diff options
| author | Roger Dingledine <arma@torproject.org> | 2011-10-26 18:24:05 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2011-10-26 18:24:05 -0400 |
| commit | e740ac08c63f68c00f91aeffcd15bef74208fb69 (patch) | |
| tree | 983acdfeb5a0e0e3c5a28d191f1c3550e749fa9b /ReleaseNotes | |
| parent | 4f699cd24aa8c1f971b02ada6ce80708f80e96b0 (diff) | |
| download | tor-0.2.1.31.tar.gz tor-0.2.1.31.zip | |
slight tweak to texttor-0.2.1.31
Diffstat (limited to 'ReleaseNotes')
| -rw-r--r-- | ReleaseNotes | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index 7adef6fd5f..b9d32eb825 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -6,8 +6,8 @@ each development snapshot, see the ChangeLog file. Changes in version 0.2.1.31 - 2011-10-26 Tor 0.2.1.31 backports important security and privacy fixes for oldstable. This release is intended only for package maintainers and - other users who cannot use the 0.2.2 stable series. All others should - be using Tor 0.2.2.x or newer. + others who cannot use the 0.2.2 stable series. All others should be + using Tor 0.2.2.x or newer. o Security fixes (also included in 0.2.2.x): - Replace all potentially sensitive memory comparison operations @@ -23,7 +23,7 @@ Changes in version 0.2.1.31 - 2011-10-26 o Privacy/anonymity fixes (also included in 0.2.2.x): - Clients and bridges no longer send TLS certificate chains on outgoing OR connections. Previously, each client or bridge - would use a single cert chain for all outgoing OR connections + would use the same cert chain for all outgoing OR connections for up to 24 hours, which allowed any relay that the client or bridge contacted to determine which entry guards it is using. Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by frosty_un. |