Advertisement

CHANGELOG

What's New in version 9.5.1:

All Platforms:

  • Update Firefox to 68.10.0esr
  • Update NoScript to 11.0.32
  • Translations update
  • Bug 40009: Improve tor's client auth stability

Windows + OS X + Linux:

  • Bug 34361: 'Prioritize .onion sites when known' appears under General
  • Bug 34362: Improve Onion Service Authentication prompt
  • Bug 34369: Fix learn more link in Onion Auth prompt
  • Bug 34379: Fix learn more for Onion-Location
  • Bug 34347: The Tor Network part on the onboarding is not new anymore

What's New in version 9.0.10:

  • Update Firefox to 68.8.0esr
  • Bump NoScript to 11.0.25
  • Bug 34017: Bump openssl version to 1.1.1g

What's New in version 9.0.7:

  • Bump NoScript to 11.0.19
  • Bug 33613: Disable Javascript on Safest security level
  • Bump Tor to 0.4.2.7

What's New in version 9.0.6:

All Platforms:

  • Update Firefox to 68.6.0esr
  • Bump NoScript to 11.0.15
  • Bug 33430: Disable downloadable fonts on Safest security level
  • Windows: Bug 33535: Patch openssl to use SOURCE_DATE_EPOCH for copyright year

What's New in version 9.5 Alpha 7:

All Platforms:

  • Translations update

Windows + OS X + Linux:

  • Update Tor Launcher to 0.2.21.3
  • Translations update
  • Bug 33514: non-en-US Tor Browser 9.5a6 won't start up
  • Bug 32645: Update URL bar onion indicators

What's New in version 9.5 Alpha 6:

All Platforms:

  • Translations update
  • Windows + OS X + Linux:
  • Update Tor Launcher to 0.2.21.2
  • Translations update
  • Bug 19757: Support on-disk storage of v3 client auth keys
  • Bug 19757: Support on-disk storage of v3 client auth keys
  • Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
  • Bug 32658: Create a new MAR signing key

Build System:

  • All Platforms
  • Bug 33380: Add *.json to sha256sums-unsigned-build.txt

What's New in version 9.0.5:

All Platforms:

  • Update Firefox to 68.5.0esr
  • Bump NoScript to 11.0.13
  • Bug 32053: Fix LLVM reproducibility issues
  • Bug 32255: Missing ORIGIN header breaks CORS
  • Bug 32891: Add new default bridges

Windows + OS X + Linux:

  • Bump Tor to 0.4.2.6

Windows:

  • Bug 32132: Re-enable jemalloc for Windows users

Build System:

All Platforms:

  • Bug 32739: Bump clang to 8.0.1

OS X:

  • Bug 33200: Fix permissions on bookmarks.html

What's New in version 9.0.4:

  • Update Firefox to 68.4.1esr

What's New in version 9.0.3:

  • Update Firefox to 68.4.0esr
  • Bump NoScript to 11.0.11
  • Translations update
  • Update OpenPGP keyring
  • Bug 32606: Set up default bridge at Georgetown University
  • Bug 32659: Remove IPv6 address of default bridge
  • Bug 32547: Add new default bridge at UMN
  • Bug 31855: Remove End of Year Fundraising Campaign from about:tor
  • Bump Tor to 0.4.2.5
  • Update Tor Launcher to 0.2.20.5
  • Bug 32636: Clean up locales shipped with Tor Launcher

What's New in version 9.0.2:

All Platforms:

  • Update Firefox to 68.3.0esr
  • Bump HTTPS Everywhere to 2019.11.7
  • Bug 27268: Preferences clean-up in Torbutton code
  • Translations update
  • Bump NoScript to 11.0.9
  • Bug 32362: NoScript TRUSTED setting doesn't work
  • Bug 32429: Issues with about:blank and NoScript on .onion sites

Windows + OS X + Linux:

  • Bug 32125: Fix circuit display for bridge without a fingerprint
  • Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)

Windows:

  • Bug 31989: Backport backout of old mingw-gcc patch
  • Bug 32616: Disable GetSecureOutputDirectoryPath() functionality

Android:

  • Bug 32365: Localization is broken in Tor Browser 9 on Android

Build System (All Platforms):

  • Bug 32413: Bump Go version to 1.12.13

What's New in version 9.5 Alpha 2:

What's New in version 9.0.2:

All Platforms:

  • Update Firefox to 68.3.0esr
  • Bump HTTPS Everywhere to 2019.11.7
  • Bug 27268: Preferences clean-up in Torbutton code
  • Translations update
  • Bump NoScript to 11.0.9
  • Bug 32362: NoScript TRUSTED setting doesn't work
  • Bug 32429: Issues with about:blank and NoScript on .onion sites

Windows + OS X + Linux:

  • Bug 32125: Fix circuit display for bridge without a fingerprint
  • Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)

Windows:

  • Bug 31989: Backport backout of old mingw-gcc patch
  • Bug 32616: Disable GetSecureOutputDirectoryPath() functionality

Android:

  • Bug 32365: Localization is broken in Tor Browser 9 on Android

Build System (All Platforms):

  • Bug 32413: Bump Go version to 1.12.13

All Platforms:

  • Update NoScript to 11.0.7
  • Bug 21004: Don't block JavaScript on onion services on medium security
  • Bug 27307: NoScript marks HTTP onions as not secure
  • Bug 30783: Fundraising banner for EOY 2019 campain
  • Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
  • Bug 32318: Backport Mozilla's fix for bug 1534339
  • Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
  • Bug 31573: Catch SessionStore.jsm exception
  • Bug 27268: Preferences clean-up

Windows + OS X + Linux:

  • Update Tor to 0.4.2.3-alpha
  • Update Tor Launcher to 0.2.20.2
  • Bug 32164: Trim each received log line from tor
  • Translations update
  • Bug 31803: Replaced about:debugging logo with flat version
  • Bug 31764: Fix for error when navigating via 'Paste and go'
  • Bug 32169: Fix TB9 Wikipedia address bar search
  • Bug 32210: Hide the tor pane when using a system tor
  • Bug 31658: Use builtin --panel-disabled-color for security level text
  • Bug 32188: Fix localization on about:preferences#tor
  • Bug 32184: Red dot is shown while downloading an update
  • Bug 27604: Fix broken Tor Browser after moving it to a different directory
  • Bug 32220: Improve the letterboxing experience
  • Bug 30683: Backport upstreamed fix from Mozilla (bug 1581537)

Android:

  • Bug 32342: Crash when changing the browser locale
  • Bug 32303: Obfs4 is broken on Android Q

Build System:

All Platforms:

  • Bug 32413: Bump Go version to 1.12.13

Android:

  • Bug 28803: Integrate building Pluggable Transports for Android

What's New in version 8.5.5:

All platforms:

  • Update Firefox to 60.9.0esr
  • Bug 31357: Retire Tom's default obfs4 bridge
  • Update Torbutton to 2.1.13
  • Bug 31520: Remove monthly giving banner from Tor Browser
  • Bug 31140: Do not enable IonMonkey on AARCH64
  • Translations update
  • Update NoScript to 11.0.3
  • Bug 26847: NoScript pops up a full-site window for XSS warning
  • Bug 31287: NoScript leaks browser locale

Windows + OS X + Linux:

  • Update Tor to 0.4.1.5

Windows:

  • Bug 31547: Back out patch for Mozilla's bug 1574980
  • Bug 27503: Provide full support for accessibility tools
  • Bug 30575: Don't allow enterprise policies in Tor Browser
  • Bug 31141: Fix typo in font.system.whitelist

Android:

  • Bug 28119: Tor Browser for aarch64

Build System: All platforms

  • Bug 31465: Bump Go to 1.12.9

What's New in version 8.5.1:

Update Torbutton to 2.1.10:

  • Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
  • Bug 30464: Add WebGL to safer descriptions
  • Translations update

Update NoScript to 10.6.2:

  • Bug 29969: Remove workaround for Mozilla's bug 1532530
  • Update HTTPS Everywhere to 2019.5.13
  • Bug 30541: Disable WebGL readPixel() for web content

Windows + OS X + Linux:

  • Bug 30560: Better match actual toolbar in onboarding toolbar graphic

Build System:

  • Bug 30480: Check that signed tag contains expected tag name

What's New in version 8.5:

All platforms:

  • Update Firefox to 60.7.0esr

Update Torbutton to 2.1.8:

  • Bug 25013: Integrate Torbutton into tor-browser for Android
  • Bug 27111: Update about:tor desktop version to work on mobile
  • Bug 22538+22513: Fix new circuit button for error pages
  • Bug 25145: Update circuit display when back button is pressed
  • Bug 27749: Opening about:config shows circuit from previous website
  • Bug 30115+27449+25145: Map browser+domain to credentials to fix circuit display
  • Bug 25702: Update Tor Browser icon to follow design guidelines
  • Bug 21805: Add click-to-play button for WebGL
  • Bug 28836: Links on about:tor are not clickable
  • Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
  • Bug 29825: Intelligently add new Security Level button to taskbar
  • Bug 29903: No WebGL click-to-play on the standard security level
  • Bug 27290: Remove WebGL pref for min capability mode
  • Bug 25658: Replace security slider with security level UI
  • Bug 28628: Change onboarding Security panel to open new Security Level panel
  • Bug 29440: Update about:tor when Tor Browser is updated
  • Bug 27478: Improved Torbutton icons for dark theme
  • Bug 29239: Don't ship the Torbutton .xpi on mobile
  • Bug 27484: Improve navigation within onboarding (strings)
  • Bug 29768: Introduce new features to users (strings)
  • Bug 28093: Update donation banner style to make it fit in small screens
  • Bug 28543: about:tor has scroll bar between widths 900px and 1000px
  • Bug 28039: Enable dump() if log method is 0
  • Bug 27701: Don't show App Blocker dialog on Android
  • Bug 28187: Change tor circuit icon to torbutton.svg
  • Bug 29943: Use locales in AB-CD scheme to match Mozilla
  • Bug 26498: Add locale: es-AR
  • Bug 28082: Add locales cs, el, hu, ka
  • Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
  • Bug 28075: Tone down missing SOCKS credential warning
  • Bug 30425: Revert armagadd-on-2.0 changes
  • Bug 30497: Add Donate link to about:tor
  • Bug 30069: Use slider and about:tor localizations on mobile
  • Bug 21263: Remove outdated information from the README
  • Bug 28747: Remove NoScript (XPCOM) related unused code
  • Translations update
  • Code clean-up
  • Update HTTPS Everywhere to 2019.5.6.1
  • Bug 27290: Remove WebGL pref for min capability mode
  • Bug 29120: Enable media cache in memory
  • Bug 24622: Proper first-party isolation of s3.amazonaws.com
  • Bug 29082: Backport patches for bug 1469916
  • Bug 28711: Backport patches for bug 1474659
  • Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
  • Bug 29028: Auto-decline most canvas warning prompts again
  • Bug 27919: Backport SSL status API
  • Bug 27597: Fix our debug builds
  • Bug 28082: Add locales cs, el, hu, ka
  • Bug 26498: Add locale: es-AR
  • Bug 29916: Make sure enterprise policies are disabled
  • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
  • Bug 29327: TypeError: hostName is null on about:tor page
  • Bug 30425: Revert armagadd-on-2.0 changes

Windows + OS X + Linux:

  • Update OpenSSL to 1.0.2r
  • Update Tor Launcher to 0.2.18.3
  • Bug 27994+25151: Use the new Tor Browser logo
  • Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
  • Bug 22402: Improve "For assistance" link
  • Bug 27994: Use the new Tor Browser logo
  • Bug 25405: Cannot use Moat if a meek bridge is configured
  • Bug 27392: Update Moat URLs
  • Bug 28082: Add locales cs, el, hu, ka
  • Bug 26498: Add locale es-AR
  • Bug 28039: Enable dump() if log method is 0
  • Translations update
  • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
  • Bug 28111: Use Tor Browser icon in identity box
  • Bug 22343: Make 'Save Page As' obey first-party isolation
  • Bug 29768: Introduce new features to users
  • Bug 27484: Improve navigation within onboarding
  • Bug 25658+29554: Replace security slider with security level UI
  • Bug 25658+29554: Replace security slider with security level UI
  • Bug 25405: Cannot use Moat if a meek bridge is configured
  • Bug 28885: notify users that update is downloading
  • Bug 29180: MAR download stalls when about dialog is opened
  • Bug 27485: Users are not taught how to open security-slider dialog
  • Bug 27486: Avoid about:blank tabs when opening onboarding pages
  • Bug 29440: Update about:tor when Tor Browser is updated
  • Bug 23359: WebExtensions icons are not shown on first start
  • Bug 28628: Change onboarding Security panel to open new Security Level panel
  • Bug 27905: Fix many occurrences of "Firefox" in about:preferences
  • Bug 28369: Stop shipping pingsender executable
  • Bug 30457: Remove defunct default bridges
  • Bug 27503: Improve screen reader accessibility
  • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
  • Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
  • Bug 28874: Bump mingw-w64 commit to fix WebGL crash
  • Bug 12885: Windows Jump Lists fail for Tor Browser
  • Bug 28618: Set MOZILLA_OFFICIAL for Windows build
  • Bug 21704: Abort install if CPU is missing SSE2 support
  • Bug 28002: Fix the precomplete file in the en-US installer

Build System:

All platforms:

  • Bug 29868: Fix installation of python-future package
  • Bug 25623: Disable network during build
  • Bug 25876: Generate source tarballs during build
  • Bug 28685: Set Build ID based on Tor Browser version
  • Bug 29194: Set DEBIAN_FRONTEND=noninteractive
  • Bug 29167: Upgrade go to 1.11.5
  • Bug 29158: Install updated apt packages (CVE-2019-3462)
  • Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
  • Bug 27061: Enable verification of langpacks checksums

Windows:

  • Bug 26148: Update binutils to 2.31.1
  • Bug 27320: Build certutil for Windows

What's New in version 8.0.8:

  • Update Firefox to 60.6.1esr
  • Update NoScript to 10.2.4
  • Bug 29733: Work around Mozilla's bug 1532530

What's New in version 8.0.7:

All platforms:

  • Update Firefox to 60.6.0esr
  • Update Tor to 0.3.5.8
  • Bug 29660: XMPP can not connect to SOCKS5 anymore
  • Update Torbutton to 2.0.11
  • Bug 29021: Tell NoScript it is running within Tor Browser

Windows:

  • Bug 29081: Harden libwinpthread

What's New in version 8.0.6:

All platforms:

  • Update Firefox to 60.5.1esr
  • Update HTTPS Everywhere to 2019.1.31
  • Bug 29378: Remove 83.212.101.3 from default bridges

Build System:

  • Bug 29235: Build our own version of python3.6 for HTTPS Everywhere

What's New in version 8.0.4:

All platforms:

  • Update Firefox to 60.4.0esr
  • Update Tor to 0.3.4.9
  • Update OpenSSL to 1.0.2q
  • Update HTTPS Everywhere to 2018.10.31
  • Update NoScript to 10.2.0

Update Torbutton to 2.0.9:

  • Bug 28540: Use new text for 2018 donation banner
  • Bug 28515: Use en-US for english Torbutton strings
  • Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
  • Bug 25794: Disable pointer events
  • Bug 28608: Disable background HTTP response throttling
  • Bug 28185: Add smallerRichard to Tor Browser

Windows:

  • Bug 26381: about:tor page does not load on first start on Windows
  • Bug 28657: Remove broken FTE bridge from Tor Browser

What's New in version 8.0.2:

  • Update Firefox to 60.2.1esr
  • Backport fix for Mozilla bug 1493900 and 1493903

What's New in version 8.0:

  • Update Firefox to 60.2.0esr
  • Update Tor to 0.3.3.9
  • Update OpenSSL to 1.0.2p
  • Update Libevent to 2.1.8
  • Update Torbutton to 2.0.6
  • Update HTTPS Everywhere to 2018.8.22
  • Update NoScript to 10.1.9.1
  • Update obfs4proxy to v0.0.7 (bug 25356)
  • Bug 27082: Enable a limited UITour for user onboarding
  • Bug 26961: New user onboarding
  • Bug 26962: New feature onboarding
  • Bug 27403: The onboarding bubble is not always displayed
  • Bug 27283: Fix first-party isolation for UI tour
  • Bug 27213: Update about:tbupdate to new (about:tor) layout
  • Bug 17252: Enable TLS session identifiers with first-party isolation
  • Bug 26353: Prevent speculative connects that violate first-party isolation
  • Bug 26670: Make canvas permission prompt respect first-party isolation
  • Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
  • Bug 26456: HTTP .onion sites inherit previous page's certificate information
  • Bug 26561: .onion images are not displayed
  • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
  • Bug 26833: Backport Mozilla's bug 1473247
  • Bug 26628: Backport Mozilla's bug 1470156
  • Bug 26237: Clean up toolbar for ESR60-based Tor Browser
  • Bug 26519: Avoid Firefox icons in ESR60
  • Bug 26039: Load our preferences that modify extensions (fixup)
  • Bug 26515: Update Tor Browser blog post URLs
  • Bug 26216: Fix broken MAR file generation
  • Bug 26409: Remove spoofed locale implementation
  • Bug 25543: Rebase Tor Browser patches for ESR60
  • Bug 23247: Show security state of .onions
  • Bug 26039: Load our preferences that modify extensions
  • Bug 17965: Isolate HPKP and HSTS to URL bar domain
  • Bug 21787: Spoof en-US for date picker
  • Bug 21607: Disable WebVR for now until it is properly audited
  • Bug 21549: Disable wasm for now until it is properly audited
  • Bug 26614: Disable Web Authentication API until it is properly audited
  • Bug 27281: Enable Reader View mode again
  • Bug 26114: Don't expose navigator.mozAddonManager to websites
  • Bug 21850: Update about:tbupdate handling for e10s
  • Bug 26048: Fix potentially confusing "restart to update" message
  • Bug 27221: Purge startup cache if Tor Browser version changed
  • Bug 26049: Reduce delay for showing update prompt to 1 hour
  • Bug 26365: Add potential AltSvc support
  • Bug 9145: Fix broken hardware acceleration on Windows and enable it
  • Bug 26045: Add new MAR signing keys
  • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
  • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
  • Bug 22564: Hide Firefox Sync
  • Bug 25090: Disable updater telemetry
  • Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
  • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
  • Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
  • Bug 24995: Include git hash in tor --version
  • Bug 27268+27257+27262+26603 : Preferences clean-up
  • Bug 26073: Migrate general.useragent.locale to intl.locale.requested
  • Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
  • Bug 12927: Include Hebrew translation into Tor Browser
  • Bug 21245: Add danish (da) translation

What's New in version 7.5.6:

  • Update Firefox to 52.9.0esr
  • Update Tor to 0.3.3.7
  • Update Tor Launcher to 0.2.14.5
  • Bug 20890: Increase control port connection timeout
  • Update HTTPS Everywhere to 2018.6.21
  • Bug 26451: Prevent HTTPS Everywhere from freezing the browser
  • Update NoScript to 5.1.8.6
  • Bug 21537: Mark .onion cookies as secure
  • Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
  • Bug 25721: Backport patches from Mozilla's bug 1448771
  • Bug 25147+25458: Sanitize HTML fragments for chrome documents
  • Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
  • Bug 26424: Disable UNC paths to prevent possible proxy bypasses

What's New in version 7.5.5:

  • Update Firefox to 52.8.1esr
  • Bug 26098: Remove amazon-meek

What's New in version 7.5.4:

  • Update Firefox to 52.8.0esr
  • Update HTTPS Everywhere to .4.11
  • Update NoScript to 5.1.8.5
  • Bug 23439: Exempt .onion domains from mixed content warnings
  • Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
  • Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
  • Bug 25973: Backport off-by-one fix (bug 1352073)
  • Bug 25020: Add a tbb_version.json file