Source code for a new Tor release (0.3.0.10) is now available on the website; packages should be available over the next several days. The Tor Browser team tells me they will have a release out next week.
Reminder: Tor 0.2.4, 0.2.6, and 0.2.7 are no longer supported, as of 1 August of this year. If you need a release with long-term support, 0.2.9 is what we recommend: we plan to support it until at least 1 Jan 2020.
Tor 0.3.0.10 backports a collection of small-to-medium bugfixes from the current Tor alpha series. OpenBSD users and TPROXY users should upgrade; others are probably okay sticking with 0.3.0.9.
Changes in version 0.3.0.10 - 2017-08-02
Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
Tor's repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the "Integrations" menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ".
Hello again! This post announces the fifth alpha in the 0.3.1.x series, which we just released today. I'll try to get a new 0.3.0.x release out tomorrow.
Tor 0.3.1.5-alpha improves the performance of consensus diff calculation, fixes a crash bug on older versions of OpenBSD, and fixes several other bugs. If no serious bugs are found in this version, the next version will be a release candidate.
Since this is an alpha release, you can expect more bugs than usual. If you'd rather have a more stable experience, stick to the stable releases.
If you build Tor from source, you can find Tor 0.3.1.5-alpha at the usual place (at the Download page on our website). Otherwise, you'll probably want to wait until packages are available. There should be a new Tor Browser release early next week.
This release also marks the end of support for the Tor 0.2.4.x, 0.2.6.x, and 0.2.7.x release series. Those releases will receive no further bug or security fixes. Anyone still running or distributing one of those versions should upgrade.
Changes in version 0.3.1.5-alpha - 2017-08-01
Major features (build system, continuous integration):
Tor's repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the "Integrations" menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
Major bugfixes (openbsd, denial-of-service):
Avoid an assertion failure bug affecting our implementation of inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() handling of "0xfoo" differs from what we had expected. Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
While the majority of people use Tor to reach ordinary websites more safely, Tor can also be used to access websites and services that live inside the Tor network. We call those onion services (formerly: hidden services).
We’re constantly looking for flaws in our software, but we think we can do even more to protect our users. That’s why if you can #HackTor and find bugs in our software, we want reward you.
