6c1c40420b
- Never use a bridge or a controller-supplied node as an exit, even if its exit policy allows it. - Only build circuits if we have a sufficient threshold of the total descriptors that are marked in the consensus with the "Exit" flag. - Provide controllers with a safer way to implement the cookie authentication mechanism. With the old method, if another locally running program could convince a controller that it was the Tor process, then that program could trick the contoller into telling it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE" authentication method uses a challenge-response approach to prevent this attack. We are not affected by the openssl vulnerability. Full release notes: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes ok sthen@ jasper@ |
||
|---|---|---|
| .. | ||
| patches | ||
| pkg | ||
| distinfo | ||
| Makefile | ||