diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-20 10:00:49 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-20 10:00:49 -0400 |
| commit | 334f4f60e88ae44450983e1d96bb783cd373455e (patch) | |
| tree | 572f21600e62bd9b8b886f6cd306bd5805a3a6ae | |
| parent | e6ae154ab4560083162715ccbd3d25231ae89ebe (diff) | |
| download | tor-0.2.5.9-rc.tar.gz tor-0.2.5.9-rc.zip | |
forward-port the 0.2.4.25 changelog to release-0.2.5 changelog and releasenotestor-0.2.5.9-rc
| -rw-r--r-- | ChangeLog | 17 | ||||
| -rw-r--r-- | ReleaseNotes | 17 |
2 files changed, 34 insertions, 0 deletions
@@ -31,6 +31,23 @@ Changes in version 0.2.5.9-rc - 2014-10-20 from 'warn' to 'protocol warning'. Closes ticket 8093. +Changes in version 0.2.4.25 - 2014-10-20 + Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack + (even though POODLE does not affect Tor). It also works around a crash + bug caused by some operating systems' response to the "POODLE" attack + (which does affect Tor). + + o Major security fixes (also in 0.2.5.9-rc): + - Disable support for SSLv3. All versions of OpenSSL in use with Tor + today support TLS 1.0 or later, so we can safely turn off support + for this old (and insecure) protocol. Fixes bug 13426. + + o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc): + - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or + 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug + 13471. This is a workaround for an OpenSSL bug. + + Changes in version 0.2.5.8-rc - 2014-09-22 Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x series. It fixes a bug that affects consistency and speed when diff --git a/ReleaseNotes b/ReleaseNotes index 7386c42d21..73285f51bc 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -880,6 +880,23 @@ Changes in version 0.2.5.xx - 2014-10-xx ticket 12731. +Changes in version 0.2.4.25 - 2014-10-20 + Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack + (even though POODLE does not affect Tor). It also works around a crash + bug caused by some operating systems' response to the "POODLE" attack + (which does affect Tor). + + o Major security fixes (also in 0.2.5.9-rc): + - Disable support for SSLv3. All versions of OpenSSL in use with Tor + today support TLS 1.0 or later, so we can safely turn off support + for this old (and insecure) protocol. Fixes bug 13426. + + o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc): + - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or + 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug + 13471. This is a workaround for an OpenSSL bug. + + Changes in version 0.2.4.24 - 2014-09-22 Tor 0.2.4.24 fixes a bug that affects consistency and speed when connecting to hidden services, and it updates the location of one of |