Security Release 0.4.9.11

Where to Download

Changes

Below are the major changes of the released versions and links to more detailed release notes.

Stable

Today, we released stable version 0.4.9.11 to address a series of recently reported security issues.

As with many other open source projects, we are currently receiving a lot of security reports (some very good and some very sloppy ;), which has led to this rapid succession of releases.

Note on 0.4.9.10

We released it last Tuesday, the 23rd, but soon after, we had to quickly plan another release to address specific issues. As a result, it went under the radar without an official announcement.

We strongly recommend everyone to update as soon as possible. The 0.4.9.11 Tor Debian package is now available in our repository:

https://deb.torproject.org.

Release Notes

3 Likes

also available as trixie backport:

/etc/apt/sources.list

#### backports 
deb http://deb.debian.org/debian trixie-backports main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian trixie-backports main contrib non-free non-free-firmware

apt-get install tor/trixie-backports

thx @lavamind & @weasel :heart_suit:

0.4.9.11 had already landed on trixie-security and bookworm-security.

1 Like

Again a reminder that docker images still contain old (and apparently dangerous) versions of tor: thetorproject/webtunnel-bridge - Docker Image . Please also update the images.

1 Like

I stopped to wait and made own Dockerfile with compiled webtunnel-server from git and tor from deb repository using the old 0.4.9.5 tor/webtunnel-bridge image as starting image, works well without visible issues but new docker image is of course the best option. Reasons why try and go with 0.4.9.11 won.