New release candidate:

New release candidate:


August 13, 2020

There’s a new alpha release available for download. If you build Tor from source, you can download the source code for from the download page. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the coming weeks.

Remember, this is a release candidate, not a a stable release: you should only run this if you’d like to find and report more bugs than usual.

Tor is the first release candidate in its series. It fixes several bugs in previous versions, including some that caused annoying behavior for relay and bridge operators.

Changes in version – 2020-08-13

  • Minor features (security):
    • Channels using obsolete versions of the Tor link protocol are no longer allowed to circumvent address-canonicity checks. (This is only a minor issue, since such channels have no way to set ed25519 keys, and therefore should always be rejected for circuits that specify ed25519 identities.) Closes ticket 40081.
  • Minor features (defense in depth):
    • Wipe more data from connection address fields before returning them to the memory heap. Closes ticket 6198.


  • Minor bugfixes (correctness, buffers):
    • Fix a correctness bug that could cause an assertion failure if we ever tried using the buf_move_all() function with an empty input buffer. As far as we know, no released versions of Tor do this. Fixes bug 40076; bugfix on
  • Minor bugfixes (linux seccomp2 sandbox):
    • Fix startup crash with seccomp sandbox enabled when tor tries to open the data directory. Patch from Daniel Pinto. Fixes bug 40072; bugfix on
  • Minor bugfixes (onion service v3):
    • Remove a BUG() warning that could trigger in certain unlikely edge-cases. Fixes bug 34086; bugfix on
  • Minor bugfixes (rate limiting, bridges, pluggable transports):
    • On a bridge, treat all connections from an ExtORPort as remote by default for the purposes of rate-limiting. Previously, bridges would treat the connection as local unless they explicitly received a “USERADDR” command. ExtORPort connections still count as local if there is a USERADDR command with an explicit local address. Fixes bug 33747; bugfix on
  • Minor bugfixes (relay, self-testing):
    • When starting up as a relay, if we haven’t been able to verify that we’re reachable, only launch reachability tests at most once a minute. Previously, we had been launching tests up to once a second, which was needlessly noisy. Fixes bug 40083; bugfix on
  • Minor bugfixes (testing):
    • When running the subsystem order check, use the Python binary configured with the PYTHON environment variable. Fixes bug 40095; bugfix on
  • Minor bugfixes (windows):
    • Fix a bug that prevented Tor from starting if its log file grew above 2GB. Fixes bug 31036; bugfix on
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts