After months of hard work, there's a new stable Tor release series available! If you build Tor from source, you can now download the source code for Tor 0.3.2.9 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.

Tor 0.3.2.9 is the first stable release in the 0.3.2 series.

The 0.3.2 series includes our long-anticipated new onion service design, with numerous security features. (For more information, see our blog post at https://blog.torproject.org/fall-harvest.) We also have a new circuit scheduler algorithm for improved performance on relays everywhere (see https://blog.torproject.org/kist-and-tell), along with many smaller features and bugfixes.

Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after the first stable release of the next series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

Below is a list of the changes since 0.3.1.7. For a list of all changes since 0.3.2.8-rc, see the ChangeLog file.

Changes in version 0.3.2.9 - 2018-01-09

Directory authority changes: Add "Bastet" as a ninth directory authority to the default list. Closes ticket 23910. The directory authority "Longclaw" has changed its IP address. Closes ticket 23592. Remove longclaw's IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. Add an IPv6 address for the "bastet" directory authority. Closes ticket 24394.

Major features (next-generation onion services): Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including: a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519) b) Improved directory protocol, leaking much less information to directory servers. c) Improved directory protocol, with smaller surface for targeted attacks. d) Better onion address security against impersonation. e) More extensible introduction/rendezvous protocol. f) A cleaner and more modular codebase. You can identify a next-generation onion address by its length: they are 56 characters long, as in "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion". In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224. Legacy ("v2") onion services will still work for the foreseeable future, and will remain the default until this new codebase gets tested and hardened. Service operators who want to experiment with the new system can use the 'HiddenServiceVersion 3' torrc directive along with the regular onion service configuration options. For more information, see our blog post at "https://blog.torproject.org/fall-harvest". Enjoy!

