Fold in changes entry for 22753, and write a blurb.
This commit is contained in:
Nick Mathewson
parent
b2ae5fc96b
commit
20a46bdce6
25
ChangeLog
25
ChangeLog
|
|
@ -1,5 +1,20 @@
|
|||
Changes in version 0.3.1.4-alpha - 2017-06-29:
|
||||
blurb goes here.
|
||||
Changes in version 0.3.1.4-alpha - 2017-06-29
|
||||
Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
|
||||
to use a guard that was in the same network family as a chosen exit
|
||||
node. This is a security regression; all clients running earlier
|
||||
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
|
||||
0.3.1.4-alpha.
|
||||
|
||||
This release also fixes several other bugs related to new features in
|
||||
0.3.0.x and 0.3.1.x, including others that can effect bandwidth usage
|
||||
and correctness.
|
||||
|
||||
o Major bugfixes (path selection, security):
|
||||
- When choosing which guard to use for a circuit, avoid the
|
||||
exit's family along with the exit itself. Previously, the new
|
||||
guard selection logic avoided the exit, but did not consider
|
||||
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
||||
as TROVE-2016-006 and CVE-2017-0377.
|
||||
|
||||
o New dependencies:
|
||||
- To build with zstd and lzma support, Tor now requires the pkg-
|
||||
|
|
@ -78,21 +93,17 @@ Changes in version 0.3.1.4-alpha - 2017-06-29:
|
|||
permissions on the data directory or its contents. Fixes bug
|
||||
22516; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Minor bugfixes (logging, compression):
|
||||
o Minor bugfixes (logging):
|
||||
- When decompressing, do not warn if we fail to decompress using a
|
||||
compression method that we merely guessed. Fixes part of bug
|
||||
22670; bugfix on 0.1.1.14-alpha.
|
||||
- When decompressing, treat mismatch between content-encoding and
|
||||
actual compression type as a protocol warning. Fixes part of bug
|
||||
22670; bugfix on 0.1.1.9-alpha.
|
||||
|
||||
o Minor bugfixes (logging, relay):
|
||||
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
||||
severity. In every case that can reach it, either a better warning
|
||||
has already been logged, or no warning is warranted. Fixes bug
|
||||
22356; bugfix on 0.2.6.3-alpha.
|
||||
|
||||
o Minor bugfixes (netflow padding logging):
|
||||
- Demote a warn that was caused by libevent delays to info if the
|
||||
padding is less than 4.5 seconds late, or notice if it is more
|
||||
(4.5 seconds is the amount of time that a netflow record might be
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (path selection, security):
|
||||
- When choosing which guard to use for a circuit, avoid the
|
||||
exit's family along with the exit itself. Previously, the new
|
||||
guard selection logic avoided the exit, but did not consider
|
||||
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
||||
as TROVE-2016-006 and CVE-2017-0377.
|
||||
|
||||
Loading…
Reference in New Issue