Releases: svengo/docker-tor
Releases · svengo/docker-tor
Docker-tor Release 0.4.9.6-r1 (alpine 3.23.4)
What's Changed
- Bump alpine from 3.23.3 to 3.23.4 by @dependabot[bot] in #181
Full Changelog: v0.4.9.6...v0.4.9.6-r1
Contributors
dependabot
Assets 2
Docker-tor Release 0.4.9.6 [SECURITY RELEASE]
Tor stable 0.4.9.6 [SECURITY RELEASE]
The tor team just released tor 0.4.9.6. Here is the announcement: https://forum.torproject.org/t/security-release-0-4-8-23-and-0-4-9-6/21386
Please upgrade as soon as possible if you are running a relay.
Tor Changelog
Changes in version 0.4.9.6 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (portability):
- (Hopefully) fix our polyval implementation on big-endian
platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
What's Changed
- Bump actions/attest-build-provenance from 3 to 4 by @dependabot[bot] in #169
- Bump docker/login-action from 3 to 4 by @dependabot[bot] in #171
- Bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #170
- Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #172
- Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #174
- Bump docker/metadata-action from 5 to 6 by @dependabot[bot] in #173
- Revert "Bump docker/build-push-action from 6 to 7" by @svengo in #175
- Revert "Bump docker/metadata-action from 5 to 6" by @svengo in #176
- Bump docker/build-push-action from 6 to 7 by @svengo in #178
- Bump anchore/scan-action from 7.3.2 to 7.4.0 by @dependabot[bot] in #179
- Bump tor from 0.4.9.5 to 0.4.9.6 [Security Release] by @svengo in #180
Full Changelog: v0.4.9.5...v0.4.9.6
Contributors
svengo and dependabot
Assets 2
Docker-tor Release 0.4.9.5-r1
What's Changed
- Bump actions/attest-build-provenance from 3 to 4 by @dependabot[bot] in #169
- Bump docker/login-action from 3 to 4 by @dependabot[bot] in #171
- Bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #170
- Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #172
- Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #174
- Bump docker/metadata-action from 5 to 6 by @dependabot[bot] in #173
- Revert "Bump docker/build-push-action from 6 to 7" by @svengo in #175
- Revert "Bump docker/metadata-action from 5 to 6" by @svengo in #176
- Bump docker/build-push-action from 6 to 7 by @svengo in #178
Full Changelog: v0.4.9.5...v0.4.9.5-r1
Contributors
svengo and dependabot
Assets 2
Docker-tor Release 0.4.9.5
What's Changed
- Feature/non root user by @svengo in #165
- Bump anchore/scan-action from 7.3.1 to 7.3.2 by @dependabot[bot] in #166
- Feature/configuration improvements by @svengo in #167
- Update/tor 0.4.9.5 by @svengo in #168
Full Changelog: v0.4.8.22...v0.4.9.5
Contributors
svengo and dependabot
Assets 2
Docker-tor Release 0.4.8.22
What's Changed
Full Changelog: v0.4.8.21-r3...v0.4.8.22
Contributors
svengo
Assets 2
v0.4.8.21-r3 Docker-tor Release 0.4.8.21-r3 (alpine 3.23.3)
What's Changed
- Bump anchore/scan-action from 7.2.2 to 7.2.3 by @dependabot[bot] in #160
- Bump anchore/scan-action from 7.2.3 to 7.3.0 by @dependabot[bot] in #161
- Bump anchore/scan-action from 7.3.0 to 7.3.1 by @dependabot[bot] in #162
- Bump alpine from 3.23.2 to 3.23.3 by @dependabot[bot] in #163
Full Changelog: v0.4.8.21-r2...v0.4.8.21-r3
Contributors
dependabot
Assets 2
Docker-tor Release 0.4.8.21-r2 (alpine 3.23.2)
What's Changed
- Bump anchore/scan-action from 7.2.1 to 7.2.2 by @dependabot[bot] in #158
- Bump alpine from 3.23.0 to 3.23.2 by @dependabot[bot] in #159
Full Changelog: v0.4.8.21-r1...v0.4.8.21-r2
Contributors
dependabot
Assets 2
Docker-tor Release 0.4.8.21-r1 (alpine 3.23.0)
What's Changed
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #155
- Bump anchore/scan-action from 7.2.0 to 7.2.1 by @dependabot[bot] in #156
- Bump alpine from 3.22.2 to 3.23.0 by @dependabot[bot] in #157
Full Changelog: v0.4.8.21...v0.4.8.21-r1
Contributors
dependabot
Assets 2
Docker-tor Release 0.4.8.21
What's Changed
- Bump anchore/scan-action from 7.1.0 to 7.2.0 by @dependabot[bot] in #153
- Update/tor 0.4.8.21 by @svengo in #154
Full Changelog: v0.4.8.20...v0.4.8.21
Tor changelog
The tor team has released another stable fixing more security issues.
See announcement: https://forum.torproject.org/t/stable-release-0-4-8-21/20817
Here is the ChangeLog.
Changes in version 0.4.8.21 - 2025-11-17
This release is a continuation of the previous one and addresses additional
Conflux-related issues identified through further testing and feedback from
relay operators. We strongly recommend upgrading as soon as possible.
o Major bugfixes (conflux, exit):
- When dequeuing out-of-order conflux cells, the circuit could be
close in between two dequeue which could lead to a mishandling of
a NULL pointer. Fixes bug 41162; bugfix on 0.4.8.4.
o Minor feature (compiler flag):
- Add -mbranch-protection=standard for arm64.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 17, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/11/17.
o Minor bugfixes (bridges, pluggable transport):
- Fix a bug causing the initial tor process to hang intead of
exiting with RunAsDaemon, when pluggable transports are used.
Fixes bug 41088; bugfix on 0.4.8.1-alpha.
Contributors
svengo and dependabot
Assets 2
Docker-tor Release 0.4.8.20
What's Changed
- Bump github/codeql-action from 3 to 4 by @dependabot[bot] in #147
- Bump alpine from 3.22.1 to 3.22.2 by @dependabot[bot] in #148
- Bump anchore/scan-action from 7.0.0 to 7.0.1 by @dependabot[bot] in #149
- Bump anchore/scan-action from 7.0.1 to 7.0.2 by @dependabot[bot] in #150
- Bump anchore/scan-action from 7.0.2 to 7.1.0 by @dependabot[bot] in #151
- Bump tor from 0.4.8.19 to 0.4.8.20 by @svengo in #152
Full Changelog: v0.4.8.19...v0.4.8.20
Tor Changelog
Changes in tor version 0.4.8.20 - 2025-11-10
This release fixes several bugfixes related to Conflux edge cases as well as
adding a new hardening compiler flag if supported. We strongly recommend to
upgrade as soon as possible.
o Minor feature (compiler flag):
- Add -fcf-protection=full if supported by the compiler.
Fixes 41139.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on October 06, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/11/10.
o Minor bugfixes (conflux fragile asserts):
- Fix the root cause of some conflux fragile asserts when a control
port listener is attached. Fixes bug 41037; bugfix on 0.4.8.16.
o Minor bugfixes (conflux, relay):
- Fix a series of conflux edge cases about sequence number
arithmetic and OOM handler kicking in under heavy memory pressure.
Fixes bug 41155; bugfix on 0.4.8.4.
Contributors
svengo and dependabot