Tor Browser 7.0.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features an important security update to Tor.
We are updating Tor to version 0.3.0.9, fixing a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This release also updates HTTPS-Everywhere to 5.2.19.
Here is the full changelog since 7.0.1:
All Platforms
Update Tor to 0.3.0.9, fixing bug #22753
Update HTTPS-Everywhere to 5.2.19
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2) by MrGuy on Wednesday July 05 2017, @11:24PM (2 children)
The last Tor release (7.0.1) came out June 13th, less than a month ago.
This appears to be a minor bug fix version. Very little is changed that I see, just some security updates.
Plus, given Tor now auto-notifies on updates, everyone who uses Tor probably knows about this. For people who don't use Tor, I doubt this bug fix release is what's going to put them over the edge.
I know we're hurting a bit for stories, but this isn't exactly big news.
(Score: 2) by takyon on Wednesday July 05 2017, @11:54PM
Too much politics or winning in the queue and if we're going to be slavish to anything, it might as well be Tor coverage. Relevant to anonymous cowards everywhere.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by peek on Thursday July 06 2017, @05:45PM
> just some security updates
Isn't that the entire point of using Tor Browser?
Who cares about features, it's security that's THE consideration.
Which makes one wonder about using Mozilla Firefox 52.2.0 as the current Tor Browser when the current release is 54.0.1 and there are known security flaws in 53 and 54
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox54 [mozilla.org]
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @12:29AM (4 children)
Isn't I2P better than TOR? maybe one can combine them?
Anyway seems PRISM etc,, all scream "Get on TOR like the last decade".
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @02:05AM (2 children)
I2P uses Java, which is dead in the water as it relates to anything security-related.
(Score: 2) by MrGuy on Thursday July 06 2017, @02:15AM
Citation needed.
(Score: 2) by c0lo on Thursday July 06 2017, @11:29AM
The late Java plugin was security-bug riddled, may Gods rest its sole in the same place as the Flash plugin.
Java as the SDK and virtual machine are as safe as anything else software, heaps of finance institutions use it.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @02:38AM
except I dont see how tor is relevant to security.