summaryrefslogtreecommitdiff
path: root/ReleaseNotes
diff options
context:
space:
mode:
Diffstat (limited to 'ReleaseNotes')
-rw-r--r--ReleaseNotes22
1 files changed, 22 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes
index 557680a946..355caf8e47 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,28 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.7.8 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
Changes in version 0.2.7.7 - 2017-03-03
Tor 0.2.7.7 backports a number of security fixes from later Tor
releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion