We have two new stable releases today. If you build Tor from source, you can download the source code for 0.4.2.6 from the download page on our website. Packages should be available within the next several weeks, with a new Tor Browser by mid-February.

We've also put out an update for our older stable 0.4.1.x series: 0.4.1.8 (changelog), which you can download at dist.torproject.org. Note that the currently supported release series are now 0.3.5.x (LTS), 0.4.1.x, 0.4.2.x, and 0.4.3.x (in alpha). The 0.2.9.x series became unsupported on January 1, and support for 0.4.0.x will end on February 2.

This is the second stable release in the 0.4.2.x series. It backports several bugfixes from 0.4.3.1-alpha, including some that had affected the Linux seccomp2 sandbox or Windows services. If you're running with one of those configurations, you'll probably want to upgrade; otherwise, you should be fine with 0.4.2.5.

Changes in version 0.4.2.6 - 2020-01-30

Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this led to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on 0.4.1.7. Patch by Peter Gerber.

Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha): Use GCC/Clang's printf-checking feature to make sure that tor_assertf() arguments are correctly typed. Fixes bug 32765; bugfix on 0.4.1.1-alpha.

