The Tor Browser 12.5.5 (All Platforms) has been released. (26-September-2023) Tor Browser 12.5.5 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.5.4 is: All Platforms Updated tor to 0.4.7.15 Updated NoScript to 11.4.27 Updated Translations Bug tor-browser#42120: Use foursquare as domain front for snowflake Bug tor-browser#42123: Backport security fixes from Firefox 118 to ESR 102.15 / 115.3 – based Tor Browser Windows + macOS + Linux Bug tor-browser#42126: moat and connect assist broken for people who can't reach domain front
The Tor Browser 12.5.6 (All Platforms) has been released. (29-September-2023) Tor Browser 12.5.6 is now available from the Tor Browser download page and also from our distribution directory. This release backports important security updates from Firefox 115.3.1.0esr. Blog/Announcement | Full Changelog Spoiler The full changelog since Tor Browser 12.5.5 is: All Platforms Bug tor-browser#42135: Backport security fixes from Firefox 115.3.1 to 102.15.1 Build System All Platforms Bug tor-browser-build#40957: Update subkey expiration date for Tor Browser gpg key
The Tor Browser 13.0 (All Platforms) has been released. (12-October-2023) Tor Browser 13.0 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog Spoiler Full changelog The full changelog since Tor Browser 12.5.6 is: All Platforms Updated tor to 0.4.8.7 Updated OpenSSL to 3.0.11 Bug tor-browser-spec#40050: FF103 Audit Bug tor-browser-spec#40051: FF104 Audit Bug tor-browser-spec#40052: FF105 Audit Bug tor-browser-spec#40053: FF106 Audit Bug tor-browser-spec#40054: FF107 Audit Bug tor-browser-spec#40055: FF108 Audit Bug tor-browser-spec#40056: FF109 Audit Bug tor-browser-spec#40057: FF110 Audit Bug tor-browser-spec#40058: FF111 Audit Bug tor-browser-spec#40059: FF112 Audit Bug tor-browser-spec#40060: FF113 Audit Bug tor-browser-spec#40061: FF114 Audit Bug tor-browser-spec#40062: FF115 Audit Bug tor-browser#26277: When the “Safest” setting is enabled, searching using duckduckgo should always use the Non-Javascript site for searches Bug tor-browser#40577: Add “suggest url” in DDG onion's manifest Bug tor-browser#40938: Migrate remaining torbutton functionality to tor-browser Bug tor-browser#41092: Enable tracking query parameters stripping Bug tor-browser#41327: Disable UrlbarProviderInterventions Bug tor-browser#41399: Update Mozilla's patch for Bug 1675054 to enable brotli encoding for HTTP onions as well Bug tor-browser#41477: Review some extensions.* preferences Bug tor-browser#41496: Review 000-tor-browser.js and 001-base-profile.js for 115 Bug tor-browser#41576: ESR115: ensure no remote calls for weather & add-on suggestions Bug tor-browser#41605: Remove unused assets from torbutton (preferences-mobile.css) Bug tor-browser#41675: Remove javascript.options.large_arraybuffers Bug tor-browser#41727: WebRTC privacy-hardening settings Bug tor-browser#41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing Bug tor-browser#41752: Review changes done by Bug 41565 Bug tor-browser#41796: Rebase Tor Browser to Firefox 115 Bug tor-browser#41797: Lock RFP in release builds Bug tor-browser#41934: Websocket raises DOMException on http onions in 13.0a1 Bug tor-browser#41936: Review Mozilla 1770158: Use double-conversion library instead of dtoa for string-to-double conversion Bug tor-browser#41937: Review Mozilla 1780014: Add specific telemetry for conservative and first-try handshakes Bug tor-browser#41938: Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when “localhost” is used as host for the WebSocket server Bug tor-browser#41939: Review Mozilla 1728871: Support fetching data from Remote Setting Bug tor-browser#41941: Review Mozilla 1775254: Improve Math.pow accuracy for large exponents Bug tor-browser#41943: Lock javascript.options.spectre.disable_for_isolated_content to false Bug tor-browser#41945: Review Mozilla 1783019: Add a cookie banner service to automatically handle website cookie banners Bug tor-browser#41946: Review Mozilla 1782579: Add a locale parameter to the text recognition API Bug tor-browser#41947: Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime Bug tor-browser#41950: Review Mozilla 1788668: Add the possibility to check that the clipboard contains some pdfjs stuff Bug tor-browser#41951: Review Mozilla 1790681: Enable separatePrivateDefault by default Bug tor-browser#41959: Review Mozilla 1795944: Remove descriptionheightworkaround Bug tor-browser#41960: Review Mozilla 1797896: Proxy environment variables should be upper case / case insensitive Bug tor-browser#41961: Review Mozilla 1798868: Hide cookie banner handling UI by default Bug tor-browser#41969: Review Mozilla 1746983: Re-enable pingsender2 Bug tor-browser#41970: Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest Bug tor-browser#41984: Rename languageNotification.ftl to base-browser.ftl Bug tor-browser#42013: Review Mozilla 1834374: Do not call EmptyClipboard() in nsBaseClipboard destructor Bug tor-browser#42014: Review Mozilla 1832791: Implement a Remote Settings for the Quarantined Domains pref Bug tor-browser#42015: Review Mozilla 1830890: Keep a history window of WebRTC stats for about:WebRTC Bug tor-browser#42019: Empty browser's clipboard on browser shutdown Bug tor-browser#42026: Disable cookie banner service and UI. Bug tor-browser#42029: Defense-in-depth: disable non-proxied UDP WebRTC Bug tor-browser#42034: aboutTBUpdate.dtd is duplicated Bug tor-browser#42043: Disable gUM: media.devices.enumerate.legacy.enabled Bug tor-browser#42061: Move the alpha update channel creation to a commit on its own Bug tor-browser#42084: Race condition with language preferences may make spoof_english ineffective Bug tor-browser#42085: NEWNYM signal missing on Whonix Bug tor-browser#42094: Disable media.aboutwebrtc.hist.enabled as security in-depth Bug tor-browser#42120: Use foursquare as domain front for snowflake Bug tor-browser-build#40887: Update Webtunnel version to 38eb5505 Windows + macOS + Linux Updated Firefox to 115.3.1esr Bug tor-browser#30556: Re-evaluate letterboxing dimension choices Bug tor-browser#32328: Improve error recovery from the red screen of death Bug tor-browser#33282: Increase the max width of new windows Bug tor-browser#33955: Selecting “Copy image” from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications. Bug tor-browser#40175: Connections in reader mode are not FPI Bug tor-browser#40982: Cleanup maps in tor-circuit-display Bug tor-browser#40983: Move not UI-related torbutton.js code to modules Bug tor-browser#41165: Crash with debug assertions enabled Bug tor-browser#41333: Modernize Tor Browser's new-tab page (about:tor) Bug tor-browser#41423: about:tor semantic and accessibility problems Bug tor-browser#41528: Hard-coded English “based on Mozilla Firefox” appears in version in “About” dialog Bug tor-browser#41581: ESR115: figure out extension pinning / unified Extensions Bug tor-browser#41639: Fix the wordmark (title and background) of the “About Tor Browser” window Bug tor-browser#41642: Do not hide new PBM in the hamburger menu if auto PBM is not enabled Bug tor-browser#41651: Use moz-toggle in connection preferences Bug tor-browser#41691: “Firefox Suggest” text appearing in UI Bug tor-browser#41717: Bookmark toolbar visibility on new tabs is not honored when new tab page is not about:blank Bug tor-browser#41739: Remove “Website appearance” Bug tor-browser#41741: Refactor the domain isolator and new circuit Bug tor-browser#41765: TTP-02-006 WP1: Information leaks via custom homepage (Low) Bug tor-browser#41766: TTP-02-001 WP1: XSS in TorConnect's captive portal (Info) Bug tor-browser#41771: Decide what to do for firefoxview Bug tor-browser#41774: Hide the new “Switching to a new device” help menu item Bug tor-browser#41791: Copying page contents also puts the source URL on the clipboard Bug tor-browser#41812: Review layout for XUL elements Bug tor-browser#41813: Look out for links missing underlines in ESR 115-based alphas Bug tor-browser#41821: Fix the proxy type in the proxy modal of aboutreferences in 13.0 Bug tor-browser#41822: The default browser button came back on 115 Bug tor-browser#41833: Reload extensions on new identity Bug tor-browser#41834: Hide “Can't Be Removed - learn more” menu line for uninstallable add-ons Bug tor-browser#41842: Remove the old removal logics from Torbutton Bug tor-browser#41844: Stop using the control port directly Bug tor-browser#41845: Stop forcing (bad) pref values for non-PBM users Bug tor-browser#41852: Review the Tor Check Service UX Bug tor-browser#41864: TOR_CONTROL_HOST and TOR_SOCKS_HOST do not work as expected when the browser launches tor Bug tor-browser#41865: Use --text-color-deemphasized rather than --panel-description-color Bug tor-browser#41874: Visual & A11 regressions in add-on badges Bug tor-browser#41876: Remove Firefox View from title bar Bug tor-browser#41877: NoScript seems to be blocking by default in the first 115-based testbuild Bug tor-browser#41881: Developer tools/Network/New Request remembers requests Bug tor-browser#41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning Bug tor-browser#41904: The log textarea doesn't resize anymore Bug tor-browser#41906: Hide aboutreferences#privacy > DNS over HTTPS section Bug tor-browser#41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping Bug tor-browser#41912: “Use Current Bridges” is shown for users even when there aren't any current bridges Bug tor-browser#41922: Unify the bridge line parsers Bug tor-browser#41923: The path normalization results in warnings Bug tor-browser#41924: Small refactors for TorProcess Bug tor-browser#41925: Remove the torbutton startup observer Bug tor-browser#41926: Refactor the control port client implementation Bug tor-browser#41931: Regression: new window leaks outer window Bug tor-browser#41935: Improve new window & letterboxing dimensions Bug tor-browser#41940: Review Mozilla 1739348: When a filetype is set to “always ask” and the user makes a save/open choice in the dialog, we should not also open the downloads panel Bug tor-browser#41949: Review Mozilla 1782578: Implement a context menu modal for text recognition Bug tor-browser#41954: Inputs in the request a bridge dialog are cut-off in 13.0 alpha Bug tor-browser#41957: Revert to Fx's default identity block style for internal pages Bug tor-browser#41958: Console error when closing tor browser with aboutreferences open Bug tor-browser#41964: emojiAnnotations not defined in time in connection preferences Bug tor-browser#41965: TorConnect error when opening browser tools Bug tor-browser#41971: Update Tails URL in downloads warning Bug tor-browser#41973: Custom wingpanels don't line up with their toolbar icons in 13.0 alpha Bug tor-browser#41974: De-emphasized text in custom components is no longer gray in 13.0 alpha Bug tor-browser#41975: Downloads warning text too narrow in 13.0 alpha Bug tor-browser#41976: Bottom padding on collapsed bridge cards has increased in 13.0 alpha Bug tor-browser#41977: Hide the “Learn more” link in bridge cards Bug tor-browser#41980: Circuit display headline is misaligned in 13.0 alpha Bug tor-browser#41981: Review Mozilla 1800675: Add aboutreferences entry for cookie banner handling Bug tor-browser#41983: Review Mozilla 1770447: Create a reusable “support-link” widget Bug tor-browser#41986: Fix the control port password handling Bug tor-browser#41994: CSS (and other assets) of some websites blocked in 13.0 alpha Bug tor-browser#42022: Prevent extension search engines from breaking the whole search system Bug tor-browser#42027: Create a Base Browser version of migrateUI Bug tor-browser#42037: Disable about:firefoxview Bug tor-browser#42041: TBB --allow-remote mixes up with plain Firefox Bug tor-browser#42045: Circuit panel overflows with long ipv6 addresses Bug tor-browser#42046: Remove XUL layout hacks from base browser Bug tor-browser#42047: Remove layout hacks from tor browser preferences Bug tor-browser#42050: Bring back Save As... dialog as default Bug tor-browser#42073: Add simplified onion pattern to the new homepage Bug tor-browser#42075: Fix link spacing and underline on new homepage Bug tor-browser#42079: TorConnect: handle switching from Bootstrapped to Configuring state Bug tor-browser#42083: RemoteSecuritySettings.init throws error in console Bug tor-browser#42091: Onion authorization prompt overflows Bug tor-browser#42092: Onion services key table display problems. Bug tor-browser#42098: Implement Windows installer icons Bug tor-browser#42100: Connect Assist dropdown text not centered Bug tor-browser#42102: TorProcess says the SOCKS port is not valid even though it is Bug tor-browser#42109: Onion services keys table has empty column headers. Bug tor-browser#42110: Add a utility module for shared UI methods needed for several tor browser components Bug tor-browser#42126: moat and connect assist broken for people who can't reach domain front Bug tor-browser#42129: Disable the Tor restart prompt if shouldStartAndOwnTor is false Bug tor-browser#42131: Tor Browser 13.0a5 does not track circuits created before Tor Browser started Bug tor-browser#42132: The new control port handling in Tor Browser 13 breaks a Tails security feature Bug tor-browser#42138: Disable apz.overscroll.enabled pref Bug tor-browser#42155: Drop the unused code for the old bridge removal warning Bug tor-browser#42159: Responsive Design Mode not working correctly Bug tor-browser#42160: Allow specifying a TOR_PROVIDER=none to configure only the proxy settings during the TorProviderBuilder initialization Bug tor-browser#42166: New identity dialog missing accessible name Bug tor-browser#42167: Make the preference auto-focus more reliable Bug tor-browser-build#40821: The update details URL is wrong in alphas Bug tor-browser-build#40893: Update (Noto) fonts for 13.0 Bug tor-browser-build#40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class Bug tor-browser-build#40938: Copy the new tor-browser.ftl file to the appropriate directory Windows + Android Bug tor-browser-build#40930: Upate zlib to 1.3 after 13.0a3 Windows Bug tor-browser#40737: Revert backout of Mozilla's fix for bug 1724777 Bug tor-browser#41658: Create new installer icons for Windows Bug tor-browser#41798: Stop building private_browsing.exe on Windows Bug tor-browser#41806: Prevent Private Browsing start menu item to be added automatically Bug tor-browser#41942: Review Mozilla 1682520: Use the WER runtime exception module to catch early crashes Bug tor-browser#41944: Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed. Bug tor-browser#42008: Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is broken Bug tor-browser#42010: Review Mozilla 1810641: Enable overscroll on Windows on all channels Bug tor-browser#42087: Implement Windows application icons Bug tor-browser-build#40954: Implement Windows installer icons macOS Bug tor-browser#41948: Review Mozilla 1782981: Hide the text recognition context menu if the macOS version doesn't support APIs Bug tor-browser#41955: Update macOS volume window background Bug tor-browser#41982: Review Mozilla 1762392: Add Cocoa platform support for paste files Bug tor-browser#42057: Disable Platform text-recognition functionality Bug tor-browser#42078: Implement MacOS application icons Bug tor-browser#42147: Add browser.helperApps.deleteTempFileOnExit to our profile Linux Bug tor-browser#41509: After update, KDE Plasma identifies Tor Browser Nightly window group as “firefox-nightly” Bug tor-browser#41884: Linux: set browser.tabs.searchclipboardfor.middleclick to false Bug tor-browser#42088: Implement Linux application icons Bug tor-browser-build#40576: Fontconfig warning: remove 'blank' configuration Android Updated GeckoView to 115.3.1esr Bug tor-browser#41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path Bug tor-browser#41882: Update DuckDuckGo icons Bug tor-browser#41911: Firefox-Android tor bootstrap connect button css broken Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser Bug tor-browser#41972: Disable Firefox onboarding in 13.0 Bug tor-browser#41990: Review Mozilla 1811531: Add 'site' query parameter to Pocket sponsored stories request Bug tor-browser#41991: Review Mozilla 1812518: Allow a custom View for 3rd party downloads Bug tor-browser#41993: Review Mozilla 1810761: Add API for saving a PDF Bug tor-browser#41996: App includes com.google.android.gms.permission.AD_ID permission Bug tor-browser#41997: com.adjust.sdk.Adjust library enables AD_ID permission even though we aren't using it Bug tor-browser#41999: TB13.0a2 android: center text on connect button Bug tor-browser#42001: Hide 'Open links in external app' settings option and force defaults Bug tor-browser#42002: Review Mozilla 1809305: Allow user to copy an image to the clipboard Bug tor-browser#42003: Review Mozilla 1819431: Reimplement default browser notification with Nimbus Messaging equivalent Bug tor-browser#42004: Review Mozilla 1818015: Use a custom tab or the view we use for Sync onboarding for the Privacy button Bug tor-browser#42005: Review Mozilla 1816932: Add Maps to app links common sub domains Bug tor-browser#42006: Review Mozilla 1817726: Allow sharing current tab URL from Android's Recents (App Overview) screen. Bug tor-browser#42007: Review Mozilla 1805450: Allow users to submit site support requests in Fenix Bug tor-browser#42012: Review Mozilla 1810629: add an Android shortcut to go straight to the login and passwords page Bug tor-browser#42016: Review Mozilla 1832069: Implement Google Play Referrer Library to fetch referrer URL Bug tor-browser#42018: Rebase Firefox for Android to 115.2.1 Bug tor-browser#42023: Remove FF what's new from Android Bug tor-browser#42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen Bug tor-browser#42074: YEC 2023 Takeover for Android Stable Bug tor-browser#42076: Theme is visible in options, but shouldn't be Bug tor-browser#42089: Disable the Cookie Banner Reduction site support requests (Mozilla 1805450) Bug tor-browser#42114: Disable Allow sharing current tab URL from Android's Recents screen in private browsing mode Bug tor-browser#42115: Enhanced Tracking Protection can still be enabled Bug tor-browser#42122: playstore console crashes: java.lang.NoSuchMethodError Bug tor-browser#42133: Remove “Total Cookie Protection” popup Bug tor-browser#42134: Remove Android icon shortcuts Bug tor-browser#42156: Screenshot allowing still blocks homescreen (android) Bug tor-browser#42157: Fix Help button URL Bug tor-browser#42165: Remove “Add to shortcuts” and “Remove from shortcuts” buttons Bug tor-browser#42158: Remove “Customize Homepage” button Bug tor-browser-build#40740: Tor Browser for Android's snowflake ClientTransportPlugin seems to be out of date Bug tor-browser-build#40919: Fix nimbus-fml reproducibility of 13.0a2-build1 Bug tor-browser-build#40941: Remove PT process options on Android Build System All Platforms Updated Go to 1.21.1 Bug tor-browser#42130: Add support for specifying the branch in tb-dev rebase-on-default Bug tor-browser-build#31588: Be smarter about vendoring for Rust projects Bug tor-browser-build#40089: Clean up usage of get-moz-build-date script Bug tor-browser-build#40410: Get rid of python2 Bug tor-browser-build#40487: Bump Python version Bug tor-browser-build#40741: Update browser and tor-android-service projects to pull data from pt_config.json Bug tor-browser-build#40802: Drop the patch for making WASI reproducible Bug tor-browser-build#40829: Review and standardize naming scheme for browser installer/package artifacts Bug tor-browser-build#40854: Update to OpenSSL 3.0 Bug tor-browser-build#40855: Update toolchains for Mozilla 115 Bug tor-browser-build#40868: Bump Rust to 1.69.0 Bug tor-browser-build#40880: The README doesn't include some dependencies needed for building incrementals Bug tor-browser-build#40886: Update README with instructions for Arch linux Bug tor-browser-build#40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates Bug tor-browser-build#40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality Bug tor-browser-build#40929: Update go to 1.21 series after 13.0a3 Bug tor-browser-build#40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml Bug tor-browser-build#40935: Fix fallout from build target rename in signing scripts Bug tor-browser-build#40948: Remove lyrebird-vendor sha256sum in nightly Bug tor-browser-build#40957: Expired subkey warning on Tor Browser GPG verification Bug tor-browser-build#40972: Handle Mullvad Browser in the changelog script and group entries by project Windows + macOS + Linux Bug tor-browser#41967: Add a Makefile recipe to create multi-lingual dev builds Bug tor-browser-build#40149: Remove patching of nightly update URL Bug tor-browser-build#40615: Consider adding a readme to the fonts directory Bug tor-browser-build#40907: Sometimes debug information are not deterministic with Clang 16.0.4 Bug tor-browser-build#40922: Use base-browser.ftl instead of languageNotification.ftl Bug tor-browser-build#40931: Fix incrementals after tor-browser-build#40829 Bug tor-browser-build#40933: Fix generating incrementals between 12.5.x and 13.0 Bug tor-browser-build#40942: Use the branch to build Base Browser Bug tor-browser-build#40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files Bug tor-browser-build#40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml Bug tor-browser-build#40956: Allow testing the updater also with release and alpha channel Windows Bug tor-browser#41995: Generated headers on Windows aren't reproducible Bug tor-browser-build#40832: Unify mingw-w64-clang 32+64 bits Bug tor-browser-build#40940: Change position of the install|portable in the builds filenames macOS Bug tor-browser#42035: Update tools/torbrowser/ scripts to support macOS dev environment Bug tor-browser-build#40943: Update libdmg-hfsplus to include our uplifted patch Bug tor-browser-build#40951: Firefox fails to build for macOS after tor-browser-build#40938 Linux Bug tor-browser#42071: tor-browser deployed format changed breaking fetch.sh Bug tor-browser-build#40102: Move from Debian Jessie to Debian Stretch for our Linux builds Bug tor-browser-build#40971: Stop shipping Linux i686 debug archive until we actually produce the symbols Android Bug tor-browser#41899: Use LLD for Android Bug tor-browser-build#40867: Create a RBM project for the unified Android repository Bug tor-browser-build#40917: Remove the uniffi-rs project Bug tor-browser-build#40918: The commit hash is still not displayed about:buildconfig on Android Bug tor-browser-build#40920: Non-deterministic generation of baseline.profm file in Android apks Bug tor-browser-build#40963: Tor Browesr 13.0 torbrowser-testbuild-android* targets fail to build Bug tor-browser-build#40974: firefox-android fails to build in release
The Tor Browser 13.0.1 (All Platforms) has been released. (25-October-2023) Tor Browser 13.0.1 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Full changelog The full changelog since Tor Browser 13.0 is: All Platforms Bug tor-browser#42185: Rebase stable browsers on top of 115.4.0esr Bug tor-browser#42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser Bug tor-browser-build#40975: libstdc++.so.6 is included twice in tor-browser Windows + macOS + Linux Updated Firefox to 115.4.0esr Bug tor-browser#42182: Default Search Engine Does Not Persist Through Shift to New Identity Android Updated GeckoView to 115.4.0esr Build System All Platforms Updated Go to 1.21.3 Bug tor-browser-build#40976: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-02 and tb-build-03 Bug rbm#40062: Copy input directories to containers recursively Windows + Linux Bug tor-browser-build#40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json Windows Bug tor-browser-build#40984: The PDBs for .exe are not included Linux Bug tor-browser-build#40979: Add redirects from old Linux bundle filename to the new one applications releases
The Tor Browser 13.0.4 (All Platforms) has been released. (21-November-2023) Tor Browser 13.0.4 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Full changelog The full changelog since Tor Browser 13.0.3 is: All Platforms Updated OpenSSL to 3.0.12 Updated tor to 0.4.8.9 Bug tor-browser#42275: Rebase Tor Browser Stable to 115.5.0esr Bug tor-browser#42277: Enable storage.sync to fix broken webextensions Windows + macOS + Linux Updated Firefox to 115.5.0esr Bug tor-browser#41341: Fix style and position of “Always Prioritize Onions” wingpanel Bug tor-browser#42108: Tor Circuit button not shown if TLS handshake fails Bug tor-browser#42184: Setting “Homepage and new windows” ignores “Blank Page” value Bug tor-browser#42188: Donations are asked repeatedly when I click the New identity button Bug tor-browser#42194: Blank Net Error page on name resolution failure Windows + macOS Bug tor-browser#42154: Empty the clipboard on browser shutdown only if content comes from private browsing windows Android Updated GeckoView to 115.5.0esr Bug tor-browser#42074: YEC 2023 Takeover for Android Stable Bug tor-browser#42287: Backport security fixes (Android & wontfix) from Firefox 120 to 115.5 - based Tor Browser Build System All Platforms Update Go to 1.21.4 Bug tor-browser-build#40934: Remove $bundle_locales from signing scripts now that we're on ALL for everything Bug tor-browser-build#40982: Fix logging in tools/signing/do-all-signing Bug tor-browser-build#40989: Add .nobackup files to reproducible and disposable directories Bug tor-browser-build#41006: Fix typo in finished-signing-clean-linux signer macOS Bug tor-browser-build#29815: Sign our macOS bundles on Linux Bug tor-browser-build#41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step Bug tor-browser-build#41007: gatekeeper-bundling.sh refers to old .tar.gz archive Bug tor-browser-build#41014: Update libdmg-hfsplus to drop the OpenSSL patch Bug tor-browser-build#41020: Opening macOS DMG file is causing a warning, since 13.0
The Tor Browser 13.0.6 (All Platforms) has been released. (05-December-2023) Tor Browser 13.0.6 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Full changelog The full changelog since Tor Browser 13.0.5 is: All Platforms Bug tor-browser#42288: Allow language spoofing in status messages Windows + macOS + Linux Bug tor-browser#42302: The allowed ports string contains a typo Bug tor-browser#42231: Improve the network monitor patch for http onion resources Bug tor-browser#42299: After adding an incorrect bridge address on user cannot go back to the Connection page Linux Bug tor-browser#17560: Downloaded URLs disk leak on Linux Bug tor-browser#42306: Tor Browser crashes when extensions popups are opened with Wayland enabled Bug tor-browser-build#41017: Disable Nvidia shader cache Build System All Platforms Bug tor-browser-build#41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo Bug tor-browser-build#40936: Revert tor-browser-build#40933 Bug tor-browser-build#40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo Bug rbm#40064: Using exec on project with no git_url/hg_url is causing warning Windows + macOS + Linux Bug tor-browser-build#41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt Windows Bug tor-browser-build#41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt Android Bug tor-browser-build#41024: Fix android filenames in Release Prep issue templates
The Tor Browser 13.0.7 (All Platforms) has been released. (19-December-2023) Tor Browser 13.0.7 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Full changelog The full changelog since Tor Browser 13.0.6 is: All Platforms Updated tor to 0.4.8.10 Updated NoScript to 11.4.29 Bug tor-browser#42042: view-source:http://ip-address does not work because of HTTPS Only Bug tor-browser#42261: Update the icon of Startpage search engine Bug tor-browser#42330: Rebase stable browsers to 115.6.0esr Bug tor-browser#42334: Keep returning ERROR_ONION_WITH_SELF_SIGNED_CERT only for .onion sites whose cert throws ERROR_UNKNOWN_ISSUER Windows + macOS + Linux Updated Firefox to 115.6.0esr Bug tor-browser#42283: Tor Browser shouldn't ship blockchair by default Android Updated GekcoView to 115.6.0esr Bug tor-browser#42285: Update the gitignore to use the correct paths for tor stuff Bug tor-browser#42339: Backport Android security fixes from Firefox 121 to 115.6 - based Tor Browser Build System All Platforms Update Go to 1.21.5 Bug tor-browser-build#40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be Bug tor-browser-build#41026: Do not use ~ when uploading the signed hashes Bug tor-browser-build#41036: Remove go_vendor-lyrebird-nightly makefile target, and rename go_vendor-$project-alpha makefile targets to go_vendor-$project Bug tor-browser-build#41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them macOS Bug tor-browser-build#40990: Remove old macOS signing scripts
The Tor Browser 13.0.8 (All Platforms) has been released. (21-December-2023) Tor Browser 13.0.8 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler The full changelog since Tor Browser 13.0.7 is: Windows Bug tor-browser-build#41053: All PT's crash instantly in 13.0.7 Bug tor-browser#42179: PTs on Tor Browser 13 do not work with Windows 7 Linux Bug tor-browser-build#41050: Improve the disk leak sanitization on start-$browser Build System All Platforms Bug tor-browser-build#41042: Add options to include updates in the changelog scripts Bug tor-browser-build#41043: Create script to push build requests to Mullvad build servers
The Tor Browser 13.0.9 (All Platforms) has been released. (23-January-2024) Tor Browser 13.0.9 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Tor Browser 13.0.9 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. This release updates Firefox to 115.7.0esr and Snowflake to 2.8.1. It also includes various bug fixes (see changelog for details). Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog since Tor Browser 13.0.8 is: All Platforms Updated Snowflake to 2.8.1 Bug tor-browser#42363: Tab thumbnails enhancements Bug tor-browser#42365: Rebase Tor Browser Stable onto Firefox 115.7.0esr Bug tor-browser#42367: Backport Android security fixes from Firefox 122 Bug tor-browser#42369: Revert YEC 2023 changes Bug tor-browser-build#41058: Update Snowflake to 2.8.1 Windows + macOS + Linux Updated Firefox to 115.7.0esr Bug tor-browser#42099: Blind cross-origin requests to .tor.onion domains Bug tor-browser#42189: Assertion failure: the value of mPrivateBrowsingId in the loadContext and in the loadInfo are not the same! Android Updated GeckoView to 115.7.0esr Bug tor-browser#42313: Enable One UI Sans KR as a possible font for Korean (MozBug 186523 Bug tor-browser#42324: Onion Location on Android is ignored Bug tor-browser#42346: Crash in firefox-android originating in backported FullScreenNotificationDialog patch Bug tor-browser#42353: Fix Android NoScript automatic updates Bug tor-browser#42355: Fullscreen on Android doesn't hide system bars Build System All Platforms Updated Go to 1.20.13 and 1.21.6 Bug tor-browser-build#41059: Update keyring/torbrowser.gpg with updated key Bug tor-browser-build#41063: Run "file $keyring" in tools/keyring/list-all-keyrings Windows + macOS + Linux Bug tor-browser-build#41056: Make it possible to use templates in var/torbrowser_incremental_from Windows + macOS Bug tor-browser-build#41016: Switch from bullseye to bookworm for desktop platforms Windows Bug tor-browser-build#41015: Enable std::filesystem on libc++ on Windows Android Bug tor-browser-build#41066: The Android x86 APK for 13.0.9 is too big
The Tor Browser 13.0.10 (All Platforms) has been released. (20-February-2024) Tor Browser 13.0.10 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Tor Browser 13.0.10 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. This release updates Firefox to 115.8.0esr, OpenSSL to 3.0.13, zlib to 1.3.1, and Snowflake to 2.9.0. It also includes various bug fixes (see changelog for details). Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog since Tor Browser 13.0.9 is: All Platforms Updated OpenSSL to 3.0.13 Updated zlib to 1.3.1 Updated Snowflake to 2.9.0 Bug tor-browser#42374: spoof english leaks via numberingSystem: numbers (non-latn) or decimal separator (latn) Bug tor-browser#42411: Rebase Tor Browser stable onto 115.8.0esr Bug tor-browser-build#41079: Bump version of Snowflake to v2.9.0 Windows + macOS + Linux Updated Firefox to 115.8.0esr Bug tor-browser#42338: Changing circuit programmatically in Tor Browser not working anymore! Android Updated GeckoView to 115.8.0esr Bug tor-browser#42402: Remove Android YEC strings Bug tor-browser#42416: Backport Android security fixes from Firefox 123 Linux Bug tor-browser#42293: Updater is disabled when tor-browser is run by torbrowser-launcher flatpak Build System All Platforms Updated Go to 1.20.14 and 1.21.7 Bug tor-browser-build#41067: Use Capture::Tiny instead of IO::CaptureOutput Bug rbm#40067: Use --no-verbose wget option when not running in a terminal Bug rbm#40068: Switch from IO::CaptureOutput to Capture::Tiny Bug rbm#40069: Make stdout and stderr utf8 Bug rbm#40072: Move capture_exec to a separate module
NOTE: The Tor Project folk have identified this as an emergency release. The Tor Browser 13.0.11 (All Platforms) has been released. (06-March-2024) Tor Browser 13.0.11 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Tor Browser 13.0.11 is now available from the Tor Browser download page and also from our distribution directory. This is an emergency release which updates our domain fronting configuration for the Snowflake pluggable transport and the moat connection to the rdsys backend used by the censorship circumvention system. A known issue is that the source archives do not match, likely due to a change in xz-utils (the underlying source in the archive is identical, only the compressed archive differs). This is not considered a blocker for this release and is being tracked here: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41102 Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog since Tor Browser 13.0.10 is: All Platforms Bug tor-browser#42435: Update moat domain fronting configuration Build System All Platforms Bug tor-browser-build#41085: kick_devmole_build script prints wrong URL for Mullvad's build hashes Bug tor-browser-build#41097: authenticode-timestamping.sh fails to run again because tmp-timestamp already exists
The Tor Browser 13.0.12 (All Platforms) has been released. (19-March-2024) Tor Browser 13.0.12 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler The Tor Project has recently been notified of a potential fingerprinting vulnerability with automatic Onion-Location redirects. In an abundance of caution, we have removed the 'prioritize .onion sites when known' option from Tor Browser. We are looking further into this issue and will provide timely updates as more research and additional recommendations become available. Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog since Tor Browser 13.0.11 is: All Platforms Updated Snowflake to 2.9.2 Bug tor-browser#42376: The placeholder of datetime inputs keeps being localized when spoof English is on Bug tor-browser#42378: spoof English + htmlform <details> can leak app language Bug tor-browser#42444: Remove the “Prioritize .onion sites when known” option Bug tor-browser#42448: Rebase Tor Browser stable onto Firefox 115.9.0esr Bug tor-browser#42459: Add startpage onion service to list of search providers Bug tor-browser-build#41105: Bump version of snowflake to v2.9.2 Windows + macOS + Linux Updated Firefox to 115.9.0esr Windows Bug tor-browser#42377: Hidden fonts are automatically added to the allow list Android Updated GeckoView to 115.9.0esr Bug tor-browser#42407: TTP-03-010 WP3: Potential phishing Build System All Platforms Updated Go to 1.21.8 Bug tor-browser-build#41102: src archive does not match, likely due to mismatched xz-utils version
The Tor Browser 13.0.13 (All Platforms) has been released. (22-March-2024) Tor Browser 13.0.13 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Tor Browser 13.0.13 is now available from the Tor Browser download page and also from our distribution directory. This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected. Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog since Tor Browser 13.0.12 is: Windows + macOS + Linux Updated Firefox to 115.9.1esr Bug tor-browser#42473: ESR 115.9.1 fixes Bug tor-browser#42474: Rebase stable browsers on 115.9.1
The Tor Browser 13.0.14 (All Platforms) has been released. (16-April-2024) Tor Browser 13.0.14 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog | Spoiler Full changelog The full changelog since Tor Browser 13.0.13 is: All Platforms Updated Tor to 0.4.8.11 Bug tor-browser#41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth Bug tor-browser#42335: Do not localize the order of locales for app lang Bug tor-browser#42428: Timezone offset leak via document.lastModified Bug tor-browser#42472: Timezone may leak from XSLT Date function Bug tor-browser#42508: Rebase Tor Browser stable onto 115.10.0esr Windows + macOS + Linux Updated Firefox to 115.10.0esr Bug tor-browser#42172: browser.startup.homepage and TOR_DEFAULT_HOMEPAGE are ignored for the new window opened by New Identity Bug tor-browser#42236: Let users decide whether to load their home page on new identity. Bug tor-browser#42468: App languages not sorted correctly in stable Linux Bug tor-browser-build#41110: Avoid Fontconfig warning about “ambiguous path” Android Updated GeckoView to 115.10.0esr Bug tor-browser#42509: Backport Android security fixes from Firefox 125 Build System All Platforms Updated, Go to 1.21.8 Bug tor-browser-build#41107: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo for new type of URL Bug tor-browser-build#41122: Add release date to rbm.conf Android Bug tor-browser-build#40992: Updated torbrowser_version number is not enough to change firefox-android versionCode number
