diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-15 18:28:25 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-15 18:28:25 -0400 |
| commit | 2da783ac8465441e26f5b69dae22b0c53e449e3e (patch) | |
| tree | 51d6674f38c45be28c372c15274664dbb7892b61 | |
| parent | 1dc4e86e412c21e115e3f4ef3512a9f430262596 (diff) | |
| download | tor-2da783ac8465441e26f5b69dae22b0c53e449e3e.tar.gz tor-2da783ac8465441e26f5b69dae22b0c53e449e3e.zip | |
copy changelog into releasenotes
| -rw-r--r-- | ReleaseNotes | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index c5ccfbe9b3..a9c9c2552c 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + Changes in version 0.3.0.6 - 2017-04-26 Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. |