diff options
| -rw-r--r-- | ChangeLog | 17 | ||||
| -rw-r--r-- | ReleaseNotes | 6 | ||||
| -rw-r--r-- | doc/spec/tor-spec.txt | 4 |
3 files changed, 25 insertions, 2 deletions
@@ -40,6 +40,10 @@ Changes in version 0.2.1.9-alpha - 200?-??-?? Changes in version 0.2.1.8-alpha - 2008-12-08 + Tor 0.2.1.8-alpha fixes some crash bugs in earlier alpha releases, + builds better on unusual platforms like Solaris and old OS X, and + fixes a variety of other issues. + o Major features: - New DirPortFrontPage option that takes an html file and publishes it as "/" on the DirPort. Now relay operators can provide a @@ -101,6 +105,12 @@ Changes in version 0.2.1.8-alpha - 2008-12-08 Changes in version 0.2.0.32 - 2008-11-20 + Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu + packages (and maybe other packages) noticed by Theo de Raadt, fixes + a smaller security flaw that might allow an attacker to access local + services, further improves hidden service performance, and fixes a + variety of other issues. + o Security fixes: - The "User" and "Group" config options did not clear the supplementary group entries for the Tor process. The "User" option @@ -166,6 +176,13 @@ Changes in version 0.2.0.32 - 2008-11-20 Changes in version 0.2.1.7-alpha - 2008-11-08 + Tor 0.2.1.7-alpha fixes a major security problem in Debian and Ubuntu + packages (and maybe other packages) noticed by Theo de Raadt, fixes + a smaller security flaw that might allow an attacker to access local + services, adds better defense against DNS poisoning attacks on exit + relays, further improves hidden service performance, and fixes a + variety of other issues. + o Security fixes: - The "ClientDNSRejectInternalAddresses" config option wasn't being consistently obeyed: if an exit relay refuses a stream because its diff --git a/ReleaseNotes b/ReleaseNotes index 36371d7b9d..d37703dc2f 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -4,6 +4,12 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.2.0.32 - 2008-11-20 + Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu + packages (and maybe other packages) noticed by Theo de Raadt, fixes + a smaller security flaw that might allow an attacker to access local + services, further improves hidden service performance, and fixes a + variety of other issues. + o Security fixes: - The "User" and "Group" config options did not clear the supplementary group entries for the Tor process. The "User" option diff --git a/doc/spec/tor-spec.txt b/doc/spec/tor-spec.txt index 8ab50242d9..d514ad1eaa 100644 --- a/doc/spec/tor-spec.txt +++ b/doc/spec/tor-spec.txt @@ -253,8 +253,8 @@ see tor-design.pdf. To avoid being trivially distinguished from servers, client-only Tor instances are encouraged but not required to use a two-certificate chain - as well. Clients SHOULD NOT use keep using the same certificates when - their IP changes. Clients MAY send no certificates at all. + as well. Clients SHOULD NOT keep using the same certificates when + their IP address changes. Clients MAY send no certificates at all. 3. Cell Packet format |