Arti 1.1.5 is released: Onion Services, RPC, and a security patch
Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.1.5.
In the past months, our efforts have been divided between onion services and work on a new RPC API (a successor to C Tor's "control port") that will give applications a safe and powerful way to work with Arti without having to write their code in Rust or link Arti as a library (unless they want to).
For onion services this month, we have continued work on our protocol infrastructure to support the cryptographic handshakes and protocols used for onion services, and begun design work on a key management system for onion services.
Our RPC code is still in an "infrastructure-only" state: the backend has progressed significantly, and now includes an object-reference system we'll use to enforce security via a capability-style design, but as of yet it supports no useful functionality. (We expect to land initial functionality this month.) For information on the general shape of our design, see the work-in-progress specification document.
Finally, this release also fixes a security issue: there was a bug in our SOCKS code that could be exploited to cause a denial-of-service attack against an Arti client. We are classifying this as a low-severity issue, since exploiting it would require the attacker to have access to localhost. Thanks to Jakob Lell for reporting this issue; it is tracked as TROVE-2023-001.
There have been many smaller changes as well; for those, please see the CHANGELOG.
For more information on using Arti, see our top-level README, and the
documentation for the arti
binary.
Thanks to everyone who has contributed to this release, including Alexander Færøy, Jakob Lell, Jim Newsome, Saksham Mittal, and Trinity Pointard.
Finally, our deep thanks to Zcash Community Grants for funding the development of Arti!
Comments
We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the moderators. Please do not comment as a way to receive support or to report bugs on a post unrelated to a release. If you are looking for support, please see our FAQ, user support forum or ways to get in touch with us.