and 5.5a6-hardened which are
out-of-bound releases fixing a potentially exploitable crash bug[21].
Apart from that we are focusing on getting Tor Browser 5.5 into a stable
shape and plan to release it by end of January. Work on our OS X
codesigning continues as well.

The full list of tickets the Tor Browser team plans to work on in
January can be seen with the TorBrowserTeam201601 tag on our bug


[1] https://blog.torproject.org/blog/tor-browser-505-released
[2] https://blog.torproject.org/blog/tor-browser-506-released
[3] https://blog.torproject.org/blog/tor-browser-55a5-released
[4] https://blog.torproject.org/blog/tor-browser-55a5-hardened-released
[5] https://bugs.torproject.org/17207
[6] https://bugs.torproject.org/17446
[7] https://bugs.torproject.org/17565
[8] https://bugs.torproject.org/17770
[9] https://bugs.torproject.org/17792
[10] https://bugs.torproject.org/16990
[11] https://bugs.torproject.org/17877
[12] https://bugs.torproject.org/17108
[13] https://bugs.torproject.org/17759
[14] https://bugs.torproject.org/17661
[15] https://bugs.torproject.org/17250
[16] https://bugs.torproject.org/17009
[17] https://bugs.torproject.org/17369
[18] https://bugs.torproject.org/16940
[19] https://bugs.torproject.org/12516
[21] https://bugs.torproject.org/17931

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20160105/31cb80e5/attachment.sig>

More information about the tor-reports mailing list