In November, the Tor Browser team made 3 releases: 5.0.4[1], 5.5a4[2], and 5.5a4-hardened[3].
The 5.0.4 stable release featured a fix to prevent Tor Browser from transmitting referers for .onion domains[4], removed some old Torbutton code[5], some minor UI cleanups[6,7], and fingerprinting[8] and internationalization fixes[9]. In the 5.5a4 release, we additionally transferred some Torbutton functionality to direct C++ patches[10], added an additional fingerprinting defense[11], and deployed additional internationalization fixes[12,13,14]. The 5.5a4-hardened release is identical to 5.5a4, except that it is built with Address Sanitizer[15] enabled, which should raise the bar for many types of exploits, as well as help us identify memory issues earlier. This series additionally features a unified bundling of all locales[16], which we are experimenting with as an option for getting Tor Browser into censored users' hands more easily. The release is significantly larger as a result, but it will be logistically simpler to get only one package through things like GetTor and Satori rather than several. The full list of tickets closed by the Tor Browser team in October can be seen using the TorBrowserTeam201511 tag on our bug tracker[17]. In December, we will be communicating with Mozilla about our API needs for post-sandboxing/Firefox 45ESR[18], and continuing to refine the font defense in the alpha series. We are still working on the MacOS signing issue, as well. The full list of tickets the Tor Browser team plans to work on in December can be seen with the TorBrowserTeam201512 tag on our bug tracker[19]. 1. https://blog.torproject.org/blog/tor-browser-504-released 2. https://blog.torproject.org/blog/tor-browser-55a4-released 3. https://blog.torproject.org/blog/tor-browser-55a4-hardened-released 4. https://trac.torproject.org/projects/tor/ticket/9623 5. https://trac.torproject.org/projects/tor/ticket/17351 6. https://trac.torproject.org/projects/tor/ticket/16735 7. https://trac.torproject.org/projects/tor/ticket/16937 8. https://trac.torproject.org/projects/tor/ticket/16983 9. https://trac.torproject.org/projects/tor/ticket/17329 10. https://trac.torproject.org/projects/tor/ticket/16620 11. https://trac.torproject.org/projects/tor/ticket/17207 12. https://trac.torproject.org/projects/tor/ticket/17122 13. https://trac.torproject.org/projects/tor/ticket/17250 14. https://trac.torproject.org/projects/tor/ticket/17220 15. https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm 16. https://trac.torproject.org/projects/tor/ticket/12967 17. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201511 18. https://trac.torproject.org/projects/tor/ticket/17248 19. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201512 -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list tor-reports@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports