release: ChangeLog and ReleaseNotes for 0.4.8.9

6 files changed, 58 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index 85833f2afa..632cd8a751 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+Changes in version 0.4.8.9 - 2023-11-09
+  This is another security release fixing a high severity bug affecting onion
+  services which is tracked by TROVE-2023-006. We are also releasing a guard
+  major bugfix as well. If you are an onion service operator, we strongly
+  recommend to update as soon as possible.
+
+  o Major bugfixes (guard usage):
+    - When Tor excluded a guard due to temporary circuit restrictions,
+      it considered *additional* primary guards for potential usage by
+      that circuit. This could result in more than the specified number
+      of guards (currently 2) being used, long-term, by the tor client.
+      This could happen when a Guard was also selected as an Exit node,
+      but it was exacerbated by the Conflux guard restrictions. Both
+      instances have been fixed. Fixes bug 40876; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (onion service, TROVE-2023-006):
+    - Fix a possible hard assert on a NULL pointer when recording a
+      failed rendezvous circuit on the service side for the MetricsPort.
+      Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 09, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/09.
+
+
 Changes in version 0.4.8.8 - 2023-11-03
   We are releasing today a fix for a high security issue, TROVE-2023-004, that
   is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
diff --git a/ReleaseNotes b/ReleaseNotes
index be16a00fbc..6030c1ac77 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,35 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.8.9 - 2023-11-09
+  This is another security release fixing a high severity bug affecting onion
+  services which is tracked by TROVE-2023-006. We are also releasing a guard
+  major bugfix as well. If you are an onion service operator, we strongly
+  recommend to update as soon as possible.
+
+  o Major bugfixes (guard usage):
+    - When Tor excluded a guard due to temporary circuit restrictions,
+      it considered *additional* primary guards for potential usage by
+      that circuit. This could result in more than the specified number
+      of guards (currently 2) being used, long-term, by the tor client.
+      This could happen when a Guard was also selected as an Exit node,
+      but it was exacerbated by the Conflux guard restrictions. Both
+      instances have been fixed. Fixes bug 40876; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (onion service, TROVE-2023-006):
+    - Fix a possible hard assert on a NULL pointer when recording a
+      failed rendezvous circuit on the service side for the MetricsPort.
+      Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 09, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/09.
+
+
 Changes in version 0.4.8.8 - 2023-11-03
   We are releasing today a fix for a high security issue, TROVE-2023-004, that
   is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
diff --git a/changes/bug40876 b/changes/bug40876
deleted file mode 100644
index a467cf64c1..0000000000
--- a/changes/bug40876
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (guard usage):
-    - When Tor excluded a guard due to temporary circuit restrictions,
-      it considered *additional* primary guards for potential usage
-      by that circuit. This could result in more than the specified number
-      of guards (currently 2) being used, long-term, by the tor client.
-      This could happen when a Guard was also selected as an Exit node,
-      but it was exacerbated by the Conflux guard restrictions. Both
-      instances have been fixed. Fixes bug 40876; bugfix on 0.3.0.1-alpha.
diff --git a/changes/fallbackdirs-2023-11-09 b/changes/fallbackdirs-2023-11-09
deleted file mode 100644
index fcdc92280b..0000000000
--- a/changes/fallbackdirs-2023-11-09
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Minor features (fallbackdir):
-    - Regenerate fallback directories generated on November 09, 2023.
diff --git a/changes/geoip-2023-11-09 b/changes/geoip-2023-11-09
deleted file mode 100644
index cf38ab9b47..0000000000
--- a/changes/geoip-2023-11-09
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (geoip data):
-    - Update the geoip files to match the IPFire Location Database,
-      as retrieved on 2023/11/09.
diff --git a/changes/ticket40883 b/changes/ticket40883
deleted file mode 100644
index 1186571122..0000000000
--- a/changes/ticket40883
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major bugfixes (onion service, TROVE-2023-006):
-    - Fix a possible hard assert on a NULL pointer when recording a failed
-      rendezvous circuit on the service side for the MetricsPort. Fixes bug
-      40883; bugfix on 0.4.8.1-alpha