Hi, In November we made six releases, Tor Browser 6.0.6[1], 6.0.7[2], 6.5a4[3], 6.5a5[4], and 6.5a4-hardened[5] + 6.5a5-hardened[6].
The first round of releases on November 15/16 was updating our users to Firefox 45.5.0esr and contained new tor releases as well (0.2.8.9 for the stable series and 0.2.9.5-alpha for the alpha and hardened one). Moreover, we fixed a lot of usability issues related to the new OS X Sierra that made some changes to our code necessary. Tor Browser 6.5a4 and 6.5a4-hardened got a number of bug fixes related to our unix domain socket usage and we resolved other SponsorU related tickets[7][8]. The second round of releases at the end of November was due to a 0-day exploit that affected not only Firefox but Tor Browser as well.[9] We released 6.0.7 within one day and the alpha and hardened bundles followed suit on December 1. Apart from spending time on release preparations we worked on finishing up the remaining pieces for our SponsorU work: sandboxing on Linux and OS X and hardening our memory allocator.[10][11][12] We plan to ship those major features in the next alpha bundles which are due mid-December to give them a wider userbase for testing. The full list of tickets closed by the Tor Browser team in November is accessible using the TorBrowserTeam201611 tag in our bug tracker[13]. For December we plan to release Tor Browser 6.0.8, 6.5a6 and 6.5a6-hardened. Tickets on our radar for this month can be seen with the TorBrowserTeam201612 tag in our bug tracker[14]. Georg [1] https://blog.torproject.org/blog/tor-browser-606-released [2] https://blog.torproject.org/blog/tor-browser-607-released [3] https://blog.torproject.org/blog/tor-browser-65a4-released [4] https://blog.torproject.org/blog/tor-browser-65a5-released [5] https://blog.torproject.org/blog/tor-browser-65a4-hardened-released [6] https://blog.torproject.org/blog/tor-browser-65a5-hardened-released [7] https://bugs.torproject.org/20439 [8] https://bugs.torproject.org/19459 which fixed a bunch of other bugs, like 15953, 13437, 18175, and 20590. [9] https://blog.mozilla.org/security/2016/11/30/fixing-an-svg-animation-vulnerability/ [10] https://bugs.torproject.org/19750 [11] https://bugs.torproject.org/20121 [12] https://bugs.torproject.org/10281 [13]chttps://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201611 [14] https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201612
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
