Tor 0.3.3.6 is released, first stable release in 0.3.3.x series

Mr nickm on behalf of Tor Project has announced the release of Tor 0.3.3.6, the first stable release in 0.3.3.x series. Tor is a set of tools to ensure secure and privacy while connecting various services available on internet. Tor 0.3.3.6 being a stable release, includes various security patches and bug fixes. It also backports several important patches from 0.3.4.1 alpha release.


The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements.
Currently, Tor 0.3.3.6 is only available as source code. Various packages will be made available in coming weeks along with new version of Tor Browser which is expected to arrive on June.

The main highlights and bug fixes in Tor 0.3.3.6 release includes,
  • When built with Rust, Tor now depends on version 0.2.39 of the libc crate. 
  • There is now a documented stable API for programs that need to embed Tor. See tor_api.h for full documentation and known bugs.
  • Tor now has support for restarting in the same process. Controllers that run Tor using the "tor_api.h" interface can now restart Tor after Tor has exited. This support is incomplete, however: we fixed crash bugs that prevented it from working at all, but many bugs probably remain, including a possibility of security issues.
  • Add consensus method 27, which adds IPv6 ORPorts to the microdesc consensus. This information makes it easier for IPv6 clients to bootstrap and choose reachable entry guards.
  • Add consensus method 28, which removes IPv6 ORPorts from microdescriptors. Now that the consensus contains IPv6 ORPorts, they are redundant in microdescs. This change will be used by Tor clients on 0.2.8.x and later. (That is to say, with all Tor clients that have IPv6 bootstrap and guard support.)
  • Expand the documentation for AuthDirHasIPv6Connectivity when it is set by different numbers of authorities. 
  • The control port now supports commands and events for v3 onion services. It is now possible to create ephemeral v3 services using ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT, CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and DEL_ONION) have been extended to support v3 onion services. 
  • Provide torrc options to pin the second and third hops of onion service circuits to a list of nodes. The option HSLayer2Guards pins the second hop, and the option HSLayer3Guards pins the third hop. These options are for use in conjunction with experiments with "vanguards" for preventing guard enumeration attacks. 
  • When v3 onion service clients send introduce cells, they now include the IPv6 address of the rendezvous point, if it has one. Current v3 onion services running 0.3.2 ignore IPv6 addresses, but in future Tor versions, IPv6-only v3 single onion services will be able to use IPv6 addresses to connect directly to the rendezvous point. 
You can find complete list of changes in Tor 0.3.3.6 release announcement published on Tor Project blog.

Share this