Tor 0.2.8.10 is released

by nickm | December 2, 2016

There's a new stable version of Tor!

Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left standby mode. It also backports fixes for a few portability issues and a small but problematic memory leak.

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since 0.2.8.9.

Changes in version 0.2.8.10 - 2016-12-02

  • Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
    • When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
  • Major bugfixes (client performance, backport from 0.2.9.5-alpha):
    • Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (portability, backport from 0.2.9.6-rc):
    • Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves ticket 20235.
  • Minor bugfixes (portability, backport from 0.2.9.5-alpha):
    • Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug 20551; bugfix on 0.2.1.1-alpha.
  • Minor bugfixes (relay, backport from 0.2.9.5-alpha):
    • Work around a memory leak in OpenSSL 1.1 when encoding public keys. Fixes bug 20553; bugfix on 0.0.2pre8.
  • Minor features (geoip):
    • Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 Country database.

Comments

Please note that the comment area below has been archived.

December 02, 2016

Permalink

Lots of references to OpenSSL 1.1 in this changelog, and I think I remember that TorBrowser v6.0.x is packaged with OpenSSL v1.0.1 (why not v1.02?).

What is the preferred version of OpenSSL for use with Tor 0.2.8.x? With Tor v0.2.9.x?

1.0.1 is still fine and was until now as well. We are shipping 1.0.2 in the alpha series to test whether there are any issues. So far none showed up and the plan is to turn the current alpha series into the next major stable in January: Tor Browser 6.5 won't have 1.0.1 anymore.

December 02, 2016

Permalink

Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left standby mode.

Ah! So that's why I wouldn't be able to connect in the Tor Browser after I put my notebook on standby only after closing and then re-opening the Tor Browser? Thanks!