Download Tor Browser Bundle 4.5
Version 4.5 of the Tor Browser Bundle has been released. Tor stands for The Onion Router and is a network that can be used to surf the internet fairly anonymously. All users’ tcp traffic is routed through various Tor routers, after which it is virtually impossible for the receiver to trace who the original sender was. This information is still present within the Tor network, so that answers – of course also via the system of routers – eventually arrive at the right place. Detailed information about the improvements in version 4.5 are on this page to find, this is the changelog:
All Platforms
- Update Tor to 0.2.6.7 with additional patches:
- Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
- Update NoScript to 2.6.9.22
- Update HTTPS Everywhere to 5.0.3
- Bug 15689: Resume building HTTPS-Everywhere from git tags
- Update meek to 0.17
- Include obfs4proxy 0.0.5
- Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
- Pluggable Transport Dependency Updates:
- Bug 15265: Switch go.net repo to golang.org/x/net
- Bug 15448: Use golang 1.4.2 for meek and obs4proxy
- Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
- Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
- Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
- Bug 13576: Don’t strip “bridge” from the middle of bridge lines
- Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
- Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
- Bug 14336: Fix navigation button display issues on some wizard panes
- Bug 15657: Display the host:port of any connection faiures in bootstrap
- Bug 15704: Do not enable network if wizard is opened
- Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
- Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
- Bug 5698: Use “Tor Browser” branding in “About Tor Browser” dialog
- Bug 7255: Warn users about maximizing windows
- Bug 8400: Prompt for restart if disk records are enabled/disabled.
- Bug 8641: Create browser UI to indicate current tab’s Tor circuit IPs
- (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
- Bug 9387: Security Slider 1.0
- Include descriptions and tooltip hints for security levels
- Notify users that the security slider exists
- Make use of new SVG, jar, and MathML prefs
- Bug 9442: Add New Circuit button to Torbutton menu
- Bug 9906: Warn users before closing all windows and performing new identity.
- Bug 10216: Add a pref to disable the local tor control port test
- Bug 10280: Strings and pref for preventing plugin initialization.
- Bug 11175: Remove “About Torbutton” from onion menu.
- Bug 11236: Don’t set omnibox order in Torbutton (to prevent translation)
- Bug 11449: Fix new identity error if NoScript is not enabled
- Bug 13019: Change local spoofing pref to boolean
- Bug 13079: Option to skip control port verification
- Bug 13406: Stop directing users to download-easy.html.en on update
- Bug 13650: Clip initial window height to 1000px
- Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
- Bug 13766: Set a 10 minute circuit lifespan for non-content requests
- Bug 13835: Option to change default Tor Browser homepage
- Bug 13998: Handle changes in NoScript 2.6.9.8+
- Bug 14100: Option to hide NetworkSettings menu item
- Bug 14392: Don’t steal input focus in about:tor search box
- Bug 14429: Provide automatic window resizing, but disable for now
- Bug 14448: Restore Torbutton menu operation on non-English localizations
- Bug 14490: Use Disconnect search in about:tor search box
- Bug 14630: Hide Torbutton’s proxy settings tab.
- Bug 14631: Improve profile access error msgs (strings for translation).
- Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
- Bug 15085: Fix about:tor RTL text alignment problems
- Bug 15460: Ensure FTP urls use content-window circuit isolation
- Bug 15502: Wipe blob: URIs on New Identity
- Bug 15533: Restore default security level when restoring defaults
- Bug 15562: Bind SharedWorkers to thirdparty pref
- Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
- Bug 4100: Raise HTTP Keep-Alive back to 115 second default
- Bug 5698: Fix branding in “About Torbrowser” window
- Bug 10280: Don’t load any plugins into the address space by default
- Bug 11236: Fix omnibox order for non-English builds
- Also remove Amazon, eBay and bing; add Youtube and Twitter
- Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
- Bug 12430: Provide a preference to disable remote jar: urls
- Bugs 12827+15794: Create preference to disable SVG images (for security slider)
- Bug 13019: Prevent Javascript from leaking system locale
- Bug 13379: Sign our MAR update files
- Bug 13439: No canvas prompt for content callers
- Bug 13548: Create preference to disable MathML (for security slider)
- Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
- Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
- Bug 13788: Fix broken meek in 4.5-alpha series
- Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
- Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
- Bug 14392: Make about:tor hide itself from the URL bar
- Bug 14490: Make Disconnect the default omnibox search engine
- Bug 14631: Improve startup error messages for filesystem permissions issues
- Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
- Bug 14937: Hard-code meek and flashproxy node fingerprints
- Bug 15029: Don’t prompt to include missing plugins
- Bug 15406: Only include addons in incremental updates if they actually update
- Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
- Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
- Bug 15562: Disable Javascript SharedWorkers due to third party tracking
- Bug 15757: Disable Mozilla video statistics API extensions
- Bug 15758: Disable Device Sensor APIs
Linux
- Bug 12468: Only print/write log messages if launched with –debug
- Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
- Bug 13717: Make sure we use the bash shell on Linux
- Bug 15672: Provide desktop app registration+unregistration for Linux
- Bug 15747: Improve start-tor-browser argument handling
Windows
- Bug 3861: Begin signing Tor Browser for Windows the Windows way
- Bug 10761: Fix instances or shutdown crashes
- Bug 13169: Don’t use /dev/random on Windows for SSP
- Bug 14688: Create shortcuts to desktop and start menu by default (optional)
- Bug 15201: Disable ‘runas Administrator’ codepaths in updater
- Bug 15539: Make installer exe signatures reproducibly removable
mac
- Bug 10138: Switch to 64bit builds for MacOS
Version number | 4.5 |
Release status | Final |
Operating systems | Windows 7, Android, Linux, Windows XP, macOS, Windows Vista, Windows 8, Windows 10 |
Website | The Tor Project |
Download | |
File size |
34.18MB |
License type | GPL |