Versie 4.0.7 van de Tor Browser Bundle is uitgekomen en wegens een probleem is deze kort daarop opgevolgd door versie 4.0.8. Tor staat voor The Onion Router en is een netwerk dat gebruikt kan worden om anoniem over het internet te surfen. Al het tcp-verkeer van gebruikers wordt langs verschillende Tor-routers geleid, waarna het voor de ontvanger niet meer mogelijk is om na te gaan wie de oorspronkelijke verzender was. Binnen het Tor-netwerk is die informatie nog wel aanwezig, zodat antwoorden - uiteraard ook weer via het stelsel van routers - uiteindelijk weer op de juiste plek aankomen. De release-notes voor deze uitgave kunnen hieronder worden gevonden.
Tor Browser 4.0.8 is releasedA new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
This release contains a fix for the update loop issue present in 4.0.7. It is otherwise identical to that release.
Both 4.0.7 and 4.0.8 contain an update to the included Tor software, to fix two crash bugs in the version of the Tor software included prior to 4.0.7. One crash bug affects only people using the bundled tor binary to run hidden services, and the other crash bug allows a malicious website or Tor exit node to crash the underlying tor client by inducing it to load a resource from a hidden service with a malformed descriptor. These bugs do not allow remote code execution, but because they can be used by arbitrary actors to perform a denial of service, we are issuing a security update to address them.
There will be no corresponding 4.5-alpha release for this fix, to allow us to focus on stabilizing that series for release in ~2 weeks.
Note to MacOS users: This is the last planned release that will run on 32 bit MacOS versions. Users of Mac OS 10.8 (Mountain Lion) and newer versions will be automatically updated to the 64 bit Tor Browser 4.5 when it is stabilized in April, and we expect this transition to be smooth for those users. However, the update process for 10.6 and 10.7 users will unfortunately not be automatic. For more details, see the original end-of-life blog post.
Here is the complete changelog since 4.0.6 (covering 4.0.7 and 4.0.8):
- Bug 15637: Fix update loop due to improper versioning
- Update Tor to 0.2.5.12
- Update NoScript to 2.6.9.21
:strip_exif()/i/2005915840.png?f=thumbmedium)