change the 0.2.0.26-rc notes to reflect what we actually sent out
svn:r14691
This commit is contained in:
Roger Dingledine
parent
410892763c
commit
0285a82079
18
ChangeLog
18
ChangeLog
|
|
@ -9,23 +9,23 @@ Changes in version 0.2.0.27-rc - 2008-05-??
|
|||
|
||||
Changes in version 0.2.0.26-rc - 2008-05-13
|
||||
Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
|
||||
in Debian's OpenSSL packages. All users running any 0.2.0.x version
|
||||
in Debian's OpenSSL packages. All users running any 0.2.0.x version
|
||||
should upgrade, whether they're running Debian or not.
|
||||
|
||||
o Major security fixes:
|
||||
- Use new V3 directory authority keys on the Tor26, Gabelmoo, and
|
||||
Moria1 V3 directory authorities. The old keys were generated with
|
||||
- Use new V3 directory authority keys on the tor26, gabelmoo, and
|
||||
moria1 V3 directory authorities. The old keys were generated with
|
||||
a vulnerable version of Debian's OpenSSL package, and must be
|
||||
considered compromised. Other authorities' keys were not
|
||||
generated with an affected version of OpenSSL.
|
||||
considered compromised. Other authorities' keys were not generated
|
||||
with an affected version of OpenSSL.
|
||||
|
||||
o Major bugfixes:
|
||||
- List authority signatures as "unrecognized" based on DirServer lines,
|
||||
not on cert cache. Bugfix on 0.2.0.x.
|
||||
- List authority signatures as "unrecognized" based on DirServer
|
||||
lines, not on cert cache. Bugfix on 0.2.0.x.
|
||||
|
||||
o Minor features:
|
||||
- Add a new V3AuthUseLegacyKey option to make it easier for authorities
|
||||
to change their identity keys if they have to.
|
||||
- Add a new V3AuthUseLegacyKey option to make it easier for
|
||||
authorities to change their identity keys if they have to.
|
||||
|
||||
|
||||
Changes in version 0.2.0.25-rc - 2008-04-23
|
||||
|
|
|
|||
Loading…
Reference in New Issue