New bundles (security release)

by erinn | September 12, 2012

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://decvnxytmk.oedi.net/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803

Comments

Please note that the comment area below has been archived.

September 12, 2012

Permalink

Shouldn't I be prompted to do such an important upgrade at torproject.org? I was not. Realized the importance of upgrading as I arrived at this blog.

September 12, 2012

Permalink

The speed of internet browsing is very slow in this Tor Browser Bundle (2.2.39-1). I checked it in two different Windows-7 and faced the same problem.

September 12, 2012

Permalink

please convince the Tails developers to include Tor 0.2.2.39 in their pending new release.

September 12, 2012

Permalink

When I go to the Tor Check page, it notifies me I need an update even though I'm using 2.2.39-1

September 12, 2012

Permalink

I downloaded, verified and installed tor-browser-2.2.39-1_en-US.exe before the bundle gave notice it was available. But launching it keeps telling me there is an update available and it is the same one.

Thanks for all the hard work.

September 13, 2012

Permalink

I use new version but each time i start browserbundle it says

There is a security update available for the Tor Browser Bundle.

Click here to go to the download page

what's going on ?

September 13, 2012

Permalink

Like the previous release this new release (2.2.39-1) works very well for me. But the old bug that brings up the security update message each time the browser is started has somehow crept back into this release, which wasn't the case in 2.2.38-2. I also think it is not ok that the locally configured homepage is automatically overwritten by the TBB version check URL.

September 13, 2012

Permalink

Under Windows XP, I downloaded the latest Tor Bundle 2.2.39-1 for Windows, and after I went online with it, I updated the extentions listed under addons, and when the browser came back up the main window read:
==================================
Congratulations. Your browser is configured to use Tor.

There is a security update available for the Tor Browser Bundle.

Click here to go to the download page
==================================
How come at first it was a "Congratulations ........", then after the browser came up again, it said "There is a security update available for the Tor Browser Bundle. ..... Click here to go to the download page" What security update? I checked, and all that I ever saw was the one that I just logged on with. Can you look into this?

Thank you.

September 13, 2012

Permalink

Updated to Tor Browser Bundle (2.2.39-1) but check.torproject.org/ is still telling me "There is a security update available for the Tor Browser Bundle."

may want to fix this

September 13, 2012

Permalink

Please tell Sebastian Hahn to mark the update date in the Obfsproxy TBB main page as now I can only identify the update from the download link

September 13, 2012

Permalink

I'm trying to update my relay to this stable version, but everything in http://deb.torproject.org/torproject.org including under "stable" seems to be the experimental version. Is there somewhere else I should be looking? Should I just wait for it to come through the built-in repositories?

We moved our debs to Tor 0.2.3.x since Debian Wheezy is imminent, and we want to make sure that 0.2.3 is what gets into wheezy.

The 0.2.3 branch is basically stable now, so I wouldn't worry.

September 14, 2012

Permalink

I am sorry to say, Firefox crashes at automatic startup (called by Vidalia). I use the newest Tor Browser Bundle on 10.5.8.
Something can be done?
thank you

September 14, 2012

In reply to arma

Permalink

I am working with TenFourFox Browser 10.0.7 and the Addon Torbutton 1.4.6.1 on PowerPC Mac 10.5.8 and Vidalia 0.2.2.39 … and these apps works too.

Many Thanks for do the developer(s) !

September 14, 2012

Permalink

eeeew,
I just tried to update to this today and ZoneAlarm antivirus is detecting the following baddie

not-a-virus:NetTool.Win32.Tor.d

It detects it in both the install archive and the tor.exe after installing. The file was downloaded twice, once through Tor network, and then direct.

Using ZA "Extreme Security" version 9.3.037.000 with
Antivirus version 8.0.2.48
DAT file version 1093569472

Anyone else experience this?

I think everyone else would experience this if they would use ZoneAlarm. As it says "not-a-virus:NetTool.Win32.Tor.d" simply detects the network app Tor that is not a virus but may not be allowed on some networks if that is against their administration policy.

This same thing happened with ZA on another application and it turnned out that what you said here was exactly the case with that situation. Zone Alarm tech support then corrected their def file to resolve the false positive.

September 15, 2012

Permalink

hi, I see this update released on 12th, but Tor Check page notified me only today the 15th that there is an update, I downloaded, verified and installed, but not like usually, Kaspersky shows some warnings not like before,
http://i47.tinypic.com/t0n6yo.jpg

September 15, 2012

Permalink

I'm using Firefox.
I got this message.
I just wanted to inform you.
Thanks

------------------
IP check ( http://ip-check.info )
77.207.111.206
Warning: Your IP address is neither anonymized by JonDonym nor by Tor.
Start the test for details.
------------------

September 15, 2012

Permalink

Some, like me, who had not installed this security release were not prompted to do so, other who had done so were prompted after that fact. Straange?

September 15, 2012

Permalink

The 0.2.3.22-rc as well as the 0.2.3.20-rc is looping with 100 % CPU usage. It is a fairly new behaviour caused by an unknown reason. Falling back to 0.2.2.39 the CPU usage is now around 10%

September 15, 2012

Permalink

My Antivirus says that Tor is a "Potentially unwanted program" (PUP) and blocked it. I unlocked it manually afterwards. The problem only occurs with the newest version of TBB. No trouble between my Antivirusprogramm and older Tor-Versions.

Tor Browser Bundle 2.2.39-1
Panda Cloud Antivirus Free 2.0.1

Panda Cloud don't like this file
\Tor Browser\App\tor.exe

September 15, 2012

Permalink

I'm running a relay and am wondering if we can continue to get stable rpms built for RHEL/Centos as well? The previous yum setup was nice, but I can install the rpms manually if I have to. But building them myself from source is a lot more work since I would have to do it on a separate build machine. My relay is still on 0.2.2.35, so I am considering just shutting it down until 0.2.3 becomes more stable and I have the time to review the config and make the switchover to the new version.

September 15, 2012

Permalink

Panda Cloud Antivirus Free 2.0.1. versus Tor Browser Bundle 2.2.39-1

- - -

Panda Cloud Antivirus says that tor.exe is a virus and locks it.

"Classified as: High risk

Status: Unrestricted ready*

Cause: The program is an unclassified virus or it can be used for malicious or fraudulent purposes."

*Because I've unlocked it.

Screenshot
oi50.tinypic.com/330e0j8.jpg

September 15, 2012

Permalink

Although the download page states "this package requires no installation" when I run the .dmg file it installs another version of TBB without bringing in my bookmarks or add-ons. This is the first time I have updated TBB - am I doing something wrong?

September 16, 2012

Permalink

Dear Tor developers

I'm runing 2.2.38-2 on Windows 7. The page check.torproject.org/... doesn't reminder me the update of new version 2.2.39-1. Is it a website technical problem or not? Or when does the check page show the update info of new release when not?

Thanks from china for your great work on Tor.

September 18, 2012

Permalink

Third time I ask, never received an answer. If you say new bundles, does that include the Vidalia Bundle as well?

September 20, 2012

Permalink

Is anyone else having troubles using twitter with this and the last bundle? I try to get on twitter and it wont load it, but other websites it do, then when i get on twitter it stop loading pages after a minute. also, when i finally get twitter loaded a pop up for java comes up, which has never happened until lately. wtf, tor.

Twitter doesn't work properly with the previous bundle either. About half of nodes can't connect to it. Just keep trying 'New Identity' until it works.

Twitter with TOR I have concluded as impossible. these ToR people like to tout it as a tool for activists to use social networks. I call bullshit though.

Firstly you really have to enable Java, which I did.

I have tried to open a twitter Sockpuppet and have just opened three accounts on Tor, which were all immediately suspended after first login.

Problem is on Twitter's side, not TOR, Twitter doesent really supporrt anonymity.

How to twitter anonymously?

September 20, 2012

Permalink

this new version slows down my computer , uses a lot of memory even 650MB.

very slow, please fix

September 23, 2012

Permalink

I am wondering if it is safe to one's anonymity to use bridges. While I was using TBB 0.2.3.8 with bridges recently, I decided to check if I was using Tor by visiting the 'Are you using Tor" page at torproject.org. I was about to visit a sensitive 'political' website which is always being closely monitored by the authorities.

To my surprise the message I got was in RED saying "Sorry, you are not using Tor"!! I checked the Torbutton icon and there was no red cross over it. Everything looked OK. I immediately switched off the bridges and checked again. The message had changed to "Congratulation. Your browser is configured to use Tor". Therefore the bridge that was chosen for my traffic is responsible for this. Am I right?

As this has happened on two occasions I have stopped using bridges altogether because I have no way of knowing if I am using Tor or not even if everything seems to be OK.

I am not a technical person. I think the mistake I have made is not taking a screenshot of the negative messages I received showing the relevant IP addresses which I would include in this post.

I am using OSX 10.6.8 (intel). Perhaps there should be an icon located in the status bar indicating that one's traffic is NOT going through Tor even if everything seems to be working OK.

I am wondering if anyone has ever experienced this. Thank you.

September 23, 2012

Permalink

I have a Tosh P770D running Win7 Pro bought about 9 mos ago and am a conscientious updater.

I'm using Tor 0.2.2.35 and was notified to update to 0.2.2.39. I did this and rebooted but the control panel insists I'm still using 0.2.2.35. so I went to my download directory and deleted the Tor bundle downloaded, then deleted the subdirectories and ran the update again and rebooted. My system tells me I'm still running 2.2.35.
I see some files dated 11/11/11 and 12/?/11. What more do I need to do to install this update?

September 24, 2012

Permalink

i updated tor to: Tor Browser Bundle 2.2.39-1
and there is NO tor button, no addons, no noscript, i just have https everywhere, why tor removed all addons? and why i cant install tor button? also vidalia mat is bad, bad there no yellow arrows.

September 24, 2012

Permalink

When I updated to Version 2.2.39-1 - Windows 7, Vista, and XP (running on Windows 7 x64) the message log states:

"[Mon 24. Sep 17:01:11 2012] The Tor Software is Running - You are currently running version "0.2.2.37 (git-fce6eb1c44e87bc2)" of the Tor software."

I am also told in a pop-up box and in the "basic" message log to upgrade to the newer version.

I have tried this with the French version to the same effect. The current alpha version also tells me to upgrade.

In addition to overwriting my TOR folder contents I have created new folders from the latest downloads and get the same result.

TOR for the past few days has inexplicably disconnected on numerous occasions. Connections do not display on the network map. The list of relays looks unfamiliar.

September 24, 2012

Permalink

Earlier this afternoon I posted a message that has not yet appeared. This concerned upgrading Tor not working properly. I had never had problems with upgrades before.

The problem is now fixed. It turns out that Tor was automatically starting a process when Windows 7 (x64) started. This was something I do not want and I thought I had fixed it long ago to make the start-up manual.

It seems that because the old process was running the upgrade did not replace the file that launches the process and gave no indication that it had not done so.

Perhaps there could be a warning for Windows users about this possibility?

September 25, 2012

Permalink

why the hell my antivirus says the update is infected?
also the new vidalia is not able to connect to tor-net, it will stuck at 5% and dont go ahead to finish.

September 25, 2012

Permalink

I get an error saying "Unable to start configured proxy server" on Mac OS, Intel.

September 25, 2012

Permalink

To try to clarify the issue about what versions that are acceptable to run I Searched for "recommended versions", but failed to find the page that lists them. Has it been taken down?

September 25, 2012

Permalink

it seems there are some really serious problems with the update!
-part of it is blacklisted as potential very harm full to your machine.
-vidalia can not connect to tor and will stuck or uses up to 99% of cpu power.
for my opinion these problems need to be fixed before it can be used!
since there was a fake update in the past that causes many cases of people got caught i be some kind of aware by the "not-a-virus:NetTool.Win32.Tor.d" thing.

September 25, 2012

Permalink

I have downloaded and updated to 0.2.2.39 as per the recommendations, now it doesnt owrk and my previous version is overwritten so I can not go back.

The Vidalia Control Panel is frozen at ''Establishing an Encrypted Directory Connection'' and the Message Log reads :

Sep 26 05:16:37.069 [Notice] Tor v0.2.2.39 (git-bec76476efb71549). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 7 Service Pack 1 [workstation])
Sep 26 05:16:37.069 [Notice] Initialized libevent version 2.0.20-stable using method win32. Good.
Sep 26 05:16:37.069 [Notice] Opening Socks listener on 127.0.0.1:9050
Sep 26 05:16:37.069 [Notice] Opening Control listener on 127.0.0.1:9051
Sep 26 05:16:37.069 [Notice] Parsing GEOIP file .\Data\Tor\geoip.
Sep 26 05:16:40.080 [Notice] Bootstrapped 5%: Connecting to directory server.
Sep 26 05:16:40.454 [Notice] Bootstrapped 10%: Finishing handshake with directory server.

That is as far as it gets, please advise.
Thanks.

September 26, 2012

Permalink

The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?
The .asc files are missing ?

September 27, 2012

Permalink

Can you guys not have "Tor Browser" show up on the taskbar? This is a problem if anyone is looking over my shoulder.

September 29, 2012

Permalink

The "Remember password for sites" in the Security tab (Options) doesn't seem to work in this release. If I check it, close Tor and restart it, it is unchecked again...

October 01, 2012

Permalink

Thanks for this great website. I am trying to read some more posts but I cant get your website to display properly in my Opera Browser. Thanks again.

October 01, 2012

Permalink

TBB version after 0.2.2.38 on Windows, connected to ssh port 22, always disconnect in few mins! Establishing an Encrypted Directory, Connection load forever. Need to copy whole old torrc folder replace it.

No, not block
But the speed is so low that the non-use
But high-speed internal sites is available

نه بلوک نشده؛ اما سرعتش به حدی پایین آورده شده که غیرقابل استفاده شده است؛
اما سایتهای حکومتی با سرعت بالا قابل دسترس می باشد؛ این به خاطر این است که اینترنت داخلی و خارجی جدا شده؛ و سرعت ترافک خارجی را به شدت پایین آورده اند
واقعا استفاده از اینترنت اینجا عذاب آور شده است؛
مخصوصا شبها سرعت به شدت افت می کند؛ در حالیکه روزها کمی بهتر است؛
حکومت این روش را عذاب آور را دوست دارد؛ چون در این حالت اینترنت را قطع نکرده است؛ اما استفاده از آن هم غیرممکن است

October 04, 2012

Permalink

How can the Obfsproxy Tor Browser Bundle or just TBB be firewalled so that NO traffic is passed except through tor? I know about the script here:

https://trac.torproject.org/projects/tor/wiki/doc/BlockNonTorTrafficDeb…

which DID work with earlier versions of tor with polipo (or at least an earlier version of that script with one less line did, at least as far as I could tell) but with the browser bundle as a portable ap that script run in debian or unbuntu blocks the torbrowser also.

Just in case it is of interest: if that script is run in a terminal on a debian system with ufw installed the output is radically different from the output on a system without ufw. I'm not sure what that means. Maybe ufw is intercepting the response and interpreting it into language intended to be more comprehensible.

Otherwise, great job, Erin, et al! See you in the gulag!

October 05, 2012

Permalink

Well I live in Iran and it has been now one week I can't connect to tor. Any idea why? Is it being blocked? Speed of internet seems to be ok (for Iran that is).

October 07, 2012

Permalink

No, your government officials are just assholes and probally fuking sellers them damn selves and busyers up on this shit, THats why u cant get it

October 08, 2012

Permalink

Dear Tor Developers

Do I need to remove the invalid / unreachable bridge ip from the Settings UI?
Will it take long time for Tor to try accessing unreachable bridge ip?

Thanks for the great Tor.

October 18, 2012

Permalink

This one 0.2.2.39 is no longer working ?
Is there a way to go back to the previous tor that worked just fine !!!

October 19, 2012

Permalink

Help we can't get Tor to work any more what's the problem.
I've tried everything i can think of like replacing firefox with an older version.
Still wont work please help with this...

October 21, 2012

Permalink

we get stuck in iran .tor not working in iran and stuck in 10%.what we can do?? i have weblog and i can't write on it because i don't trust any program.i really trust in tor .is it safe to write in my weblag with using the obfsproxy??

October 31, 2012

Permalink

message by kaspersky antivirus:
tor.exe Gefunden: not-a-virus:NetTool.Win32.Tor.d 31.10.2012 16:43:00 c:\programme\tor browser\app\

what to do?

October 31, 2012

Permalink

test