Tor 0.4.2 Stable Release: Key Updates and Support Timeline

By Riley ThompsonTechnology News

Release of the New Stable Branch Tor 0.4.2

The Tor 0.4.2.5 toolkit, used for organizing the anonymous Tor network, has been officially released. Tor 0.4.2.5 is recognized as the first stable release of the 0.4.2 branch, which has been in development for the past four months. Updates have also been provided for older branches: 0.4.1.7, 0.4.0.6, and 0.3.5.9.

The 0.4.2 branch will be maintained according to the standard support cycleโ€”updates will end either nine months after release or three months after the release of the 0.4.3.x branch, whichever comes later. Long-term support (LTS) is provided for the 0.3.5 branch, with updates available until February 1, 2022. Support for the 0.4.0.x and 0.2.9.x branches will end at the beginning of next year.

Main Updates

  • Directory server blocking for outdated nodes: Directory servers now block connections from nodes running unsupported versions of Tor. Only nodes using current branches (0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2) will be allowed. This automatic blocking will help remove outdated nodes from the network as support for older branches ends. Outdated software on nodes negatively impacts network stability and increases security risks. Administrators who neglect Tor updates are likely to neglect other system and server application updates, raising the risk of targeted attacks. Unsupported nodes also hinder bug fixes, the adoption of new protocol features, and overall network efficiency. Operators of outdated systems were notified about the planned blocking back in September.
  • DoS protection for hidden services: New tools have been introduced to protect hidden services from DoS attacks. Introduction points can now limit the rate of client requests using parameters sent by the hidden service in the ESTABLISH_INTRO cell. If the hidden service does not use the new extension, the introduction point will use consensus parameters.
  • Blocking single-hop clients at introduction points: Direct single-hop clients, previously used for the now-unsupported Tor2web service, are now blocked at introduction points. This measure reduces network load from spam clients.
  • Generic token bucket for hidden services: A unified token bucket system has been implemented for hidden services, using a single counter to help mitigate DoS attacks.
  • Default to ED25519-V3 for new onions: The “BEST” mode in the ADD_ONION command now defaults to ED25519-V3 (v3) services instead of RSA1024 (v2).
  • Configuration data separation: The configuration code now supports splitting configuration data among multiple objects.
  • Significant code cleanup: The codebase has undergone major cleaning and refactoring.

Leave a Reply