Onion Browser Version History (since 1.2.2)
FUTURE:
===== 2.0 - In Development =====
Features subject to change.
* New design and new codebase, based on the Endless Browser open source
project by jcs, used with permission; many thanks to jcs for allowing us
to build off of his work. Major highlights:
- Tabbed browsing
- Built-in HTTPS Everywhere ruleset
- Built-in tracking prevention and ad blocking
- HTTP Strict Transport Security (HSTS) support
- SSL certificate viewer
- Ability to set privacy on a per-site basis
- 1Password extension support
* New "flat" icon.
? Minimum required iOS version is now iOS 9.0 (was iOS 8.2).
? Data encryption with an app-level password. Supplements current
encryption done by the iOS operating system, improving protection
against forensic tools.
===== 1.7.5 - Pending App Store Approval =====
May 21 2017 - Submit Date
* Built-in obfs4 and meek-amazon bridges updated to latest Tor Browser
Bundle configuration.
* Tor updated to 0.3.0.7, fixing several Tor networking bugs.
CURRENT VERSION:
===== 1.7.4 - In App Store =====
Apr 02 2017 - Submit Date
Apr 04 2017 - App Store Availability
* Built-in bridges updated to latest Tor Browser Bundle configuration.
(Fixes non-working meek-azure.)
* Tor updated to 0.3.0.4-rc.
* Updated user-agent spoofing strings.
PREVIOUS VERSIONS:
===== 1.7.3 =====
Feb 21 2017 - Submit Date
Feb 24 2017 - App Store Availability
* Initial support for IPv6-only networks.
* Simplified the initial "Loading..." progress screen.
* Tor updated to 0.3.0.3-alpha.
===== 1.7.2 =====
Dec 14 2016 - Submit Date
Dec 15 2016 - App Store Availability
* OpenSSL downgraded to 1.0.2j.
* The OpenSSL version change fixes severe crash issue on all 32bit iOS
devices. This affected all users of iPhone 5C, iPhone 5, iPhone 4S, iPad
Mini 1, iPad 4, iPod Touch, and other older iOS devices.
===== 1.7.1 =====
Dec 13 2016 - Submit Date
Dec 13 2016 - App Store Availability
* Adjusted build config to try to fix crash-on-launch issue affecting
certain devices due to a linking issue.
* Tor updated to 0.2.9.7-rc
===== 1.7.0 =====
Dec 07 2016 - Submit Date
Dec 09 2016 - App Store Availability
* Bridge handling code revised so that the built-in obfs4 bridges get
updated when Onion Browser updates. Previously you had to re-select
the built-in bridges to receive new ones.
* Tor, libevent, and OpenSSL are now built using the Tor.framework
toolkit. See github.com/icepa for more information. Using the
framework to provide dependencies should improve maintainability
of the app going forward.
* LICENSE file has been greatly simplified. The Onion Browser 1.7
series is now made available under the Mozilla Public License 2.0;
certain unmodified source files may continue to be licensed under
their original licenses.
* Tor updated to 0.2.9.6-rc
* libevent updated to 2.1.7-rc
* OpenSSL updated to 1.1.0c
===== 1.6.2 =====
Aug 24 2016 - Submit Date
Aug 25 2016 - App Store Availability
* Tor updated to 0.2.8.7, containing several important security fixes:
https://blog.torproject.org/blog/tor-0287-released-important-fixes
===== 1.6.1 =====
Aug 18 2016 - Submit Date
Aug 19 2016 - App Store Availability
* iObfs rebuilt with golang 1.7 (was 1.7rc3). Fixes crash-on-start when using
iOS 10 Beta.
===== 1.6.0 =====
Aug 04 2016 - Submit Date
Aug 07 2016 - App Store Availability
* iObfs integration: Onion Browser now supports several "pluggable transport"
bridge types, including obfs4, meek, and other PT bridge types,
meaning Onion Browser should connect more successfully in more locations
that block Tor. Special thanks to The Guardian Project for helping support
this work. For more info about iObfs (an obfs4proxy iOS port), please visit:
https://github.com/mtigas/iObfs
* Bridge user interface overhaul: Onion Browser now comes with the same default
bridges for obfs4, meek-amazon, and meek-azure, as the Tor Browser Bundle and
Orbot. An easier-to-use bridge page allows users to select the defaults with
"one click" and without having to manually edit bridge config lines.
* User-agent spoofing strings updated to the latest versions: iOS 9 Safari,
macOS El Capitan Safari (9.1.1), Tor Browser Bundle 6.0 (Windows 7,
Firefox 45).
* Tor updated to 0.2.8.6, the first stable release in the 0.2.8 series.
This version contains several performance and security improvements.
https://blog.torproject.org/blog/tor-0286-released
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.8.5-rc
* OpenSSL updated to 1.0.2h.
https://www.openssl.org/news/secadv/20160503.txt
https://openssl.org/news/changelog.html
* Minimum required iOS version is now iOS 8.2 (was iOS 8.0). Support for iOS
8.X will continue until Onion Browser 2.0 is released.
===== 1.5.16 =====
Dec 29 2015 - Submit Date
Jan 07 2016 - App Store Availability
* Tor updated to 0.2.7.6.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.6
===== 1.5.15 =====
Dec 03 2015 - Submit Date
Dec 10 2015 - App Store Availability
* Tor updated to 0.2.7.5, the first stable release in the new
Tor 0.2.7 series.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.5
* OpenSSL updated to 1.0.2e, fixing several security issues.
https://openssl.org/news/secadv/20151203.txt
https://openssl.org/news/changelog.html
===== 1.5.14 =====
Oct 31 2015 - Submit Date
Nov 08 2015 - App Store Availability
* FIX: Crash when pressing menu button on iPad.
* FIX: GREATLY improve the Onion Browser experience when coming back from
background. Despite my best efforts to fix the problem, there was a minor
code bug regarding "appDidBecomeActive" that went unnoticed for a very
long time. BIG thanks to RustamDz who pointed out the relevant code
error. (#2 #59)
* Tor updated to 0.2.7.4-rc. This future-proofs Onion Browser a bit
by supporting stronger Ed25519 encryption keys. The 0.2.7 series also
improves recovery when the clock jumps -- which likely also improves
Onion Browser's chances of continuing successfully when coming back
from background.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.4-rc
===== 1.5.13 =====
Oct 22 2015 - Submit Date
Oct 30 2015 - App Store Availability
* Improve Tor's chances of coming back after being in background.
Adjusted encryption so Tor connection state can be accessed by the
app even if device goes to sleep. (These files are not
user-generated except for torrc.) Other files, such as cache and
user bookmarks are still protected the moment the device is locked.
* Minimum required iOS version is now iOS 8.0 (was iOS 6.1). This will
allow extensive code cleanup for future versions of Onion Browser.
iOS 8.2 will be required by the end of 2015.
* Users running iOS 8.0 and 8.1 will be warned about HTTPS insecurity
(due to FREAK exploit) on every app launch.
* Update HTTP errors. The "HTTPS Connection Failed" error was displaying
in situations where the error had nothing to do with SSL failure.
* Allow navigating to "about:blank" and allow setting the homepage to
that URL. (#62)
* Update bridge handling to make it difficult to enter in an
unsupported bridge type, such as "obfs4" or "scramblesuit" via
text entry or the QR Code scanner.
* iOS 9 code compatibility updates.
* Tor updated to 0.2.6.10.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.10
* OpenSSL updated to 1.0.2d.
https://openssl.org/news/changelog.html
===== 1.5.12 =====
Mar 20 2015 - Submit Date
Mar 31 2015 - App Store Availability
* Allow pasting in the bridges.torproject.org text blob to set
bridges, like the Tor Browser launcher. #55
* Allow scanning QR code from bridges.torproject.org to set
bridges. #56
* On first run, allow user to configure bridges before trying to
launch Tor. Once Pluggable Transports are working, this will be
useful for users where Tor traffic looks suspicious. #57
* Tor updated to 0.2.6.5-rc.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.5-rc
* OpenSSL updated to 1.0.2a.
https://openssl.org/news/secadv_20150319.txt
https://openssl.org/news/openssl-1.0.2-notes.html
* Redesigned "Connecting..." prompt when opening the app.
===== 1.5.11 =====
Mar 10 2015 - Submit Date
Mar 17 2015 - App Store Availability
* Fix issue where bridges with 5-digit port numbers were not allowed
in the bridge configuration. Issue reported by Andrew Auerbach.
* Improve connection error handling and alert user if Tor client has
stopped working.
* Tor updated to 0.2.6.4-rc.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.4-rc
* OpenSSL updated to 1.0.2.
https://openssl.org/news/openssl-1.0.2-notes.html
* Libevent updated to 2.0.22-stable.
https://raw.githubusercontent.com/libevent/libevent/release-2.0.22-stable/ChangeLog
===== 1.5.10 =====
Nov 11 2014 - Submit Date
Nov 11 2014 - App Store Availability
* Add padlock icon to denote whether the page was delivered entirely
over TLS or if there was some insecure content sent along with the HTTPS
page. (#42)
* Fix crashing if a user entered anything other than an ip_address:port
as a bridge. Now notifies user that the choice was invalid before trying
to use it in Tor.
* Fix display of the progress bar in iOS 8.
* Attempt to fix issue where Forward/Back/"Open Home Page" buttons
would simply stop the browser and not load the desired page.
* Streamlined error handling so that web pages that abruptly stop
should provide useful error messages or error codes to users, who
can then report the issue.
===== 1.5.9 =====
Nov 09 2014 - Submit Date
Nov 10 2014 - App Store Availability
* Fixed crash when allowing Onion Browser to bypass unverified SSL
certificates. Affected use of DuckDuckGo .onion site over SSL. Issue
reported by Alex Ristich.
* SSLv3 connections to websites are now disabled by default, to avoid the
POODLE attack. Option added to set the minimum required SSL/TLS version,
set to TLSv1.0 by default.
* Tor updated to 0.2.5.10, the first stable release in the 0.2.5.X series.
https://blog.torproject.org/blog/tor-02510-released-and-tor-023x-deprecated
https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes
* OpenSSL updated to 1.0.1j, fixing four vulnerabilities including the
POODLE attack.
https://www.openssl.org/news/secadv_20141015.txt
* Fixed a display issue on the settings page.
===== 1.5.8 =====
Sep 26 2014 - Submit Date
Oct 08 2014 - App Store Availability
1.5.6 was submitted, but replaced before App Store release.
1.5.7 version number was skipped due to an issue with iTunes Connect.
* Fix major issue where "Browser Settings" button did not open settings
page on iPad.
* App now uses the native device resolution on iPhone 6 and iPhone 6 Plus,
instead of going into "stretch mode".
* Fix "screen blanking" behavior when switching away from Onion Browser.
* Change app name on home screen back to "Onion Browser" since it seems that
the ellipsis-causing change in iOS 7 was possibly fixed in iOS 7.1 or 8.
* User-agent spoofing strings updated to the latest iOS 8 Safari and Mac OS
X Mavericks Safari (7.1).
* Tor updated to 0.2.5.8-rc, the second release candidate in the
0.2.5.X series. The switch to 0.2.5.X should somewhat improve connection
stability, as well as improve overall security. 0.2.5.8 in particular
improves connections to hidden services.
https://blog.torproject.org/blog/tor-0257-rc-out
https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes
===== 1.5.5 =====
Sep 13 2014 - Submit Date
Sep 18 2014 - App Store Availability
* Rebuilt with iOS 8 SDK to hopefully mitigate any issues on newly
released iPhones.
* Minimum required iOS version is now iOS 6.1 (was iOS 6.0). This should
enforce the fix for CVE-2014-1266 on the oldest supported devices. iOS
6.X support will be dropped later this year.
===== 1.5.4 =====
Aug 11 2014 - Submit Date
Aug 13 2014 - App Store Availability
* Tor updated to 0.2.4.23, containing several security fixes, incl
some mitigation of the RELAY_EARLY traffic confirmation attack.
https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.4;f=ReleaseNotes
* OpenSSL updated to 1.0.1i, with some security fixes (mostly
affecting ways to crash apps which use OpenSSL).
http://www.openssl.org/news/secadv_20140806.txt
* Entering a unicode IDN (internationalized domain name) such as
http://·.ws/ properly gets converted to the punycode
representation and the browser properly navigates to the correct
place (i.e. http://xn--uba.ws/ ). Previously the browser would
do nothing with this input. Issue reported by Barend Rijn.
===== 1.5.3 =====
June 30 2014 - Submit Date
July 02 2014 - App Store Availability
* A bug in the default "Block XHR/Media/WebSocket" active content
blocking mode caused iOS to allow video tags while blocking scripts.
An example of this was shown in the http://xordern.net/ipcheck
vulnerability disclosure.
* In some cases, the address bar could display a forged URL when
a page causes certain types of errors. Reported by Łukasz Pilorz.
Test case: https://ios.browsr-tests.com/alt/native.abs.php
===== 1.5.2 =====
June 16 2014 - Submit Date
June 19 2014 - App Store Availability
* Active Content Blocking now attempts to disable WebWorkers.
JavaScript using "Worker()" to call other scripts could previously
access WebSockets and other "blocked" functionality, which could
bypass Tor.
* File encryption tweaked to attempt to fix issue where Onion Browser
app would disappear from home screne. In some cases, if the app
crashed, the app executable could be encrypted such that the OS
could no longer access the app.
* OpenSSL updated to 1.0.1h, fixing the "Early CCS" vulnerability.
===== 1.5.1 =====
May 20 2014 - Submit Date
May 22 2014 - App Store Availability
* Onion Browser erroneously did not use 'gzip' compression to
communicate with web servers. This has been corrected, which
should greatly improve pageload performance.
* New "normalized" user agents have been added. Users who left
Onion Browser on the 'No Spoofing' setting are now defaulted to
the appropriate "normalized" setting for their device.
* User Agent spoofing now attempts to spoof the javascript
"navigator.userAgent" variable that sites could previously use
to detect an attempted UA spoof. (Previously, this variable still
contained the browser's real identification.)
* Fixed rendering issue on iPads, where the browser section would
overlap the bottom toolbar.
* Active Content Blocking now attempts to disable using WebSockets
and other dangerous activity by modifying incoming content.
* Some settings text made more explicit. The "Pipelining" setting
has been removed and is now always enabled.
* Tor updated to 0.2.4.22, which blacklists Tor directory keys that
were susceptible to Heartbleed. Also improves TLS ciphersuite
selection for Tor.
===== 1.5.0 =====
May 11 2014 - Submit Date
May 14 2014 - App Store Availability
Onion Browser has received a security audit and pentest by Cure53.de,
funded by the Open Technology Fund at Radio Free Asia. Security issues
corrected due to this audit are marked with the vulnerability ID
(i.e. "OB-01-XX").
See https://mike.tig.as/onionbrowser/security/ for details and more
up-to-date security information.
FIXED VULNERABILITIES
* OB-01-005: "Third-Party Cookie" blocking was not working as
expected. The "Block Third Party" cookie option simply allowed all
cookies. Fixed in e70e2fcbca.
* OB-01-006: Due to improper handling of itms: and itms-app: URIs, an
attacker could cause the iTunes app to auto-open from Onion Browser,
causing iTunes to open too quickly for the Tor tunnel would close
properly. If Onion Browser was in the middle of loading resources
from the attacker's page, partial SSL traffic would be sent to the
attacker's website outside of Tor, exposing the user's real IP
address. Fixed in 89121d3271.
* OB-01-009: Domain names containing ".onion" anywhere originally
bypassed all SSL certificate checks. Fixed in 271b2b22df.
* OB-01-010: WebSockets were discovered to bypass Tor entirely and no
easy avenue for intercepting these requests (to pass into Tor or to
block) has been discovered yet. Active Content Blocking now blocks
these connections by default; unfortunately, this also blocks all
AJAX/XHR requests as well. A (dangerous) option to re-enable all
Javascript-based requests has been added. Fixed in 983687ed67.
* OB-01-013: The "click here to force-quit the app" function inside
the help page has been replaced with instructions on how to quit
the app manually. The "onionbrowser:forcequit" URL was previously
susceptible to an app-crasher attack (i.e. by inclusion in a tag
such as <img src="onionbrowser:forcequit">) and has been removed.
Behavior changed in c5cfb15a99.
* OB-01-014: Browser cache, HTML5 "local storage", and HTML5 database
functionality is now always blocked. Websites previously could take
advantage of these features to create "evercookie" scenarios that
could bypass the "Block Cookies" feature in Onion Browser. Changed
in 4d3ef413bd.
* OB-01-016: HTML content loaded via "data:" URIs would bypass the
"Block Active Content" setting. If a user navigates to a specially
crafted "data:text/html..." URI (via redirect or "meta refresh"),
the page could load a video tag, exposing the user's IP address.
"data:" URIs that are not image files are now blocked from being
loaded in the address bar or via redirect. Fixed in 546a5434b1.
* OB-01-017: Onion Browser previously loaded "onionbrowser://" URLs
without prompting the user. This could create a case where an
attack site opened in another browser would redirect a user to
"onionbrowser://example.com/?ip=xxx.xxx.xxx.xxx", revealing at the
user at the given IP address is an Onion Browser user and then
identify the Onion Browser session to that particular user. Onion
Browser now prompts a user on incoming links, displaying the link
before the browser proceeds. Behavior changed in d7d1941d3d.
OTHER FIXED ISSUES
* OB-01-001: Onion Browser now masks the current activity from
appearing in the "app picker" thumbnail image when the app goes to
background. Fixed in 535fc0c130.
* OB-01-002/OB-01-003/OB-01-007: Use of iOS' built-in file encryption
has been overhauled such that all files in the app's sandbox (app,
settings, cachces, cookies, etc) are all protected when the device
goes into a lock state. Fixed in 7ec879611b, see [AppDelegate
-updateFileEncryption] for more details.
* OB-01-012 note: When built for debugging or the iOS Simulator, Onion
Browser is not compiled with ASLR (Address Space Layout
Randomization), which could leave the app vulnerable to memory bugs.
However, the app, when compiled for "Release" is ASLR/PIE compiled.
You may test this by executing the following command on the output
of the "Build" command (or against an already-compiled ".app" copy
that you have): `otool -hv </path/to/OnionBrowser.app>/OnionBrowser`
(i.e., `otool -hv ~/Downloads/OnionBrowser.app/OnionBrowser`)
The output should contain the "PIE" flag.
* OB-01-015: Autocomplete and autocorrect have been disabled on all
app-controlled text fields. (This includes settings, bookmarks,
address bar. Fields on web pages are unfortunately not subject to
this restriction.) Autocorrect results in user-typed data being
logged in the system's keyboard cache, which could leak private
information out of the app. Updated in a5a409876d.
OTHER UPDATES
* The homepage has been changed, as the official check.torproject.org
domain now performs useragent checking and was confusing users. The
new homepage resides on a Tor hidden service, ensuring Tor
connectivity and does provide a link over to the original
check.torproject.org site.
* User-agent strings have been updated. "Windows" spoof updated to
Windows 7 Firefox 24.0, same as Tor Browser Bundle. "Mac Safari"
updated to OS X 10.9.2 Safari 7.0.3, most up-to-date version.
===== 1.4.1 =====
Apr 21 2014 - Submit Date
Apr 23 2014 - App store availability
* OpenSSL updated to 1.0.1g, fixing the Heartbleed bug. Note that in
Onion Browser, Heartbleed only affects the connection between your
the device and a Tor entry guard or bridge. Browser traffic is not
vulnerable (but speaking to affected websites is still insecure
regardless of which browser you use).
* Tor updated to 0.2.4.21.
* Compiled for iOS SDK 7.1 (XCode 5.1).
* Onion Browser now encrypts locally-stored data, including browser
settings, bookmarks, and Tor bridges (if enabled).
* Fix issue where Onion Browser was not allowing third-party apps to
open. When encountering a URI scheme that can open in another app,
Onion Browser will now ask the user if they want to open the app.
(Example: clicking on a "tel:" link can now open the phone app
rather than simply fail.)
* Tweaks to content-security-policy so that even with "active content
blocking" enabled, some safe activity is still allowed, such as
using the target attribute on a link inside a frame. Fixes issues
with websites using frames (including default home page). Contributed
by Łukasz Pilorz.
===== 1.4 =====
Feb 01 2014 - Submit Date
Feb 05 2014 - App store availability
* App is now being compiled with 64-bit CPU optimization (for iPhone 5S
and new iPads), which may improve cryptographic performance and battery
life. (Older devices are still supported, as long as they are using a
compatible version of iOS.)
COMPATIBILITY NOTE: App now requires iOS 6.0 or greater.
* A progress bar / loading bar, similar to one used in Safari, has been
added to the app. Uses NJKWebViewProgress, by Satoshi Asano.
https://github.com/ninjinkun/NJKWebViewProgress
* A copy of the help site has been embedded into the app, for offline
viewing. This should help users having trouble when encountering the
"Tor stops working after idle" bug.
* Fix awkward navbar / address bar spacing in iOS 7.
===== 1.3.14 =====
Jan 26 2014 - Submit date
Jan 30 2014 - App store availability
* MAJOR SECURITY IMPROVEMENT: Add experimental ability to turn off
JavaScript and other active content. See onionbrowser.com for more
details. Patch based on contribution by Łukasz Pilorz.
(COMPATIBILITY NOTE: Active content blocking is only partially supported
in iOS 5.1. Users are advised to upgrade their devices to a newer version
of iOS.)
* Ability to set a custom home page. Revamped settings so that future
customizations will be easier to implement.
* Add ability for other apps to open links in Onion Browser. Other apps
can use the "onionbrowser://" (HTTP) or "onionbrowsers://" (HTTPS) URI
protocols to launch Onion Browser. See README.
* Tweak "Connecting..." info page, based on input from Wong Choon Jie.
* Update default home page.
* OpenSSL updated to 1.0.1f.
* Tor updated to 0.2.4.20.
===== 1.3.13 =====
Nov 17, 2013 - Submit date
Nov 20, 2013 - App store availability
* More fixes to iPad "black bar" issue on iOS 7.0.
* Tor updated to 0.2.4.18-rc, which enables TLS 1.1 and 1.2 for improved
security.
===== 1.3.12 =====
Oct 18, 2013 - Submit date
Oct 23, 2013 - App store availability
* Fix issue when opening app on iPad when in Landscape mode. ("Black bar"
problem.)
* Fix some possible instances of random crashing introduced in previous
version.
* Fix issue where bottom of webpage was covered by toolbar at bottom of
screen.
===== (No version 1.3.11) =====
===== 1.3.10 =====
Oct 11, 2013 - Submit date
Oct 16, 2013 - App store availability
* MAJOR PRIVACY ISSUE FIXED: App previously did not successfully wipe
HTML5 "application storage" (aka "local storage" or "app cache"), even
when force-quitting or selecting "New Identity". This could be seen by
testing a Google Search and noticing previous searches in a dropdown
(due to Google's use of this cache). (Issue 26)
https://github.com/mtigas/iOS-OnionBrowser/commit/dffce7070856927a8bb9f92a8fa67523d0e9eb10
https://github.com/mtigas/iOS-OnionBrowser/commit/7ae6bcb5aa33538159c423a3b6c9987725e46d9a
* Add check.torproject.org frame to homepage, to ensure that user has
successfully connected to Tor. (See Issue 28)
https://github.com/mtigas/iOS-OnionBrowser/commit/18590148ee9e527c07dc82cb85143bc085f29c1e
* Fix issue with "New Identity" button on iPad when device is rotated
in landscape mode. (Issue 32)
https://github.com/mtigas/iOS-OnionBrowser/commit/df1c98b96e05db6e1c2f86125396e10cb8bb48a6
* Force using "ntor" connection handshake, which is faster and is now
the default for 0.2.4.X and newer versions of Tor. This is preferred
by 0.2.4.X relays (and is forced on in 0.2.5.X). This is a countermeasure
against the botnet congestion that was introduced in September 2013
and helps reduce load on the overall Tor network.
https://github.com/mtigas/iOS-OnionBrowser/commit/68deb93eab4e99527f959297be571514f4ea6911
===== 1.3.9 =====
Oct 06, 2013 - Submit date
Oct 10, 2013 - App store availability
* Quick fix to support iOS 5.1+. Previous update accidentally required
iOS 7.0.
* OPTIMIZATION NOTE: iPhone 5s (64-bit) CPU optimization -- introduced in
the previous version -- has been removed. Apps compiled with these CPU
optimziations are only compatible with iOS 6.0 and greater.
This only affects minor portions of the encryption/decryption code. Much
of the CPU load related to Onion Browser is caused by browser rendering,
rather than encryption, so the speedups were negligible in the first place.
When compiling your own copy of Onion Browser from this source tree, you
can re-enable the CPU optimizations by going to [OnionBrowser project ->
Build Settings -> Architectures] and then selecting "Standard architectures
(including 64-bit)". This will require you to change Deployment Target
to 6.0 or greater.
===== 1.3.8 =====
* COMPATIBILITY NOTE: An issue with the way this release was processed
causes it to require iOS 7.0. An update has been submitted that will return
support for iOS versions earlier than 7.0.
* Native iOS 7 support and iPhone 5s (64-bit) performance optimizations.
* Tor updated to 0.2.4.17-rc.
===== 1.3.7 =====
Jun 29, 2013 - Submit date
Jul 03, 2013 - App store availability
* COMPATIBILITY NOTE: App now requires iOS 5.1 and greater. This change should
only affect an extreme minority of users who remain on iOS 5.0.
* Add links to StartPage/IxQuick and DuckDuckGo (non-onion) since the DDG
.onion service occasionally has issues. (Based on user-reported issue.)
* Update user-agent spoof to match latest Tor Browser Bundle (for "Windows 7"
spoof) and Mac OS X Safari (for "OS X" spoof). (Based on user-reported
issue.)
* Fix minor code typo (thanks to user-submitted patch).
* Update Reachability library to allow ARC for increased stability.
* Update tor to 0.2.4.14-alpha (Jun 18, 2013) [1]
[1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.14-alpha:/ChangeLog
===== 1.3.6 =====
Jun 18, 2013 - Submit date
Jun 21, 2013 - App store availability
* Fixes support for streamed HTTP requests. This fixes "long" requests, such
as uploading images or other media, i.e. on Twitter. (Issue #29; fix
contributed by brantyoung)
* Update tor to 0.2.4.13-alpha (Jun 14, 2013). Provides important fix to
crash-related vulnerability, and other security updates and minor fixes.[1]
[1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.13-alpha:/ChangeLog
===== 1.3.5 =====
May 18, 2013 - Submit date
May 22, 2013 - App store availability
* Update tor to 0.2.4.12-alpha (Apr 18, 2013). Provides several security
updates and minor fixes.[1]
[1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.12-alpha:/ChangeLog
===== 1.3.4 - In App Store =====
Mar 17, 2013 - Build/submit date
Mar 21, 2013 - App store availability
* Update tor to 0.2.4.11-alpha (Mar 11, 2013). Moved back to alpha
releases since 0.2.4.X introduces several security & performance
improvements. Also eases future investigation of integrating obfs2 or
other pluggable transports in the future. (This would allow Onion Browser
to operate in areas where Tor is blocked due to deep packet
inspection techniques.)
The new "ntor" circuit-building handshake protocol[1] (with improved
security and performance) is compiled into this version but will not
be used until it Tor directory servers recommend[2] it.
[1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.11-alpha:/ChangeLog#l315
[2]: http://archives.seul.org/tor/cvs/Jan-2013/msg00121.html
* Update openssl to 1.0.1e (Feb 11 2013).
Changes 1.0.1c -> 1.0.1d: https://www.openssl.org/news/news.html
Changes 1.0.1d -> 1.0.1e: https://www.openssl.org/news/announce.html
* Update compile settings to build against iOS SDK 6.1. App remains
compatible for devices running iOS 5.0+.
===== 1.3.3 =====
Dec 07, 2012 - Build date
Dec 13, 2012 - App Store accept date
* Update tor to 0.2.3.25 (Nov 19, 2012). This is a stable release.
* Update libevent to 2.0.21-stable (Nov 18, 2012)
===== 1.3.2 =====
Nov 04, 2012 - Build/submit date
Nov 12, 2012 - App Store accept date
* Update tor to 0.2.3.24-rc (Oct 25, 2012). Fixes several security
and connectivity-related issues.
===== 1.3.1 =====
Sep 12, 2012 - Build/submit date
Sep 18, 2012 - App Store accept date
* Support iPhone 5 (taller 4" Retina screen). Also compile openssl,
libevent, and Tor for "armv7s" CPU target, which represents the new
A6 processor. May improve performance on the iPhone 5 versus
more generically compiled versions of those libraries.
* Bookmarking feature. Moved most of the "quick links" from startup
page into "preset" bookmarks.
* Ability to configure Tor bridges. This is primarily geared toward
advanced users that are using networks that attempt to block Tor via
a "master list" of Tor nodes. See http://onionbrowser.com/help/
for instructions.
* Major changes to underlying Tor wrapper code. May solve issues
related to connection dying after the app has been open for some
time and if the app was open while the device went into idle sleep.
(Issue #2, Issue #3)
* Fixes CSS/JS on sites like meine-startseite.de, where statically gzipped
resources are served (i.e. "foo.gz.css") automatically. HTTP code in
Onion Browser now automatically handles these cases. (Issue #21)
* Fix issue where devices running iOS 5.1+ would work. Onion Browser
should now work properly in all devices that have iOS 5.0 or higher.
* Update tor to 0.2.3.22-rc (Sep 11, 2012).
===== 1.3.0 =====
* Note: 1.3.0 was not released due to a bug discovered after original
submission. 1.3.1 (above) contains and supersedes all changes that were
originally slatedfor that version. All changes since 1.2.6 are listed above.
===== 1.2.6 =====
Sep 05, 2012 - Build/submit date
Sep 11, 2012 - App Store accept date
* Add warning message when clicking "New Identity" because of possible
history leak: ":visited" CSS style still triggers on visited URLs
despite clearing UIWebView history. (Issue #20 reported by sintime.)
* Closing the app while doing "initial connection" no longer causes
connection to hang. App properly cancels connections/exits so that
initialization retries properly on next app open.
* HTTP Pipelining can now be disabled. Can fix issues with some
websites. (Based on issue reported by Jose C. M.)
* User-Agent spoof strings updated to Windows 7 Firefox 10 (matching
TorButton) and Safari 6 Mountain Lion.
* Updated libevent to 2.0.20-stable (Aug 23, 2012)
===== 1.2.5 =====
Aug 23, 2012 - Build/submit date
Aug 30, 2012 - App Store accept date
* Fix rare IP address leak demonstrated on "ip-check.info": web pages
with resources defined in non-HTTP/HTTPS URLs (i.e. "ftp://...")
would leak IP address. (Hat-tip to Graham R.)
* Update tor to 0.2.3.20-rc (Aug 05, 2012).
===== 1.2.4 =====
Jul 20, 2012 - Build/submit date
Jul 31, 2012 - App Store accept date
* Add searchbox for DuckDuckGo Tor on start pageto make searching
slightly easier.
* Update tor to 0.2.3.19-rc (Jul 06, 2012).
===== 1.2.3 =====
Jun 25, 2012 - Build/submit date
Jul 05, 2012 - App Store accept date
* Fixed checkbox behavior for Cookies in the options menu.
* Added help text to “Connecting…” stage.
* Update tor to 0.2.3.17-beta (Jun 15, 2012).
===== 1.2.2 =====
Jun 13, 2012 - Build/submit date
Jun 20, 2012 - App Store accept date
* Update tor to 0.2.3.16-alpha (Jun 05, 2012).