diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-19 21:43:09 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-19 21:43:09 -0400 |
| commit | 0c8acf11981999f119e0072ec61ce519e43b8dbb (patch) | |
| tree | 91a00b5a08cd35f6d7ae5c680dca0d364e499fc2 | |
| parent | d1c6b2cf11a48db9a79a619547fdc6454b1ce271 (diff) | |
| download | tor-0c8acf11981999f119e0072ec61ce519e43b8dbb.tar.gz tor-0c8acf11981999f119e0072ec61ce519e43b8dbb.zip | |
Changelog for 0.2.4.25
| -rw-r--r-- | ChangeLog | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -1,3 +1,20 @@ +Changes in version 0.2.4.25 - 2014-10-20 + Tor 0.2.4.25 contains a response to the recent "POODLE" attack against + SSL3 (which doesn't affect Tor), and a response to a crash bug caused + by some operating systems' response to the "POODLE" attack (which does + affect Tor). + + o Major security fixes (also in 0.2.5.9-rc): + - Disable support for SSLv3. All versions of OpenSSL in use with Tor + today support TLS 1.0 or later, so we can safely turn off support + for this old (and insecure) protocol. Fixes bug 13426. + + o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc): + - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or + 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug + 13471. This is a workaround for an OpenSSL bug. + + Changes in version 0.2.4.24 - 2014-09-22 Tor 0.2.4.24 fixes a bug that affects consistency and speed when connecting to hidden services, and it updates the location of one of |