In August, the Tor Browser team made three sets of releases: 5.0/5.5a1, 5.0.1, and 5.0.2/5.5a2. [1,2,3,4,5]. The month was quite hectic as a result, with most of our time spent on release management and related issues.
The 5.0 release transitioned our stable users to Firefox 38-ESR. The changes since 5.0a4 were limited primarily to cosmetic issues[6,7], though we did reset the NoScript whitelist because it was discovered that a previous NoScript update had altered it[8]. We did disable two fingerprinting defenses (font normalization[9], and keyboard normalization[10]) due to concerns about their user impact. Those defenses remain enabled for 5.5a1. Unfortunately, a non-exploitable crash bug[11] was discovered with Tor Browser 5.0 on some sites (specifically Tumblr and Google Maps, but likely others as well). This issue was introduced in 5.0a4 by an update to one of our tracking protection patches for Firefox 38-ESR. We released a fix for this issue the following week, in 5.0.1. Mozilla then released an out-of-cycle point update to Firefox 38, to fix two internally disclosed security issues[12]. This prompted us to release 5.0.2 and 5.5a2, which we released on the same day as the Mozilla release, thanks to heads up, coordination, and assistance from the Mozilla developers. This out-of-cycle release did force us to revert fixes for several other regressions that were discovered in 5.0 and 5.0.1 in order to release on time. The current set of fixed but as-yet unreleased regression tickets can be found on our bugtracker[13]. The full list of tickets closed by the Tor Browser team in August can be seen using the TorBrowserTeam201508 tag on our bug tracker[14]. In early September, we will focus primarily on finishing off fixes for the remaining regressions discovered in the 5.0 release[15]. Our next planned point release will be on September 22nd. We hope to have the major regressions addressed by then. After this, at the end of September, many of us will meet to discuss and update the long-term roadmap[16] for the coming months at the Tor developer meeting. The full list of tickets that the Tor Browser team plans to work on in September can be seen using the TorBrowserTeam201509 tag on our bug tracker[17]. 1. https://blog.torproject.org/blog/tor-browser-50-released 2. https://blog.torproject.org/blog/tor-browser-55a1-released 3. https://blog.torproject.org/blog/tor-browser-501-released 4. https://blog.torproject.org/blog/tor-browser-502-released 5. https://blog.torproject.org/blog/tor-browser-55a2-released 6. https://bugs.torproject.org/16722 7. https://bugs.torproject.org/16488 8. https://bugs.torproject.org/16730 9. https://bugs.torproject.org/13313 10. https://bugs.torproject.org/15646 11. https://bugs.torproject.org/16771 12. https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.2.1 13. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0-regression&status=closed 14. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201508 15. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0-regression 16. https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser 17. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201509 -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
