The Tor Browser Team is proud to announce the second alpha release based on Firefox 38 ESR. This release is also the fourth and final alpha in the 5.0 series. The release is available for download in the 5.0a4 distribution directory and on the alpha download page. Most notably, this release contains an experimental defense against font fingerprinting by using an identical set of shipped fonts on all supported platforms. We've also updated the versions of several Tor Browser components, including updating Tor to 0.2.7.2-alpha. The 5.0-stable release will be based on Tor 0.2.6-latest, however. Last but not least we fixed a lot of important bugs that were due to our switch to Firefox 38 ESR, including issues with major websites such as Twitter. This release brings us very close to a stable Tor Browser 5.0, which we aim to release next week. Unless we hear about additional issues, not much will change between 5.0a4 and 5.0-stable, aside from the Tor version and possibly the font defense. Here is the complete changelog since 5.0a3 All Platforms Update Tor to 0.2.7.2-alpha with patches Bug 15482: Don't allow circuits to change while a site is in use Update OpenSSL to 1.0.1p Update HTTPS-Everywhere to 5.0.7 Update NoScript to 2.6.9.31 Update Torbutton to 1.9.3.1 Bug 16268: Show Tor Browser logo on About page Bug 16639: Check for Updates menu item can cause update download failure Bug 15781: Remove the sessionstore filter Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref Translation updates Bug 16884: Prefer IPv6 when supported by the current Tor exit Bug 16488: Remove "Sign in to Sync" from the browser menu Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup) Bug 15703: Isolate mediasource URIs and media streams to first party Bug 16429+16416: Isolate blob URIs to first party Bug 16632: Turn on the background updater and restart prompting Bug 16528: Prevent IndexedDB Modernizr site breakage on Twitter and elsewhere Bug 16523: Fix in-browser JavaScript debugger Bug 16236: Windows updater: avoid writing to the registry Bug 16005: Restrict WebGL minimal mode a bit (fixup) Bug 16625: Fully disable network connection prediction Bug 16495: Fix SVG crash when security level is set to "High" Build System Bug 15864: Rename sha256sums.txt to sha256sums-unsigned-build.txt Continue reading...
