New Release: Tor Browser 11.5 (All Platforms) (14-July-2022) Tor Browser 11.5 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement Full Changelog Spoiler * All Platforms * Update OpenSSL to 1.1.1q * Windows + OS X + Linux * Update Firefox to 91.11.0esr * Update Tor-Launcher to 0.2.37 * Update Translations * Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser [tor-browser] * Bug 19850: Disable Plaintext HTTP Clearnet Connections [tor-browser] * Bug 30589: Allowed fonts to render a bunch of missing scripts [tor-browser] * Bug 40458: Implement about:rulesets https-everywhere replacement [tor-browser] * Bug 40527: Remove https-everywhere from tor-browser alpha desktop [tor-browser-build] * Bug 40562: Reorganize patchset [tor-browser] * Bug 40598: Remove legacy settings read from TorSettings module [tor-browser] * Bug 40645: Migrate Moat APIs to Moat.jsm module [tor-browser] * Bug 40684: Misc UI bug fixes [tor-browser] * Bug 40773: Update the about:torconnect frontend page to match additional UI flows [tor-browser] * Bug 40774: Update aboutreferences page to match new UI designs [tor-browser] * Bug 40775: about:ion should not be labeled as a Tor Browser page [tor-browser] * Bug 40793: moved Tor configuration options from old-configure.in to moz.configure [tor-browser] * Bug 40825: Redirect HTTPS-Only error page when not connected [tor-browser] * Bug 40912: Hide screenshots menu since we don't support it [tor-browser] * Bug 40916: Remove the browser.download.panel.shown preference [tor-browser] * Bug 40923: Consume country code to improve error report [tor-browser] * Bug 40966: Render emojis in bridgemoji with SVG files, and added emojii descriptions [tor-browser] * Bug 41011: Make sure the Tor Connection status is shown only in aboutreferences#connection [tor-browser] * Bug 41023: Update manual URLs [tor-browser] * Bug 41035: OnionAliasService should use threadsafe ISupports [tor-browser] * Bug 41036: Add a preference to disable Onion Aliases [tor-browser] * Bug 41037: Fixed the connection preferences on the onboarding [tor-browser] * Bug 41039: Set 'startHidden' flag on tor process in tor-launcher [tor-browser] * OS X * Bug 40797: font-family: monospace renders incorrectly on macOS [tor-browser] * Bug 41004: Bundled fonts are not picked up on macOS [tor-browser] * Linux * Bug 41015: Add --name parameter to correctly setup WM_CLASS when running as native Wayland client [tor-browser] * Bug 41043: Hardcode the UI font on Linux [tor-browser] * Android * Update Fenix to 99.0.0b3 * Build System * All Platforms * Bug 40288: Bump mmdebstrap version to 0.8.6 [tor-browser-build] * Bug 40426: Update Ubuntu base image to 22.04 [tor-browser-build] * Bug 40516: Remove aguestuser from tb_builders and torbutton.gpg [tor-browser-build] * Bug 40519: Add Alexis' latest PGP key to https-everywhere key ring [tor-browser-build] * Android * Update Go to 1.18.3 * Bug 40433: Bump LLVM to 13.0.1 for android builds [tor-browser-build] * Bug 40470: Fix zlib build issue for android [tor-browser-build] * Bug 40485: Resolve Android reproducibility issues [tor-browser-build] * Windows + OS X + Linux * Bug 34451: Include Tor Browser Manual in packages during build [tor-browser-build] * Bug 40525: Update the mozconfig for tor-browser-91.9-11.5-2 [tor-browser-build]
New Release: Tor Browser 11.5.1 (Windows, macOS, Linux) (26-July-2022) Tor Browser 11.5.1 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement Full Changelog Spoiler The full changelog since Tor Browser 11.5 is: Windows + OS X + Linux Update Firefox to 91.12.0esr Bug tor-browser#41049: QR codes in connection settings aren't recognized by some readers in dark theme Bug tor-browser#41050: "Continue to HTTP Site" button doesn't work on IP addresses Bug tor-browser#41053: remove HTTPS-Everywhere entry from browser.uiCustomization.state pref Bug tor-browser#41054: Improve color contrast of purple elements in connection settings in dark theme Bug tor-browser#41055: Icon fix from #40834 is missing in 11.5 stable Bug tor-browser#41058: Hide currentBridges description when the section itself is hidden Bug tor-browser#41059: Bridge cards aren't displaying, and toggle themselves off Build System Windows + OS X + Linux Update Go to 1.17.12 Bug tor-browser-build#40547: Remove container/remote_* from rbm.conf Bug tor-browser-build#40584: Update the tor-browser manual to the latest.
New Release: Tor Browser 11.5.2 (Android, Windows, macOS, Linux) (29-August-2022) Tor Browser 11.5.2 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement Full Changelog Spoiler Tor Browser 11.5.2 is now available from the Tor Browser download page and also from our distribution directory. Tor Browser 11.5.2 updates Firefox on Windows, macOS, and Linux to 91.13.0esr. This version includes important security updates to Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/ We use the opportunity as well to update various other components of Tor Browser: Tor 0.4.7.10 NoScript 11.4.9 The full changelog since Tor Browser 11.5.1 is: All Platforms Update Tor to 0.4.7.10 Update NoScript to 11.4.9 Windows + macOS + Linux Update Firefox to 91.13.0esr Bug tor-browser#27719: Treat unsafe renegotiation as broken Bug tor-browser#40242: Tor Browser has two default bridges that share a fingerprint, and Tor ignores one Bug tor-browser#41067: Cherry-pick fixes for HTTPS-Only mode Bug tor-browser#41070: Google vanished from default search options from 11.0.10 onwards Bug tor-browser#41075: The Tor Browser is showing a caution sign but your document said it won't Bug tor-browser#41089: Add tor-browser build scripts + Makefile to tor-browser Bug tor-browser#41095: "Learn more" link in onboarding slideshow still points to the 11.0 release post Build System Windows + macOS + Linux Update Go to 1.17.3 Android Update Go to 1.18.5
New Release: Tor Browser 11.5.3 (Android ONLY) (29-August-2022) Tor Browser 11.5.3 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement Full Changelog Spoiler * Android * Bug 40225: Bundled extensions don't get updated with Android Tor Browser updates (they stay stuck at the first installed version) [fenix] * Bug 41156: User-installed addons are broken on Android [tor-browser]
New Release: Tor Browser 11.5.4 (Android, Windows, macOS, Linux) (12-October-2022) Tor Browser 11.5.4 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement | Full Changelog Spoiler The full changelog since Tor Browser 11.5.3 is: All Platforms Bug tor-browser-build#40629: Bump snowflake version to 9ce1de4eee4e Bug tor-browser-build#40633: Remove Team Cymru hard-coded bridges Bug tor-browser#41326: Update preference for remoteRecipes Windows + macOS + Linux Bug tor-browser-build#40624: Change placeholder bridge addresses to make snowflake and meek work with ReachableAddresses/FascistFirewall Bug tor-browser#41303: YEC 2022 Takeover for Desktop Stable Bug tor-browser#41310: Backport ESR 102.3 security fixes to 91.13-based Tor Browser Bug tor-browser#41323: Tor-ify notification bar gradient colors (branding) Bug tor-browser#41338: The arrow on the search bar should be flipped for RTL languages Windows + macOS Bug tor-browser#41307: font whitelist typos Android Updated GeckoView to 102.3.0esr Bug tor-browser#41089: Add tor-browser build scripts + Makefile to tor-browser Bug tor-browser#41094: Enable HTTPS-Only Mode by default in Tor Browser Android Bug tor-browser#41159: Remove HTTPS-Everywhere extension from esr102-based Tor Browser Android Bug tor-browser#41166: Backport fix for CVE-2022-36317: Long URL would hang Firefox for Android (Bug 1759951) Bug tor-browser#41167: Backport fix for CVE-2022-38474: Recording notification not shown when microphone was recording on Android (Bug 1719511) Bug tor-browser#41302: YEC 2022 Takeover for Android Stable Bug tor-browser#41312: Backport Firefox 105 Android security fixes to 102.3-based Tor Browser Bug tor-browser#41314: Add YEC 2022 strings to torbutton and fenix Build System Android Update Go to 1.18.7
New Release: Tor Browser 11.5.6 (Android, Windows, macOS, Linux) (26-October-2022) Tor Browser 11.5.6 is now available through auto-update or from the Tor Browser download page and the distribution directory. Announcement | Full Changelog Spoiler All Platforms Bug tor-browser-build#40665: Shorten snowflake bridge line
New Release: Tor Browser 11.5.7 (Windows, macOS, Linux) (03-November-2022) Tor Browser 11.5.7 is now available through auto-update or from the Tor Browser download page and the Distribution Directory. Announcement | Full Changelog Spoiler * Windows + macOS + Linux * Bug 41413: Backup intl.locale.requested in 11.5.x [tor-browser]
New Release: Tor Browser 11.5.8 (Android,Windows, macOS, Linux) (22-November-2022) Tor Browser 11.5.8 is now available through auto-update or from the Tor Browser download page and the Distribution Directory. Announcement | Full Changelog Spoiler Tor Browser 11.5.8 - November 18 2022 * All Platforms * Update Translations * Update OpenSSL to 1.1.1s * Update NoScript to 11.4.12 * Update tor to 0.4.7.11 * Update zlib to 1.2.13 * Bug 40622: Update obfs4proxy to 0.0.14 in Tor Browser [tor-browser-build] * Windows + macOS + Linux * Bug 31064: Letterboxing is enabled in privileged contexts too [tor-browser] * Bug 32411: Consider adding about:tor and others to the list of pages that do not need letter-boxing [tor-browser] * Bug 41413: Backup intl.locale.requested in 11.5.x [tor-browser] * Bug 41434: Letterboxing bypass through secondary tab (popup/popunder...) [tor-browser] * Bug 41456: Backport ESR 102.5 security fixes to 91.13-based Tor Browser [tor-browser] * Bug 41460: Migrate new identity and security level preferences in 11.5.8 [tor-browser] * Bug 41463: Backport fix for CVE-2022-43680 [tor-browser] * Android * Update GeckoView to 102.5.0esr * Bug 41461: Backport Android-specific 107-rr security fixes to 102.5-esr based Geckoview [tor-browser] * Build * All Platforms * Update Go to 1.18.8 * Bug 40658: Create an anti-censorship team keyring [tor-browser-build] * Bug 40690: Revert fix for zlib build break [tor-browser-build]
The Tor Browser 12.0 (Android, Windows, macOS, Linux) has been released. (07-December-2022) Tor Browser 12.0 is now available from the Tor Browser download page and also from our distribution directory. Announcement | Full Changelog Spoiler Tor Browser 12.0 - December 5 2022 * All Platforms * Update Translations * Update tor to 0.4.7.12 * Bug 17228: Consideration for disabling/trimming referrers within TBB [tor-browser] * Bug 24686: In Tor Browser context, should network.http.tailing.enabled be set to false? [tor-browser] * Bug 27127: Audit and enable HTTP/2 push [tor-browser] * Bug 27258: font whitelist means we don't have to set gfx.downloadable_fonts.fallback_delay [tor-browser] * Bug 40057: ensure that CSS4 system colors are not a fingerprinting vector [tor-browser] * Bug 40058: ensure no locale leaks from new Intl APIs [tor-browser] * Bug 40183: Consider disabling TLS ciphersuites containing SHA-1 [tor-browser] * Bug 40251: Clear obsolete prefs after torbutton!27 [tor-browser] * Bug 40406: Remove Presentation API related prefs [tor-browser] * Bug 40491: Don't auto-pick a v2 address when it's in Onion-Location header [tor-browser] * Bug 40494: Update Startpage and Blockchair onion search providers [tor-browser] * Bug 40580: Add support for Ukranian (uk) [tor-browser-build] * Bug 40646: Don't build Español AR anymore [tor-browser-build] * Bug 40674: Add Secondary Snowflake Bridge [tor-browser-build] * Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102 [tor-browser] * Bug 41098: Compare Tor Browser's and GeckoView's profiles [tor-browser] * Bug 41125: Review Mozilla 1732792: retry polling requests without proxy [tor-browser] * Bug 41154: Review Mozilla 1765167: Deprecate Cu.import [tor-browser] * Bug 41164: Add some #define for the base-browser section [tor-browser] * Bug 41306: Typo "will not able" in "Tor unexpectedly exited" dialog [tor-browser] * Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned [tor-browser] * Bug 41345: fonts: windows whitelist contains supplemental fonts [tor-browser] * Bug 41398: Disable Web MIDI API [tor-browser] * Bug 41406: Do not define `--without-wasm-sandboxed-libraries` if `WASI_SYSROOT` is defined [tor-browser] * Bug 41420: Remove brand.dtd customization on nightly [tor-browser] * Bug 41457: Remove more Mozilla permissions [tor-browser] * Bug 41473: Add support for Albanian (sq) [tor-browser] * Windows + macOS + Linux * Update Firefox to 102.5.0esr * Bug 17400: Decide how to use the multi-lingual Tor Browser in the alpha/release series [tor-browser] * Bug 40595: Migrate to 102 on desktop [tor-browser-buid] * Bug 40638: Visit our website link after build-to-build upgrade in Nightly channel points to old v2 onion [tor-browser-build] * Bug 40648: Do not customize update.locale in multi-lingual builds [tor-browser-build] * Bug 40853: use Subprocess.jsm to launch tor [tor-browser] * Bug 40933: Migrate remaining tor-launcher functionality to tor-browser [tor-browser] * Bug 41011: The Internet and Tor status are visible when opening the settings [tor-browser] * Bug 41044: Content exceeding the height of the connection settings modals [tor-browser] * Bug 41116: Review Mozilla 1226042: add support for the new 'system-ui' generic font family [tor-browser] * Bug 41117: Review Mozilla 1512851: Add Share Menu to File Menu on macOS [tor-browser] * Bug 41283: Toolbar buttons missing their label attribute [tor-browser] * Bug 41284: Stray security-level- fluent ids [tor-browser] * Bug 41287: New identity button inactive if added after customization [tor-browser] * Bug 41292: moreFromMozilla pane in aboutreferences in 12.0a2 [tor-browser] * Bug 41293: Incomplete branding in German with 12.0a2 [tor-browser] * Bug 41337: Add a title to the new identity confirmation [tor-browser] * Bug 41342: Update the New Identity dialog to the proton modal style [tor-browser] * Bug 41344: Authenticated Onion Services do not prompt for auth key in 12.0 alpha series [tor-browser] * Bug 41352: Update or drop the show manual logic in torbutton [tor-browser] * Bug 41369: Consider a different list-order for locales in language menu [tor-browser] * Bug 41374: Missing a few torconnect strings in the DTD [tor-browser] * Bug 41377: Hide `Search for more languages...` from Language selector in multi-locale build [tor-browser] * Bug 41378: Inform users when Tor Browser sets their language automatically [tor-browser] * Bug 41385: Bootstrap failure is logged but not raised up to about:torconnect [tor-browser] * Bug 41386: The new tor-launcher has a problem when another Tor is running [tor-browser] * Bug 41387: New identity and new circuit ended up inside history [tor-browser] * Bug 41400: Missing onionAuthViewKeys causes "Onion Services Keys" dialog to be empty. [tor-browser] * Bug 41401: Missing some mozilla icons because we still loading them from "chrome://browser/skin" rather than "chrome://global/skin/icons" [tor-browser] * Bug 41404: Fix blockchair-onion search extension [tor-browser] * Bug 41409: Circuit display is broken on Tails [tor-browser] * Bug 41410: Opening and closing HTTPS-Only settings make the identity panel shrink [tor-browser] * Bug 41412: New Identity shows "Tor Browser" instead of "Restart Tor Browser" in unstranslated locales [tor-browser] * Bug 41417: Prompt users to restart after changing language [tor-browser] * Bug 41429: TorConnect and TorSettings are initialized twice [tor-browser] * Bug 41435: Add a Tor Browser migration function [tor-browser] * Bug 41436: The new tor-launcher handles arrays in the wrong way [tor-browser] * Bug 41437: Use the new media query for dark theme for the "Connected" pill in bridges [tor-browser] * Bug 41449: Onion authentication's learn more should link to the offline manual [tor-browser] * Bug 41451: Still using requestedLocales in torbutton [tor-browser] * Bug 41455: Tor Browser dev build cannot launch tor [tor-browser] * Bug 41458: Prevent `mach package-multi-locale` from actually creating a package [tor-browser] * Bug 41462: Add anchors to bridge-moji and onion authentication entries [tor-browser] * Bug 41466: Port YEC 2022 campaign to Tor Browser 12.0 (Desktop) [tor-browser] * Bug 41495: Clicking on "View Logs" in the "Establishing Connection" page takes you to aboutreferences#connection and not logs [tor-browser] * Bug 41498: The Help panel is empty in 12.0a4 [tor-browser] * Bug 41508: Update the onboarding link for 12.0 [tor-browser] * Windows * Bug 41149: Review Mozilla 1762576: Firefox is not allowing Symantec DLP to inject DLL into the browser for Data Loss Prevention software [tor-browser] * Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one [tor-browser] * Bug 41426: base-browser nightly fails to build for windows-i686 [tor-browser] * macOS * Bug 23451: Adapt font whitelist to changes on macOS (zh locales) [tor-browser] * Bug 41004: The Bangla font does not display correctly on MacOs [tor-browser] * Bug 41108: Remove privileged macOS installation from 102 [tor-browser] * Bug 41294: Bookmarks manager broken in 12.0a2 on MacOS [tor-browser] * Bug 41348: cherry-pick macOS OSSpinLock replacements [tor-browser] * Bug 41370: Find a way to ship custom default bookmarks without changing language-packs on macOS [tor-browser] * Bug 41372: "Japanese" language menu item is localised in multi-locale testbuild (on mac OS) [tor-browser] * Bug 41379: The new tor-launcher is broken also on macOS [tor-browser] * Linux * Bug 40359: Tor Browser Launcher has Wrong Icon [tor-browser] * Bug 40626: Define the replacements for generic families on Linux [tor-browser-build] * Bug 41163: Fixing loading of bundled fonts on linux [tor-browser] * Android * Update GeckoView to 102.5.0esr * Bug 40014: Check which of our mobile prefs and configuration changes are still valid for GeckoView [tor-browser] * Bug 40631: Stop bundling HTTPS Everywhere on Android [tor-browser-build] * Bug 41394: Implement a setting to always prefer onion sites [tor-browser] * Bug 41465: Port YEC 2022 campaign to Tor Browser 12.0 (Android) [tor-browser] * Build System * All Platforms * Update Go to 1.19.3 * Bug 23656: Use .mozconfig files in tor-browser repo for rbm builds [tor-browser-build] * Bug 28754: make testbuild-android-armv7 stalls during sha256sum step [tor-browser-build] * Bug 40049: gpg_keyring should allow for array of keyrings [rbm] * Bug 40397: Create a new build target to package tor daemon, pluggable transports and dependencies [tor-browser-build] * Bug 40407: Bump binutils version to pick up security improvements for Windows users [tor-browser-build] * Bug 40585: Prune the manual more [tor-browser-build] * Bug 40587: Migrate tor-browser-build configs from gitolite to gitlab repos [tor-browser-build] * Bug 40591: Rust 1.60 not working to build 102 on Debian Jessie [tor-browser-build] * Bug 40592: Consider re-using our LLVM/Clang to build Rust [tor-browser-build] * Bug 40593: Update signing scripts to take into account new project names and layout [tor-browser-build] * Bug 40607: Add alpha-specific release prep template [tor-browser-build] * Bug 40610: src-*.tar.xz tarballs are missing in https://dist.torproject.org/torbrowser/12.0a1/ [tor-browser-build] * Bug 40612: Migrate Release Prep template to Release Prep - Stable [tor-browser-build] * Bug 40619: Make sure translations are taken from gitlab.tpo and not git.tpo [tor-browser-build] * Bug 40627: Add boklm to torbutton.gpg [torbrowser-build] * Bug 40634: Update the project/browser path in tools/changelog-format-blog-post and other files [tor-browser-build] * Bug 40636: Remove https-everywhere from projects/browser/config [tor-browser-build] * Bug 40639: Remove tor-launcher references [tor-browser-build] * Bug 40643: Update Richard's key in torbutton.gpg [tor-browser-build] * Bug 40645: Remove unused signing keys and create individual keyrings for Tor Project developers [tor-browser-build] * Bug 40655: Published tor-expert-bundle tar.gz files should not include their tor-browser-build build id [tor-browser-build] * Bug 40656: Improve get_last_build_version in tools/signing/nightly/sign-nightly [tor-browser-build] * Bug 40660: Update changelog-format-blog-post script to point gitlab rather than gitolite [tor-browser-build] * Bug 40662: Make base-browser nightly build from tag [tor-browser-build] * Bug 40663: Do not ship bookmarks in tor-browser-build anymore [tor-browser-build] * Bug 40667: Update Node.js to 12.22.12 [tor-browser-build] * Bug 40669: Remove HTTPS-Everywhere keyring [tor-browser-build] * Bug 40671: Update langpacks URL [tor-browser-build] * Bug 40675: Update tb_builders list in set-config [tor-browser-build] * Bug 40690: Revert fix for zlib build break [tor-browser-build] * Bug 41308: Use the same branch for Desktop and GeckoView [tor-browser] * Bug 41321: Delete various master branches after automated build/testing scripts are updated [tor-browser] * Bug 41340: Opt in to some of the NIGHTLY_BUILD features [tor-browser] * Bug 41357: Enable browser toolbox debugging by default for dev builds [tor-browser] * Bug 41446: Multi-lingual alpha bundles break make fetch [tor-browser] * Windows + macOS + Linux * Bug 40499: Update firefox to enable building from new 'base-browser' tag [tor-browser-build] * Bug 40500: Add base-browser package project [tor-browser-build] * Bug 40501: Makefile updates to support building base-browser packages [tor-browser-build] * Bug 40503: Update Release Prep issue template with base-browser and privacy browser changes [tor-browser-build] * Bug 40547: Remove container/remote_* from rbm.conf [tor-browser-build] * Bug 40581: Update reference to master branches [tor-browser-build] * Bug 40641: Fetch Firefox locales from l10n-central [tor-browser-build] * Bug 40678: Force all 11.5 users to update through 11.5.8 before 12.0 [tor-browser-build] * Bug 40685: Remove targets/nightly/var/mar_locales from rbm.conf [tor-browser-build] * Bug 40686: Add a temporary project to fetch Fluent tranlations for base-browser [tor-browser-build] * Bug 40691: Update firefox config to point to base-browser branch rather than a particular tag in nightly [tor-browser-build] * Bug 40699: Fix input_files in projects/firefox-l10n/config [tor-browser-build] * Bug 41099: Update+comment the update channels in update_responses.config.yaml [tor-browser] * Windows * Bug 29318: Use Clang for everything on Windows [tor-browser-buid] * Bug 29321: Use mingw-w64/clang toolchain to build tor [tor-browser-build] * Bug 29322: Use mingw-w64/clang toolchain to build OpenSSL [tor-browser-build] * Bug 40409: Upgrade NSIS to 3.08 [tor-browser-build] * Bug 40666: Fix compiler depedencies for Firefox on Windows [tor-browser-build] * macOS * Bug 40067: Rename "OS X" to "macOS" [tor-browser-build] * Bug 40158: Add support for macOS AArch64 [tor-browser-build] * Bug 40439: Create universal x86-64/arm64 mac builds [tor-browser-build] * Bug 40605: Reworked the macOS toolchain creation [tor-browser-build] * Bug 40620: Update macosx-sdk to 11.0 [tor-browser-build] * Bug 40687: macOS nightly builds with packaged locales fail [tor-browser-build] * Bug 40694: aarch64 tor-expert-bundle for macOS is not exported as part of the browser build [tor-browser-build] * Linux * Bug 31321: Add cc -> gcc link to projects/gcc [tor-browser-build] * Bug 40621: Update namecoin patches for linted TorButton [tor-browser-build] * Bug 40659: Error building goservice for linux in nightly build [tor-browser-build] * Bug 41343: Add -without-wam-sandboxed-libraries to mozconfig-linux-x86_64-dev for local builds [tor-browser] * Android * Bug 40574: Improve tools/signing/android-signing [tor-browser-build] * Bug 40604: Fix binutils build on android [tor-browser-build] * Bug 40640: Extract Gradle in the toolchain setup [tor-browser-build] * Bug 41304: Add Android-specific targets to makefiles [tor-browser]
The Tor Browser 12.0.1 (Android, Windows, macOS, Linux) has been released. (16-December-2022) Tor Browser 12.0.1 is now available from the Tor Browser download page and also from our distribution directory. Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.0 is: Windows + macOS + Linux Updated Firefox to 102.6esr Bug tor-browser#41519: TOR_SOCKS_IPC_PATH environment variable not honored Bug tor-browser#41520: Regression: rearranging bookmarks / place items by drag & drop doesn't work anymore Android Updated GeckoView to 102.6esr Build System All Platforms Updated Go to 1.19.4 Bug tor-browser-build#40653: Build compiler-rt with runtimes instead of the main LLVM build Bug tor-browser-build#40681: Run apt-get clean, after installing packages in projects/container-image/config Bug tor-browser-build#40683: Install more packages in the default containers to reduce the number of custom containers Bug tor-browser-build#40693: Can't build container-image in main Bug tor-browser-build#40705: Add empty commit mentioning that gitolite repo is no longer updated Windows Bug tor-browser-build#40708: tor.exe in tor-expert-bundle not writing stdout even when run from cmd.exe Linux Bug tor-browser-build#40689: Update Ubuntu version from projects/mmdebstrap-image/config to 22.04.1
The Tor Browser 12.0.2 (Android, Windows, macOS, Linux) has been released. (19-January-2023) Tor Browser 12.0.2 is now available from the Tor Browser download page and also from our distribution directory. Announcement | Full Changelog Spoiler Tor Browser 12.0.2 - January 18, 2023 * All Platforms * Updated tor to 0.4.7.13 * Updated NoScript to 11.4.14 * Bug 40565: do something with security.tls.version.enable-deprecated [tor-browser] * Bug 40713: Use the new tor-browser l10n branch in Firefox [tor-browser-build] * Bug 40727: Update list of Snowflake STUN servers in default bridge line [tor-browser-build] * Bug 41506: Remove TrustCor root certificates [tor-browser] * Bug 41525: Drop locales from torbutton, since we will inject them in tor-browser-build [tor-browser] * Windows + macOS + Linux * Updated Firefox to 102.7esr * Bug 26504: Browser version in aboutreferences showing the Firefox ESR version [tor-browser] * Bug 32308: Stop inner letterbox jiggling as border is dragged [tor-browser] * Bug 41375: Clean unused strings [tor-browser] * Bug 41393: about:tbupdate semantic and accessibility problems [tor-browser] * Bug 41522: Backport torbutton ⇾ tor-browser migration to 12.0 series [tor-browser] * Bug 41524: about:tbupdate needs UTF-8 [tor-browser] * Bug 41539: Crypto warning weaknesses [tor-browser] * Bug 41549: tor freeze when receiving too many http proxy requests on socks port [tor-browser] * Bug 41561: Maximize warning is broken (regression) [tor-browser] * Bug 41563: Old placeholders used in TorStrings.jsm [tor-browser] * macOS * Bug 40716: Unable to update to 12.0.1 on Apple Silicon-based Mac [tor-browser-build] * Android * Updated GeckoView to 102.7esr * Bug 41571: Backport Android-specific Firefox 109 to ESR 102.7-based Tor Browser [tor-browser] * Build System * All Platforms * Updated Go to 1.19.5 * Bug 40735: Add command to list which translation components need to be updated [tor-browser-build] * Bug 40739: tor-expert-bundle should include ClientTransportPlugin torrc lines for each pluggable transport [tor-browser-build] * Windows + macOS + Linux * Bug 40734: Backport the translation project [tor-browser-build] * Bug 40746: Remove pt_config.json from pt dir [tor-browser-build] * macOS * Bug 40706: macos-signer-stapler should wait for user interaction before attempting stapling [tor-browser-build]
Tor and I2P networks hit by wave of ongoing DDoS attacks By Sergiu Gatlan Spoiler Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022. “At some points, the attacks impacted the network severely enough that users could not load pages or access onion services,” Fernandes said on Tuesday. “We have been working hard to mitigate the impacts and defend the network from these attacks. The methods and targets of these attacks have changed over time, and we are adapting as these attacks continue.” While the goal of these ongoing attacks or the identity of the threat actor(s) behind them are not yet known, Fernandes said the Tor team will keep tweaking the network's defenses to address this ongoing issue. The Tor Network team will also be expanded to include two new members focusing on .onion services development. “In the interest of protecting the Tor network and our global community, we chose to limit public information on the nature of those attacks for now,” Fernandes told BleepingComputer when we reached out for more information on the DDoS attacks. “To clarify, our services have not been down, but on occasion slow for some users, and it is important to note that the user experience is affected by a variety of factors, including what onion services are being used, or which relays get picked when they build a circuit through Tor.” DDoS attacks also hit the I2P network Tor is not the only anonymous communications network currently targeted by DDoS attacks. The I2P (short for Invisible Internet Project) peer-to-peer network has also been dealing with a massive attack for the last three days. As a result, I2P users might also experience issues due to some i2pd routers crashing with OOM (out of memory) errors when hit by this Denial-of-Service attack. “As you already know, the I2P network has been targeted by a Denial-of-Service attack for the past ~3 days. The attacker is flooding the network with malicious floodfill routers, which are responding incorrectly or not at all to other routers and feeding the network false information,” one of the I2P subreddit's mods said yesterday. “This results in performance and connectivity problems, because the floodfills provide peer information to the participants in the network. The result is a form of Sybil attack which is used to cause widespread denial of service. “This attack has degraded the performance of the network, but it remains intact and usable. Java I2P routers still appear to be handling the issues better than i2pd routers. Various mitigations should appear in dev builds of both Java and C++ routers in the next week.” Just as in Tor's case, the threat actors are using a variety of tactics as “the attack is starting / stopping / changing several times a day,” as I2P's project manager and core dev lead said in a Tuesday community meeting on IRC.
The Tor Browser 12.0.3 (Android, Windows, macOS, Linux) has been released. (15-February-2023) Tor Browser 12.0.3 is now available from the Tor Browser download page and also from our distribution directory. Announcement | Full Changelog Spoiler All Platforms Updated Translations Updated OpenSSL to 1.1.1t Updated NoScript to 11.4.16 Bug tor-browser#40763: Stop using remote localized files in CFR Bug tor-browser#41424: Reduce disk activity by disabling some unnecessary tasks and telemetry Bug tor-browser#41565: Gate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTING Bug tor-browser#41601: Apply Snowflake Remove HelloVerify Countermeasure Windows + macOS + Linux Updated Firefox to 102.8esr Bug tor-browser#32274: Bad screen-reader UX for Security Level/Shield button Bug tor-browser#41066: Circuit Isolation should take containers into account Bug tor-browser#41561: Maximize warning is broken (regression) Bug tor-browser#41572: Check for userContextId also in the circuit display Bug tor-browser#41588: Use better words for the Tor Network description in the onboarding Windows Bug tor-browser#40717: UX: hide SSO Bug tor-browser#41578: Disable and lock Windows SSO macOS Bug tor-browser-build#28124: Show Tor Browser icon as macOS volume (dmg) icon Android Updated GeckoView to 102.8esr Bug tor-browser#40283: Can't upload files with Tor browser on Android Bug tor-browser#40536: Proxy Refused if link from other app opens Android TBB Bug tor-browser#41616: Backport Android-specific security fixes from Firefox 110 to ESR 102.8-based Tor Browser Build System All Platforms Bug tor-browser-build#40723: Update upload-update_responses-to-staticiforme step for new tor-browser-update-responses repository Bug tor-browser-build#40747: Remove empty line at the top of sha256sums-unsigned-build.txt Bug tor-browser-build#40748: When sha256sums-unsigned-build.txt contains an empty line, tools/dmg2mar prints a warning macOS Bug tor-browser-build#40744: HFS DMG are not deterministic Bug tor-browser-build#40755: libdmg-hfsplus fails to build on Debian stable Android Bug tor-browser-build#40752: Wrong URLs in download-android-*.json files
The Tor Browser 12.0.4 (All Platforms) has been released. (18-March-2023) Tor Browser 12.0.4 is now available from the Tor Browser download page and also from our distribution directory. Announcement | Full Changelog Spoiler Full changelog The full changelog since Tor Browser 12.0.3 is: All Platforms Updated Translations Updated NoScript to 11.4.18 Bug tor-browser#41598: Prevent NoScript from being removed / disabled until core functionality has been migrated to Tor Browser Bug tor-browser#41603: Customize the creation of MOZ_SOURCE_URL Bug tor-browser#41627: Enable network.http.referer.hideOnionSource in base-browser Bug tor-browser#41637: cherry-pick Mozilla 1814416: Generalize the app name in about:buildconfig. r=ahochheiden Bug tor-browser#41659: Add canonical color definitions to base-browser Bug tor-browser#41669: Rebase Tor Browser stable to 102.9.0esr Windows + macOS + Linux Updated Firefox to 102.9esr Bug tor-browser#41542: Disable the creation of a default profile Bug tor-browser#41574: Use --warning-color variable for the "Custom" label in the security level popup. Bug tor-browser#41606: Move the changes to the hamburger menu out of the Torbutton commit Bug tor-browser#41626: Bridge-emojii tooltips not localized in ES locale Android Updated GeckoView to 102.9esr Bug tor-browser#41679: Backport Android-specific security fixes from Firefox 111 to ESR 102.9-based Tor Browser Build System All Platforms Updated Go to 1.19.7 Bug tor-browser-build#40764: Embed repo URL and git revision in Firefox Bug tor-browser-build#40782: Update tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-04 and tb-build-05 macOS Bug tor-browser-build#40790: Fix dmg2mar after DMG changes from #28124 Bug tor-browser-build#40791: tools/dmg2mar should exit with an error when there is an error creating the mar file Android Bug tor-browser-build#40789: Broken mirror links for glean: link 404 for version 5.0.1 hosted at aguestuser's tor people storage
The Tor Browser 12.0.5 (All Platforms) has been released. (19-April-2023) Tor Browser 12.0.5 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler Version Tor Browser: 12.0.5 Release Date, April 12, 2023 For the most up-to-date information about this release, visit our website. Release Notes All Platforms Updated Translations Updated NoScript to 11.4.21 Updated Go to 11.9.8 Bug 41688: Rebase Tor Browser Stable to 102.10.0esr [tor-browser] Windows + macOS + Linux Updated Firefox to 102.10esr Bug 41526: “Cancel” button when establishing a connection should be gray [tor-browser] Android Updated GeckoView to 102.10esr Bug 41724: Backport Android-specific security fixes from Firefox 112 to ESR 102.10-based Tor Browser [tor-browser] Build System Windows Bug 40822: The Tor Browser installer doesn't run with mandatory ASLR on (0xc000007b) [tor-browser-build] Linux Bug 40828: Use http://archive.debian.org/debian-archive/ for jessie [tor-browser-build] Bug 40835: Update faketime URLs in projects/container-image/config [tor-browser-build]
The Tor Browser 12.0.6 (All Platforms) has been released. (12-May-2023) Tor Browser 12.0.6 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler All Platforms Updated Translations Updated Go to 11.9.9 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key [tor-browser] Bug 41756: Rebase Tor Browser Stable to 102.11.0esr [tor-browser] Windows + macOS + Linux Updated Firefox to 102.11esr Bug 40501: High CPU load after tor exits unexpectedly [tor-browser] Windows Bug 41683: Disable the network process on Windows [tor-browser] Android Updated GeckoView to 102.11esr Build System Windows + macOS + Linux Bug 41730: Bridge lines in tools/torbrowser/bridges.js out of date [tor-browser] macOS Bug 40844: Fix DMG reproducibility problem on 12.0.5 [tor-browser-build]
The Tor Browser 12.5 (All Platforms) has been released. (22-June-2023) Tor Browser 12.5 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler Full changelog The full changelog since Tor Browser 12.0.7 is: All Platforms Updated Translations Bug tor-browser-build#40353: Re-enable rlbox Bug tor-browser-build#40810: Add Finnish (fi) language support Bug tor-browser#41066: Circuit Isolation should take containers into account Bug tor-browser#41428: Check if we can create our own directories for branding Bug tor-browser#41514: eslint broken since migrating torbutton Bug tor-browser#41568: Disable LaterRun Bug tor-browser#41599: about:networking#networkid should be normalized Bug tor-browser#41624: Disable unused about: pages Bug tor-browser#41635: Disable the Normandy component at compile time Bug tor-browser#41636: Disable back webextension.storage.sync after ensuring NoScript settings won't be lost Bug tor-browser#41647: Turn --enable-base-browser in --with-base-browser-version Bug tor-browser#41662: Disable about:sync-logs Bug tor-browser#41671: Turn media.peerconnection.ice.relay_only to true as defense in depth against WebRTC ICE leaks Bug tor-browser#41689: Remove startup.homepage_override_url from Base Browser Bug tor-browser#41704: Immediately return on remoteSettings.pollChanges Bug tor-browser#41738: Replace the patch to disable live reload with its preference Bug tor-browser#41763: TTP-02-003 WP1: Data URI allows JS execution despite safest security level (Low) Bug tor-browser#41775: Avoid re-defining some macros in nsUpdateDriver.cpp Bug tor-browser#41818: Remove YEC 2022 strings Windows + macOS + Linux Bug mullvad-browser#165: Fix maximization warning x button and preference Bug tor-browser#20497: Improve support for non-portable mode Bug tor-browser#33298: HTTP onion sites do not give a popup warning when submitting form data to non-onion HTTP sites Bug tor-browser#40144: aboutrivatebrowsing Firefox branding Bug tor-browser#40347: URL bar lock icon says connection is not secure when on "view-source:.onion" URLs [tor-browser] Bug tor-browser#40552: New texts for the add a bridge manually modal Bug tor-browser#40701: Improve security warning when downloading a file Bug tor-browser-build#40711: Review and expand the stakeholders we communicate major changes to Bug tor-browser-build#40733: Use the new branding directories Bug tor-browser-build#40745: Allow customizing MOZ_APP_BASENAME Bug tor-browser-build#40773: Copy some documentation files only on Tor Browser Bug tor-browser-build#40781: Move translations to new paths Bug tor-browser#40788: Tor Browser 11.0.4-11.0.6 phoning home Bug tor-browser-build#40808: Set update URL for nightly base-browser Bug tor-browser-build#40811: Make testing the updater easier Bug tor-browser-build#40817: Add basebrowser-incrementals-nightly makefile target Bug tor-browser-build#40833: base-browser nightly is using the default channel instead of nightly Bug tor-browser#40958: The number of relays displayed for an onion site can be misleading Bug tor-browser#41038: Update "Click to Copy" button label in circuit display Bug tor-browser#41080: Some users are choosing an adjacent country for circumvention settings Bug tor-browser#41084: Reserve red as a button color for dangerous actions Bug tor-browser#41085: Refactor the UI to remove all bridges Bug tor-browser#41093: Users don't understand the purpose of bridge-moji Bug tor-browser#41109: "New circuit..." button gets cut-off when onion name wraps Bug tor-browser#41350: Move the implementation of Bug 19273 out of Torbutton Bug tor-browser#41351: Move the crypto protection patch earlier in the patchset Bug tor-browser#41363: Crypto warning popup is not screen reader accessible Bug tor-browser#41448: User 'danger' style for primary button in new identity modal Bug tor-browser#41483: Tor Browser says Firefox timed out, confusing users Bug tor-browser#41503: Disable restart in case of reboot and restore in case of crash Bug tor-browser#41521: Improve localization notes Bug tor-browser#41533: Page Info window for view-source:http://...onion addresses says Connection Not Encrypted Bug tor-browser#41540: Confusing build-id date in aboutreferences in alphas Bug tor-browser#41562: API-triggered fullscreen after F11 causes letterboxing to crop the page Bug tor-browser#41577: Disable profile migration Bug tor-browser#41587: Disable the updater for Base Browser Bug tor-browser#41595: Disable pagethumbnails capturing Bug tor-browser#41600: Some users have difficulty finding the circuit display Bug tor-browser#41607: Update "New Circuit" icon Bug tor-browser#41608: Improve the UX of the location bar's connection status Bug tor-browser#41609: Move the disabling of Firefox Home (Activity Stream) to base-browser Bug tor-browser#41613: Skip Drang & Drop filtering for DNS-safe URLs (no hostname, e.g. RFC3966 tel Bug tor-browser#41617: Improve the UX of the built-in bridges dialog Bug tor-browser#41618: Update the iconography used in the status strip in connection settings Bug tor-browser#41623: Update connection assist's iconography Bug tor-browser#41633: Updating from 12.0.2 to 12.0.3 resets NoScript settings Bug tor-browser#41657: Remove --enable-tor-browser-data-outside-app-dir Bug tor-browser#41668: Move part of the updater patches to base browser Bug tor-browser#41686: Move the 'Bug 11641: Disable remoting by default' commit from base-browser to tor-browser Bug tor-browser#41695: Port warning on maximized windows without letterboxing from torbutton Bug tor-browser#41699: Tighten up the tor onion alias regular expression Bug tor-browser#41701: Reporting an extension does not work Bug tor-browser#41702: The connection pill needs to be centered vertically Bug tor-browser#41709: sendCommand should not try to send a command forever Bug tor-browser#41711: Race condition when opening a new window in New Identity Bug tor-browser#41718: Add the external filetype warning to about:downloads Bug tor-browser#41719: Update title and button strings in the new circuit display to sentence case Bug tor-browser#41725: Stray connectionPane.xhtml patch Bug tor-browser#41726: Animate the torconnect icon to transition between connected states Bug tor-browser#41734: Add a 'Connected' flag to indicate which built-in bridge option Tor Browser is currently using Bug tor-browser#41736: Customize the default CustomizableUI toolbar using CustomizableUI.jsm Bug tor-browser#41749: Replace the onion-glyph with dedicated icon for onion services Bug tor-browser#41770: Keyboard navigation broken leaving the toolbar tor circuit button Bug tor-browser#41775: Avoid re-defining some macros in nsUpdateDriver.cpp Bug tor-browser#41785: Network monitor in developer tools shows HTTP onion resources as insecure Bug tor-browser#41792: Drag and Drop protection prevents dragging downloads Bug tor-browser#41800: Add the external filetype warning to Library / Manage Bookmarks Bug tor-browser#41801: Fix handleProcessReady in TorSettings.init Bug tor-browser#41802: Bad regex used to extract transport from bridgeline Bug tor-browser#41810: Add "Connect" buttons to Request Bridge and Provide Bridge modals Bug tor-browser#41816: The top navigation in about:torconnect isn't updated correctly Bug tor-browser#41841: Use the new onion-site.svg icon in the onion-location pill Windows + Linux Bug tor-browser-build#40714: Ship NoScript in the distribution directory also for Windows and Linux Bug tor-browser#41654: UpdateInfo jumped into Data Windows Bug tor-browser-build#40772: Check and fix HiDPI issues in the NSIS installer Bug tor-browser-build#40793: Add some metadata also to the Windows installer Bug tor-browser-build#40801: Correct the ExecShell for system-wide installs in the NSIS script Bug tor-browser#41459: WebRTC fails to build under mingw Bug tor-browser#41678: WebRTC build fix patches incorrectly defining pid_t macOS Bug tor-browser-build#40719: Allow non-universal macOS builds also on base-browser Bug tor-browser#41535: Remove the old, unused and undocumented "-invisible" macOS CLI flag Linux Bug tor-browser-build#40830: The fontconfig directory is missing in Base Browser Bug tor-browser-build#40860: Improve the transition from the old fontconfig file to the new one Bug tor-browser#41163: Many bundled fonts are blocked in Ubuntu/Fedora because of RFP Bug tor-browser#41732: implement linux font whitelist as defense-in-depth Android Bug tor-browser#41001: Remove remaining security slider code Bug tor-browser#41185: Hide learn more about sync Bug tor-browser#41634: Google Play incorrectly detects that libTor.so is built with OpenSSL 1.1.1b Bug tor-browser#41667: Enable media.peerconnection.ice.obfuscate_host_addresses on Android for defense-in-depth Bug tor-browser#41677: Remove the --disable-tor-browser-update flag on Android Build System All Platforms Updated Go to 1.20.5 Bug tor-browser-build#40673: Avoid building each go module separately Bug tor-browser-build#40679: Use the latest translations for nightly builds Bug tor-browser-build#40689: Update Ubuntu version from projects/mmdebstrap-image/config to 22.04.1 Bug tor-browser-build#40717: Create a script to prepare changelogs Bug tor-browser-build#40720: Update fetch-changelogs.py scripts to support new Build System label Bug tor-browser-build#40750: Find why rlbox hurts reproducibility Bug tor-browser-build#40751: make signtag-* needs to take project name into account Bug tor-browser-build#40753: We should not copy mar tools when the updater is disabled Bug tor-browser-build#40760: Add BSD packager contacts to release prep templates Bug tor-browser-build#40763: Add support for signing multiple browsers in tools/signing/nightly Bug tor-browser-build#40783: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to use $projectname prefix directory Bug tor-browser-build#40784: Fix var_p/nightly_torbrowser_incremental_from after #40737 Bug tor-browser-build#40794: Include the build-id in firefox-l10n output name Bug tor-browser-build#40795: Trim down tor-browser-build release prep issue templates Bug tor-browser-build#40796: Bad UX for the changelogs script when using the issue number Bug tor-browser-build#40805: Define the version flag for all browsers Bug tor-browser-build#40807: Add config for signing base-browser nightly in tools/signing/nightly Bug tor-browser-build#40812: Make var/rezip in projects/firefox/config quiet Bug tor-browser-build#40818: Enable wasm target for rust compiler Bug tor-browser-build#40828: Use http://archive.debian.org/debian-archive/ for jessie Bug tor-browser-build#40837: Rebase mullvad-browser build changes onto main Bug tor-browser-build#40870: Remove url without browser name from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo Bug tor-browser#41649: Create rebase and security backport gitlab issue templates Bug tor-browser#41682: Add base-browser nightly mar signing key Windows + macOS + Linux Bug tor-browser-build#33953: Provide a way for easily updating Go dependencies of projects Bug tor-browser-build#40713: Use the new tor-browser l10n branch in Firefox Bug tor-browser-build#40777: Create a Go bootstrap project Bug tor-browser-build#40778: Disable all translations with testbuilds in Firefox Bug tor-browser-build#40788: Remove all languages but en-US for privacy-browser build target Bug tor-browser-build#40809: Remove --enable-tor-browser-update and --enable-verify-mar from projects/firefox/mozconfig Bug tor-browser-build#40813: Enable var/updater_enabled for basebrowser nightly Bug tor-browser-build#40823: Update appname_* variables in projects/release/update_responses_config.yml Bug tor-browser-build#40826: Correctly set appname_marfile for basebrowser in tools/signing/nightly/update-responses-base-config.yml Bug tor-browser-build#40827: MAR generation uses (mostly) hard-coded MAR update channel Bug tor-browser-build#40841: Adapt signing scripts to new signing machines Bug tor-browser-build#40849: Move Go dependencies to the projects dependent on them, not as a standalone projects Bug tor-browser-build#40866: Remove Using ansible to set up a nightly build machine from README Bug tor-browser-build#40869: obfs4 is renamed to lyrebird Windows Bug tor-browser-build#29185: NSIS Installer not reproducible when icon has an alpha channel Bug tor-browser-build#40757: Change projects/browser/windows-installer/torbrowser.nsi to a template file Windows + macOS + Linux Bug tor-browser-build#40732: Review Bundle-Data and try not to ship the default profile in base browser Linux + Android Bug tor-browser-build#40653: Build compiler-rt with runtimes instead of the main LLVM build macOS Bug tor-browser-build#40792: signing scripts missing project name prefix to make rule Bug tor-browser-build#40798: dmg2mar step also takes care of copying the signed+stabled dmg to the signed directory Bug tor-browser-build#40806: Update the reference to the macOS mozconfig Bug tor-browser-build#40824: dmg2mar script using hardcoded project names for paths Bug tor-browser-build#40847: Build filesystem influences the DMG creation Bug tor-browser-build#40858: Create script to assist testers self sign Mac builds to allow running on Arm processors Bug tor-browser#41453: Rename mozconfig-macos-x86_64 to mozconfig-macos Android Bug tor-browser-build#40738: Update Android git hashes templates Bug tor-browser-build#40874: Add commit information also to GV Bug tor-browser#41684: Android improvements for local dev builds
The Tor Browser 12.5.1 (All Platforms) has been released. (04-July-2023) Tor Browser 12.5.1 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.5 is: All Platforms Updated Translations Updated NoScript to 11.4.24 Bug tor-browser#41860: Rebase 12.5 stable to 102.13esr Windows + macOS + Linux Updated Firefox to 102.13.0esr Bug tor-browser#41854: Download Spam Protection cannot be overridden to allow legitimate downloads Bug tor-browser#41856: Onion service authorization prompt's key field does not get focus when clicked Bug tor-browser#41858: 'Learn more' link in onboarding links to 12.0 release notes and not 12.5 Android Updated GeckoView to 102.13.0esr
The Tor Browser 12.5.2 (All Platforms) has been released. (02-August-2023) Tor Browser 12.5.2 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.5.1 is: All Platforms Updated Translations Updated NoScript to 11.4.26 Bug tor-browser#41908: Rebase stable 12.5 to 102.14esr Windows + macOS + Linux Updated Firefox to 102.14.0esr Windows Bug tor-browser#41761: xul.dll win crash tor-browser 12.5.1 (based on Mozilla Firefox 102.13.0esr) (64-Bit) Android Updated GeckoView to 102.14.0esr Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 – based Tor Browser Build System All Platforms Updated Go to 1.20.6 Bug tor-browser-build#40889: Add Mullvad sha256sums URL to tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo Bug tor-browser-build#40894: Fix format of keyring/boklm.gpg Bug tor-browser-build#40909: Add dan_b and ma1 to the list of taggers in relevant projects Windows Bug tor-browser-build#31546: Create and expose PDB files for Tor Browser debugging on Windows
The Tor Browser 12.5.3 (All Platforms) has been released. (29-August-2023) Tor Browser 12.5.3 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.5.2 is: All Platforms Updated Translations Updated OpenSSL to 1.1.1v Bug tor-browser#42033: Rebase the releases onto 102.15.0esr Bug tor-browser#42053: Backport security fixes from Firefox 117 to ESR 102.15 - based Tor Browser Windows + macOS + Linux Updated Firefox to 102.15.0esr Android Updated GeckoView to 102.15.0esr Build System All Platforms Updated Go to 1.20.7 Bug tor-browser-build#40740: Tor Browser for Android's snowflake ClientTransportPlugin seems to be out of date Bug tor-browser-build#40786: deploy_update_responses-*.sh requires +r permissions to run Bug tor-browser-build#40905: Go vendor archives ignore the nightly version override on testbuilds Bug tor-browser-build#40913: add boklm back to the list of taggers in relevant projects Bug tor-browser-build#40921: staticiforme-prepare-cdn-dist-upload uses hard-coded torbrowser path for .htacess file generation
The Tor Browser 12.5.4 (All Platforms) has been released. (13-September-2023) Tor Browser 12.5.4 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler Tor Browser 12.5.4 - September 12, 2023 * All Platforms * Updated Translations * Updated OpenSSL to 1.1.1w * Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser] * Bug 42090: Rebase release onto 102.15.1esr [tor-browser] * Windows + macOS + Linux * Updated Firefox to 102.15.1esr * Android * Updated GeckoView to 102.15.1esr * Build System * All Platforms * Updated Go to 1.20.8