forward-port the 0.2.4.25 changelog to release-0.2.5 changelog and releasenotes
This commit is contained in:
Nick Mathewson
parent
e6ae154ab4
commit
334f4f60e8
17
ChangeLog
17
ChangeLog
|
|
@ -31,6 +31,23 @@ Changes in version 0.2.5.9-rc - 2014-10-20
|
|||
from 'warn' to 'protocol warning'. Closes ticket 8093.
|
||||
|
||||
|
||||
Changes in version 0.2.4.25 - 2014-10-20
|
||||
Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
|
||||
(even though POODLE does not affect Tor). It also works around a crash
|
||||
bug caused by some operating systems' response to the "POODLE" attack
|
||||
(which does affect Tor).
|
||||
|
||||
o Major security fixes (also in 0.2.5.9-rc):
|
||||
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||
today support TLS 1.0 or later, so we can safely turn off support
|
||||
for this old (and insecure) protocol. Fixes bug 13426.
|
||||
|
||||
o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||
13471. This is a workaround for an OpenSSL bug.
|
||||
|
||||
|
||||
Changes in version 0.2.5.8-rc - 2014-09-22
|
||||
Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
|
||||
series. It fixes a bug that affects consistency and speed when
|
||||
|
|
|
|||
17
ReleaseNotes
17
ReleaseNotes
|
|
@ -880,6 +880,23 @@ Changes in version 0.2.5.xx - 2014-10-xx
|
|||
ticket 12731.
|
||||
|
||||
|
||||
Changes in version 0.2.4.25 - 2014-10-20
|
||||
Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
|
||||
(even though POODLE does not affect Tor). It also works around a crash
|
||||
bug caused by some operating systems' response to the "POODLE" attack
|
||||
(which does affect Tor).
|
||||
|
||||
o Major security fixes (also in 0.2.5.9-rc):
|
||||
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||
today support TLS 1.0 or later, so we can safely turn off support
|
||||
for this old (and insecure) protocol. Fixes bug 13426.
|
||||
|
||||
o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||
13471. This is a workaround for an OpenSSL bug.
|
||||
|
||||
|
||||
Changes in version 0.2.4.24 - 2014-09-22
|
||||
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
|
||||
connecting to hidden services, and it updates the location of one of
|
||||
|
|
|
|||
Loading…
Reference in New Issue