From: Tor CI Release Date: Wed, 25 Mar 2026 14:21:05 +0000 (+0000) Subject: release: ChangeLog and ReleaseNotes for 0.4.8.23 X-Git-Tag: tor-0.4.8.23~1 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=a46ebbf5ecd50637d2c937ea30ccc50efae832ea;p=thirdparty%2Ftor.git release: ChangeLog and ReleaseNotes for 0.4.8.23 --- diff --git a/ChangeLog b/ChangeLog index 79696759c4..8ebe73b670 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +Changes in version 0.4.8.23 - 2026-03-25 + This is a security release fixing major bugfixes that could possibly lead to + remote crashing relays. We strongly recommend upgrading as soon as possible. + + o Major bugfix (security, conflux): + - Fix a memory compare using the wrong length. This could lead to a + remote crash when using the conflux subsystem. TROVE-2026-004. + Fixes bug 41232; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (security): + - Fix a series of defense in depth security issues found across the + codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on March 25, 2026. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2026/03/25. + + Changes in version 0.4.8.22 - 2026-01-28 This is likely the very last release of the 0.4.8.x series. Three major bugfixes detailed below including two affecting directory servers (basically diff --git a/ReleaseNotes b/ReleaseNotes index 4925eeac23..94a6e1ea1a 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,27 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.8.23 - 2026-03-25 + This is a security release fixing major bugfixes that could possibly lead to + remote crashing relays. We strongly recommend upgrading as soon as possible. + + o Major bugfix (security, conflux): + - Fix a memory compare using the wrong length. This could lead to a + remote crash when using the conflux subsystem. TROVE-2026-004. + Fixes bug 41232; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (security): + - Fix a series of defense in depth security issues found across the + codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on March 25, 2026. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2026/03/25. + + Changes in version 0.4.8.22 - 2026-01-28 This is likely the very last release of the 0.4.8.x series. Three major bugfixes detailed below including two affecting directory servers (basically diff --git a/changes/fallbackdirs-2026-02-12 b/changes/fallbackdirs-2026-02-12 deleted file mode 100644 index 0c7515ba65..0000000000 --- a/changes/fallbackdirs-2026-02-12 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on February 12, 2026. diff --git a/changes/fallbackdirs-2026-03-25 b/changes/fallbackdirs-2026-03-25 deleted file mode 100644 index 5b9c324bd6..0000000000 --- a/changes/fallbackdirs-2026-03-25 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on March 25, 2026. diff --git a/changes/geoip-2026-02-12 b/changes/geoip-2026-02-12 deleted file mode 100644 index 3403b58ef7..0000000000 --- a/changes/geoip-2026-02-12 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2026/02/12. diff --git a/changes/geoip-2026-03-25 b/changes/geoip-2026-03-25 deleted file mode 100644 index 036c9150b0..0000000000 --- a/changes/geoip-2026-03-25 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2026/03/25. diff --git a/changes/ticket41228 b/changes/ticket41228 deleted file mode 100644 index 9803aef5c6..0000000000 --- a/changes/ticket41228 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (security): - - Fix a series of defense in depth security issues found across the - codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha. - diff --git a/changes/ticket41232 b/changes/ticket41232 deleted file mode 100644 index 4164e40b67..0000000000 --- a/changes/ticket41232 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfix (security, conflux): - - Fix a memory compare using the wrong length. This could lead to a remote - crash when using the conflux subsystem. TROVE-2026-004. Fixes bug 41232; - bugfix on 0.4.8.1-alpha.