Stable release 0.4.8.20

dgoulet · November 11, 2025, 5:45pm

Where to Download

Changes

Below are the major changes of the released versions and links to more detailed release notes.

Stable

Yesterday, we quietly released version 0.4.8.20 to allow relay operators some time to upgrade and help mitigate medium-severity remote crash issues that were reported a few days ago through the HackerOne platform.

We have reserved two TROVE entries for these issues: TROVE-2025-014 and TROVE-2025-015.

Once a sufficient number of relays have upgraded, we will make the tickets associated with these TROVE entries public in the near future.

In the meantime, if any relay operators experience crashes or unusually high memory usage, please report it to us via the Tor relays mailing list: tor-relays@lists.torproject.org.

As of this announcement, our 0.4.8.20 Debian package on https://deb.torproject.org is now available. And so, as always, please upgrade as soon as possible.

Thank you!

Release Notes

0.4.8.x

yet_another_tor_node · November 13, 2025, 5:55pm

uname -a

Linux pcname 5.10.0-33-amd64 #1 SMP Debian 5.10.226-1 (2024-10-03) x86_64 GNU/Linux

cat /etc/debian_version

11.11

apt-get update

Hit:1
Hit:2 %^(^&)(&^&%^#@*&%^ bullseye InRelease
Hit:3 (%^$(%^#(^%#(&%^# bullseye-security InRelease
Hit:4 (^&%(*^#@_)$(&^ bullseye-updates InRelease
Hit:5
Hit:6 $%&%$^%^$%^$%$ bullseye InRelease
Reading package lists… Done

# apt-get --only-upgrade install tor
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Suggested packages:
mixmaster torbrowser-launcher socat apparmor-utils nyx obfs4proxy
The following packages will be upgraded:
tor
1 upgraded, 0 newly installed, 0 to remove and 362 not upgraded.
Need to get 2,092 kB of archives.
After this operation, 2,048 B of additional disk space will be used.
Err:1 ^&%(^&%$&)^$%#&(^%$^@( bullseye/main amd64 tor amd64 0.4.8.18-1~d11.bullseye+1
404 Not Found [IP: 95.216.163.36 443]
E: Failed to fetch https: //deb . torproject . org/torproject.org/pool/main/t/tor/tor_0.4.8.18-1~d11.bullseye%2B1_amd64.deb 404 Not Found [IP: 95.216.163.36 443]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
——————————-
What am I doing wrong ?

code9n · November 14, 2025, 9:44am

re. 41D4F82AB54AE5C5FB8D3CD24B4FC84350EFEF03

I can’t get this release. I have these repositories enabled:

Hit:1 Index of /debian bullseye InRelease
Hit:2 Index of /debian bullseye-updates InRelease
Hit:3 Index of /debian-security bullseye-security InRelease
Hit:4 Index of /torproject.org bullseye InRelease

I’m just trying to update like normal sudo apt update sudo apt upgrade .

Or with sudo apt install tor or dpkg -l tor I keep getting told I’m running the latest version - 0.4.8.18 .

Most all the other relays I look at have the same,

“This relay is running a version of Tor that is too old and may be missing important security fixes. If this is your relay, you should update it as soon as possible.”

, not recommended warning.

Any advice? Thanks.

anonymous4 · November 14, 2025, 9:34pm

+1 to needing a bullseye package

root:~# apt update
Get:1 http://security.debian.org/debian-security bullseye-security InRelease [27.2 kB]
Hit:2 http://deb.debian.org/debian bullseye InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Hit:4 https://deb.torproject.org/torproject.org bullseye InRelease
Get:5 http://security.debian.org/debian-security bullseye-security/main Sources [272 kB]
Fetched 299 kB in 1s (410 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root:~# apt install tor
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tor is already the newest version (0.4.8.18-1~d11.bullseye+1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

yurikoles · November 16, 2025, 2:56pm

Bullseye End of Life (EOL) 2024-08-14, Current oldoldstable release, under LTS support

You heard about bookworm and trixie, right?

Kemp · November 16, 2025, 2:56pm

Debian bullseye is no longer supported now that trixie is out and bookworm has been made the oldstable. You must release upgrade at least to bookworm.

atari · November 19, 2025, 7:21am

will there be 0.4.8.20 packages in the official Debian-trixie-repo anytime soon? Debian -- Details of package tor in trixie