diff options
| author | Roger Dingledine <arma@torproject.org> | 2008-05-23 11:54:46 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2008-05-23 11:54:46 +0000 |
| commit | a318214f9bd54fd0f0f51db9f5d8222d3f732491 (patch) | |
| tree | 08d38bf108d8da9ed4af3466106d766c5716229b /ChangeLog | |
| parent | cfd6159bb33a1d8547e0fa22b631784b49135a79 (diff) | |
| download | tor-a318214f9bd54fd0f0f51db9f5d8222d3f732491.tar tor-a318214f9bd54fd0f0f51db9f5d8222d3f732491.tar.gz | |
and forward-port the 0.2.0.26-rc notes
svn:r14692
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -108,6 +108,27 @@ Changes in version 0.2.1.1-alpha - 2008-??-?? two parallel lists in lockstep. +Changes in version 0.2.0.26-rc - 2008-05-13 + Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug + in Debian's OpenSSL packages. All users running any 0.2.0.x version + should upgrade, whether they're running Debian or not. + + o Major security fixes: + - Use new V3 directory authority keys on the tor26, gabelmoo, and + moria1 V3 directory authorities. The old keys were generated with + a vulnerable version of Debian's OpenSSL package, and must be + considered compromised. Other authorities' keys were not generated + with an affected version of OpenSSL. + + o Major bugfixes: + - List authority signatures as "unrecognized" based on DirServer + lines, not on cert cache. Bugfix on 0.2.0.x. + + o Minor features: + - Add a new V3AuthUseLegacyKey option to make it easier for + authorities to change their identity keys if they have to. + + Changes in version 0.2.0.25-rc - 2008-04-23 Tor 0.2.0.25-rc makes Tor work again on OS X and certain BSDs. |