Onion Browser Version History (since 1.2.2) FUTURE: ===== 2.0 - Planned ===== Features subject to change. * New design and new codebase, based on the Endless Browser open source project by jcs, used with permission; many thanks to jcs for allowing us to build off of his work. Major highlights: - Tabbed browsing. * New "flat" icon. ? Minimum required iOS version is now iOS 9.0 (was iOS 8.2). ? Data encryption with an app-level password. Supplements current encryption done by the iOS operating system, improving protection against forensic tools. ===== 1.6.2 - Pending App Store Approval ===== Aug 24 2016 - Submit Date * Tor updated to 0.2.8.7, containing several important security fixes: https://blog.torproject.org/blog/tor-0287-released-important-fixes CURRENT VERSION: ===== 1.6.1 - In App Store ===== Aug 18 2016 - Submit Date Aug 19 2016 - App Store Availability * iObfs rebuilt with golang 1.7 (was 1.7rc3). Fixes crash-on-start when using iOS 10 Beta. PREVIOUS VERSIONS: ===== 1.6.0 ===== Aug 04 2016 - Submit Date Aug 07 2016 - App Store Availability * iObfs integration: Onion Browser now supports several "pluggable transport" bridge types, including obfs4, meek, and other PT bridge types, meaning Onion Browser should connect more successfully in more locations that block Tor. Special thanks to The Guardian Project for helping support this work. For more info about iObfs (an obfs4proxy iOS port), please visit: https://github.com/mtigas/iObfs * Bridge user interface overhaul: Onion Browser now comes with the same default bridges for obfs4, meek-amazon, and meek-azure, as the Tor Browser Bundle and Orbot. An easier-to-use bridge page allows users to select the defaults with "one click" and without having to manually edit bridge config lines. * User-agent spoofing strings updated to the latest versions: iOS 9 Safari, macOS El Capitan Safari (9.1.1), Tor Browser Bundle 6.0 (Windows 7, Firefox 45). * Tor updated to 0.2.8.6, the first stable release in the 0.2.8 series. This version contains several performance and security improvements. https://blog.torproject.org/blog/tor-0286-released https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.8.5-rc * OpenSSL updated to 1.0.2h. https://www.openssl.org/news/secadv/20160503.txt https://openssl.org/news/changelog.html * Minimum required iOS version is now iOS 8.2 (was iOS 8.0). Support for iOS 8.X will continue until Onion Browser 2.0 is released. ===== 1.5.16 ===== Dec 29 2015 - Submit Date Jan 07 2016 - App Store Availability * Tor updated to 0.2.7.6. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.6 ===== 1.5.15 ===== Dec 03 2015 - Submit Date Dec 10 2015 - App Store Availability * Tor updated to 0.2.7.5, the first stable release in the new Tor 0.2.7 series. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.5 * OpenSSL updated to 1.0.2e, fixing several security issues. https://openssl.org/news/secadv/20151203.txt https://openssl.org/news/changelog.html ===== 1.5.14 ===== Oct 31 2015 - Submit Date Nov 08 2015 - App Store Availability * FIX: Crash when pressing menu button on iPad. * FIX: GREATLY improve the Onion Browser experience when coming back from background. Despite my best efforts to fix the problem, there was a minor code bug regarding "appDidBecomeActive" that went unnoticed for a very long time. BIG thanks to RustamDz who pointed out the relevant code error. (#2 #59) * Tor updated to 0.2.7.4-rc. This future-proofs Onion Browser a bit by supporting stronger Ed25519 encryption keys. The 0.2.7 series also improves recovery when the clock jumps -- which likely also improves Onion Browser's chances of continuing successfully when coming back from background. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.7.4-rc ===== 1.5.13 ===== Oct 22 2015 - Submit Date Oct 30 2015 - App Store Availability * Improve Tor's chances of coming back after being in background. Adjusted encryption so Tor connection state can be accessed by the app even if device goes to sleep. (These files are not user-generated except for torrc.) Other files, such as cache and user bookmarks are still protected the moment the device is locked. * Minimum required iOS version is now iOS 8.0 (was iOS 6.1). This will allow extensive code cleanup for future versions of Onion Browser. iOS 8.2 will be required by the end of 2015. * Users running iOS 8.0 and 8.1 will be warned about HTTPS insecurity (due to FREAK exploit) on every app launch. * Update HTTP errors. The "HTTPS Connection Failed" error was displaying in situations where the error had nothing to do with SSL failure. * Allow navigating to "about:blank" and allow setting the homepage to that URL. (#62) * Update bridge handling to make it difficult to enter in an unsupported bridge type, such as "obfs4" or "scramblesuit" via text entry or the QR Code scanner. * iOS 9 code compatibility updates. * Tor updated to 0.2.6.10. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.10 * OpenSSL updated to 1.0.2d. https://openssl.org/news/changelog.html ===== 1.5.12 ===== Mar 20 2015 - Submit Date Mar 31 2015 - App Store Availability * Allow pasting in the bridges.torproject.org text blob to set bridges, like the Tor Browser launcher. #55 * Allow scanning QR code from bridges.torproject.org to set bridges. #56 * On first run, allow user to configure bridges before trying to launch Tor. Once Pluggable Transports are working, this will be useful for users where Tor traffic looks suspicious. #57 * Tor updated to 0.2.6.5-rc. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.5-rc * OpenSSL updated to 1.0.2a. https://openssl.org/news/secadv_20150319.txt https://openssl.org/news/openssl-1.0.2-notes.html * Redesigned "Connecting..." prompt when opening the app. ===== 1.5.11 ===== Mar 10 2015 - Submit Date Mar 17 2015 - App Store Availability * Fix issue where bridges with 5-digit port numbers were not allowed in the bridge configuration. Issue reported by Andrew Auerbach. * Improve connection error handling and alert user if Tor client has stopped working. * Tor updated to 0.2.6.4-rc. https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.4-rc * OpenSSL updated to 1.0.2. https://openssl.org/news/openssl-1.0.2-notes.html * Libevent updated to 2.0.22-stable. https://raw.githubusercontent.com/libevent/libevent/release-2.0.22-stable/ChangeLog ===== 1.5.10 ===== Nov 11 2014 - Submit Date Nov 11 2014 - App Store Availability * Add padlock icon to denote whether the page was delivered entirely over TLS or if there was some insecure content sent along with the HTTPS page. (#42) * Fix crashing if a user entered anything other than an ip_address:port as a bridge. Now notifies user that the choice was invalid before trying to use it in Tor. * Fix display of the progress bar in iOS 8. * Attempt to fix issue where Forward/Back/"Open Home Page" buttons would simply stop the browser and not load the desired page. * Streamlined error handling so that web pages that abruptly stop should provide useful error messages or error codes to users, who can then report the issue. ===== 1.5.9 ===== Nov 09 2014 - Submit Date Nov 10 2014 - App Store Availability * Fixed crash when allowing Onion Browser to bypass unverified SSL certificates. Affected use of DuckDuckGo .onion site over SSL. Issue reported by Alex Ristich. * SSLv3 connections to websites are now disabled by default, to avoid the POODLE attack. Option added to set the minimum required SSL/TLS version, set to TLSv1.0 by default. * Tor updated to 0.2.5.10, the first stable release in the 0.2.5.X series. https://blog.torproject.org/blog/tor-02510-released-and-tor-023x-deprecated https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes * OpenSSL updated to 1.0.1j, fixing four vulnerabilities including the POODLE attack. https://www.openssl.org/news/secadv_20141015.txt * Fixed a display issue on the settings page. ===== 1.5.8 ===== Sep 26 2014 - Submit Date Oct 08 2014 - App Store Availability 1.5.6 was submitted, but replaced before App Store release. 1.5.7 version number was skipped due to an issue with iTunes Connect. * Fix major issue where "Browser Settings" button did not open settings page on iPad. * App now uses the native device resolution on iPhone 6 and iPhone 6 Plus, instead of going into "stretch mode". * Fix "screen blanking" behavior when switching away from Onion Browser. * Change app name on home screen back to "Onion Browser" since it seems that the ellipsis-causing change in iOS 7 was possibly fixed in iOS 7.1 or 8. * User-agent spoofing strings updated to the latest iOS 8 Safari and Mac OS X Mavericks Safari (7.1). * Tor updated to 0.2.5.8-rc, the second release candidate in the 0.2.5.X series. The switch to 0.2.5.X should somewhat improve connection stability, as well as improve overall security. 0.2.5.8 in particular improves connections to hidden services. https://blog.torproject.org/blog/tor-0257-rc-out https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes ===== 1.5.5 ===== Sep 13 2014 - Submit Date Sep 18 2014 - App Store Availability * Rebuilt with iOS 8 SDK to hopefully mitigate any issues on newly released iPhones. * Minimum required iOS version is now iOS 6.1 (was iOS 6.0). This should enforce the fix for CVE-2014-1266 on the oldest supported devices. iOS 6.X support will be dropped later this year. ===== 1.5.4 ===== Aug 11 2014 - Submit Date Aug 13 2014 - App Store Availability * Tor updated to 0.2.4.23, containing several security fixes, incl some mitigation of the RELAY_EARLY traffic confirmation attack. https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.4;f=ReleaseNotes * OpenSSL updated to 1.0.1i, with some security fixes (mostly affecting ways to crash apps which use OpenSSL). http://www.openssl.org/news/secadv_20140806.txt * Entering a unicode IDN (internationalized domain name) such as http://·.ws/ properly gets converted to the punycode representation and the browser properly navigates to the correct place (i.e. http://xn--uba.ws/ ). Previously the browser would do nothing with this input. Issue reported by Barend Rijn. ===== 1.5.3 ===== June 30 2014 - Submit Date July 02 2014 - App Store Availability * A bug in the default "Block XHR/Media/WebSocket" active content blocking mode caused iOS to allow video tags while blocking scripts. An example of this was shown in the http://xordern.net/ipcheck vulnerability disclosure. * In some cases, the address bar could display a forged URL when a page causes certain types of errors. Reported by Łukasz Pilorz. Test case: https://ios.browsr-tests.com/alt/native.abs.php ===== 1.5.2 ===== June 16 2014 - Submit Date June 19 2014 - App Store Availability * Active Content Blocking now attempts to disable WebWorkers. JavaScript using "Worker()" to call other scripts could previously access WebSockets and other "blocked" functionality, which could bypass Tor. * File encryption tweaked to attempt to fix issue where Onion Browser app would disappear from home screne. In some cases, if the app crashed, the app executable could be encrypted such that the OS could no longer access the app. * OpenSSL updated to 1.0.1h, fixing the "Early CCS" vulnerability. ===== 1.5.1 ===== May 20 2014 - Submit Date May 22 2014 - App Store Availability * Onion Browser erroneously did not use 'gzip' compression to communicate with web servers. This has been corrected, which should greatly improve pageload performance. * New "normalized" user agents have been added. Users who left Onion Browser on the 'No Spoofing' setting are now defaulted to the appropriate "normalized" setting for their device. * User Agent spoofing now attempts to spoof the javascript "navigator.userAgent" variable that sites could previously use to detect an attempted UA spoof. (Previously, this variable still contained the browser's real identification.) * Fixed rendering issue on iPads, where the browser section would overlap the bottom toolbar. * Active Content Blocking now attempts to disable using WebSockets and other dangerous activity by modifying incoming content. * Some settings text made more explicit. The "Pipelining" setting has been removed and is now always enabled. * Tor updated to 0.2.4.22, which blacklists Tor directory keys that were susceptible to Heartbleed. Also improves TLS ciphersuite selection for Tor. ===== 1.5.0 ===== May 11 2014 - Submit Date May 14 2014 - App Store Availability Onion Browser has received a security audit and pentest by Cure53.de, funded by the Open Technology Fund at Radio Free Asia. Security issues corrected due to this audit are marked with the vulnerability ID (i.e. "OB-01-XX"). See https://mike.tig.as/onionbrowser/security/ for details and more up-to-date security information. FIXED VULNERABILITIES * OB-01-005: "Third-Party Cookie" blocking was not working as expected. The "Block Third Party" cookie option simply allowed all cookies. Fixed in e70e2fcbca. * OB-01-006: Due to improper handling of itms: and itms-app: URIs, an attacker could cause the iTunes app to auto-open from Onion Browser, causing iTunes to open too quickly for the Tor tunnel would close properly. If Onion Browser was in the middle of loading resources from the attacker's page, partial SSL traffic would be sent to the attacker's website outside of Tor, exposing the user's real IP address. Fixed in 89121d3271. * OB-01-009: Domain names containing ".onion" anywhere originally bypassed all SSL certificate checks. Fixed in 271b2b22df. * OB-01-010: WebSockets were discovered to bypass Tor entirely and no easy avenue for intercepting these requests (to pass into Tor or to block) has been discovered yet. Active Content Blocking now blocks these connections by default; unfortunately, this also blocks all AJAX/XHR requests as well. A (dangerous) option to re-enable all Javascript-based requests has been added. Fixed in 983687ed67. * OB-01-013: The "click here to force-quit the app" function inside the help page has been replaced with instructions on how to quit the app manually. The "onionbrowser:forcequit" URL was previously susceptible to an app-crasher attack (i.e. by inclusion in a tag such as ) and has been removed. Behavior changed in c5cfb15a99. * OB-01-014: Browser cache, HTML5 "local storage", and HTML5 database functionality is now always blocked. Websites previously could take advantage of these features to create "evercookie" scenarios that could bypass the "Block Cookies" feature in Onion Browser. Changed in 4d3ef413bd. * OB-01-016: HTML content loaded via "data:" URIs would bypass the "Block Active Content" setting. If a user navigates to a specially crafted "data:text/html..." URI (via redirect or "meta refresh"), the page could load a video tag, exposing the user's IP address. "data:" URIs that are not image files are now blocked from being loaded in the address bar or via redirect. Fixed in 546a5434b1. * OB-01-017: Onion Browser previously loaded "onionbrowser://" URLs without prompting the user. This could create a case where an attack site opened in another browser would redirect a user to "onionbrowser://example.com/?ip=xxx.xxx.xxx.xxx", revealing at the user at the given IP address is an Onion Browser user and then identify the Onion Browser session to that particular user. Onion Browser now prompts a user on incoming links, displaying the link before the browser proceeds. Behavior changed in d7d1941d3d. OTHER FIXED ISSUES * OB-01-001: Onion Browser now masks the current activity from appearing in the "app picker" thumbnail image when the app goes to background. Fixed in 535fc0c130. * OB-01-002/OB-01-003/OB-01-007: Use of iOS' built-in file encryption has been overhauled such that all files in the app's sandbox (app, settings, cachces, cookies, etc) are all protected when the device goes into a lock state. Fixed in 7ec879611b, see [AppDelegate -updateFileEncryption] for more details. * OB-01-012 note: When built for debugging or the iOS Simulator, Onion Browser is not compiled with ASLR (Address Space Layout Randomization), which could leave the app vulnerable to memory bugs. However, the app, when compiled for "Release" is ASLR/PIE compiled. You may test this by executing the following command on the output of the "Build" command (or against an already-compiled ".app" copy that you have): `otool -hv /OnionBrowser` (i.e., `otool -hv ~/Downloads/OnionBrowser.app/OnionBrowser`) The output should contain the "PIE" flag. * OB-01-015: Autocomplete and autocorrect have been disabled on all app-controlled text fields. (This includes settings, bookmarks, address bar. Fields on web pages are unfortunately not subject to this restriction.) Autocorrect results in user-typed data being logged in the system's keyboard cache, which could leak private information out of the app. Updated in a5a409876d. OTHER UPDATES * The homepage has been changed, as the official check.torproject.org domain now performs useragent checking and was confusing users. The new homepage resides on a Tor hidden service, ensuring Tor connectivity and does provide a link over to the original check.torproject.org site. * User-agent strings have been updated. "Windows" spoof updated to Windows 7 Firefox 24.0, same as Tor Browser Bundle. "Mac Safari" updated to OS X 10.9.2 Safari 7.0.3, most up-to-date version. ===== 1.4.1 ===== Apr 21 2014 - Submit Date Apr 23 2014 - App store availability * OpenSSL updated to 1.0.1g, fixing the Heartbleed bug. Note that in Onion Browser, Heartbleed only affects the connection between your the device and a Tor entry guard or bridge. Browser traffic is not vulnerable (but speaking to affected websites is still insecure regardless of which browser you use). * Tor updated to 0.2.4.21. * Compiled for iOS SDK 7.1 (XCode 5.1). * Onion Browser now encrypts locally-stored data, including browser settings, bookmarks, and Tor bridges (if enabled). * Fix issue where Onion Browser was not allowing third-party apps to open. When encountering a URI scheme that can open in another app, Onion Browser will now ask the user if they want to open the app. (Example: clicking on a "tel:" link can now open the phone app rather than simply fail.) * Tweaks to content-security-policy so that even with "active content blocking" enabled, some safe activity is still allowed, such as using the target attribute on a link inside a frame. Fixes issues with websites using frames (including default home page). Contributed by Łukasz Pilorz. ===== 1.4 ===== Feb 01 2014 - Submit Date Feb 05 2014 - App store availability * App is now being compiled with 64-bit CPU optimization (for iPhone 5S and new iPads), which may improve cryptographic performance and battery life. (Older devices are still supported, as long as they are using a compatible version of iOS.) COMPATIBILITY NOTE: App now requires iOS 6.0 or greater. * A progress bar / loading bar, similar to one used in Safari, has been added to the app. Uses NJKWebViewProgress, by Satoshi Asano. https://github.com/ninjinkun/NJKWebViewProgress * A copy of the help site has been embedded into the app, for offline viewing. This should help users having trouble when encountering the "Tor stops working after idle" bug. * Fix awkward navbar / address bar spacing in iOS 7. ===== 1.3.14 ===== Jan 26 2014 - Submit date Jan 30 2014 - App store availability * MAJOR SECURITY IMPROVEMENT: Add experimental ability to turn off JavaScript and other active content. See onionbrowser.com for more details. Patch based on contribution by Łukasz Pilorz. (COMPATIBILITY NOTE: Active content blocking is only partially supported in iOS 5.1. Users are advised to upgrade their devices to a newer version of iOS.) * Ability to set a custom home page. Revamped settings so that future customizations will be easier to implement. * Add ability for other apps to open links in Onion Browser. Other apps can use the "onionbrowser://" (HTTP) or "onionbrowsers://" (HTTPS) URI protocols to launch Onion Browser. See README. * Tweak "Connecting..." info page, based on input from Wong Choon Jie. * Update default home page. * OpenSSL updated to 1.0.1f. * Tor updated to 0.2.4.20. ===== 1.3.13 ===== Nov 17, 2013 - Submit date Nov 20, 2013 - App store availability * More fixes to iPad "black bar" issue on iOS 7.0. * Tor updated to 0.2.4.18-rc, which enables TLS 1.1 and 1.2 for improved security. ===== 1.3.12 ===== Oct 18, 2013 - Submit date Oct 23, 2013 - App store availability * Fix issue when opening app on iPad when in Landscape mode. ("Black bar" problem.) * Fix some possible instances of random crashing introduced in previous version. * Fix issue where bottom of webpage was covered by toolbar at bottom of screen. ===== (No version 1.3.11) ===== ===== 1.3.10 ===== Oct 11, 2013 - Submit date Oct 16, 2013 - App store availability * MAJOR PRIVACY ISSUE FIXED: App previously did not successfully wipe HTML5 "application storage" (aka "local storage" or "app cache"), even when force-quitting or selecting "New Identity". This could be seen by testing a Google Search and noticing previous searches in a dropdown (due to Google's use of this cache). (Issue 26) https://github.com/mtigas/iOS-OnionBrowser/commit/dffce7070856927a8bb9f92a8fa67523d0e9eb10 https://github.com/mtigas/iOS-OnionBrowser/commit/7ae6bcb5aa33538159c423a3b6c9987725e46d9a * Add check.torproject.org frame to homepage, to ensure that user has successfully connected to Tor. (See Issue 28) https://github.com/mtigas/iOS-OnionBrowser/commit/18590148ee9e527c07dc82cb85143bc085f29c1e * Fix issue with "New Identity" button on iPad when device is rotated in landscape mode. (Issue 32) https://github.com/mtigas/iOS-OnionBrowser/commit/df1c98b96e05db6e1c2f86125396e10cb8bb48a6 * Force using "ntor" connection handshake, which is faster and is now the default for 0.2.4.X and newer versions of Tor. This is preferred by 0.2.4.X relays (and is forced on in 0.2.5.X). This is a countermeasure against the botnet congestion that was introduced in September 2013 and helps reduce load on the overall Tor network. https://github.com/mtigas/iOS-OnionBrowser/commit/68deb93eab4e99527f959297be571514f4ea6911 ===== 1.3.9 ===== Oct 06, 2013 - Submit date Oct 10, 2013 - App store availability * Quick fix to support iOS 5.1+. Previous update accidentally required iOS 7.0. * OPTIMIZATION NOTE: iPhone 5s (64-bit) CPU optimization -- introduced in the previous version -- has been removed. Apps compiled with these CPU optimziations are only compatible with iOS 6.0 and greater. This only affects minor portions of the encryption/decryption code. Much of the CPU load related to Onion Browser is caused by browser rendering, rather than encryption, so the speedups were negligible in the first place. When compiling your own copy of Onion Browser from this source tree, you can re-enable the CPU optimizations by going to [OnionBrowser project -> Build Settings -> Architectures] and then selecting "Standard architectures (including 64-bit)". This will require you to change Deployment Target to 6.0 or greater. ===== 1.3.8 ===== * COMPATIBILITY NOTE: An issue with the way this release was processed causes it to require iOS 7.0. An update has been submitted that will return support for iOS versions earlier than 7.0. * Native iOS 7 support and iPhone 5s (64-bit) performance optimizations. * Tor updated to 0.2.4.17-rc. ===== 1.3.7 ===== Jun 29, 2013 - Submit date Jul 03, 2013 - App store availability * COMPATIBILITY NOTE: App now requires iOS 5.1 and greater. This change should only affect an extreme minority of users who remain on iOS 5.0. * Add links to StartPage/IxQuick and DuckDuckGo (non-onion) since the DDG .onion service occasionally has issues. (Based on user-reported issue.) * Update user-agent spoof to match latest Tor Browser Bundle (for "Windows 7" spoof) and Mac OS X Safari (for "OS X" spoof). (Based on user-reported issue.) * Fix minor code typo (thanks to user-submitted patch). * Update Reachability library to allow ARC for increased stability. * Update tor to 0.2.4.14-alpha (Jun 18, 2013) [1] [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.14-alpha:/ChangeLog ===== 1.3.6 ===== Jun 18, 2013 - Submit date Jun 21, 2013 - App store availability * Fixes support for streamed HTTP requests. This fixes "long" requests, such as uploading images or other media, i.e. on Twitter. (Issue #29; fix contributed by brantyoung) * Update tor to 0.2.4.13-alpha (Jun 14, 2013). Provides important fix to crash-related vulnerability, and other security updates and minor fixes.[1] [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.13-alpha:/ChangeLog ===== 1.3.5 ===== May 18, 2013 - Submit date May 22, 2013 - App store availability * Update tor to 0.2.4.12-alpha (Apr 18, 2013). Provides several security updates and minor fixes.[1] [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.12-alpha:/ChangeLog ===== 1.3.4 - In App Store ===== Mar 17, 2013 - Build/submit date Mar 21, 2013 - App store availability * Update tor to 0.2.4.11-alpha (Mar 11, 2013). Moved back to alpha releases since 0.2.4.X introduces several security & performance improvements. Also eases future investigation of integrating obfs2 or other pluggable transports in the future. (This would allow Onion Browser to operate in areas where Tor is blocked due to deep packet inspection techniques.) The new "ntor" circuit-building handshake protocol[1] (with improved security and performance) is compiled into this version but will not be used until it Tor directory servers recommend[2] it. [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.11-alpha:/ChangeLog#l315 [2]: http://archives.seul.org/tor/cvs/Jan-2013/msg00121.html * Update openssl to 1.0.1e (Feb 11 2013). Changes 1.0.1c -> 1.0.1d: https://www.openssl.org/news/news.html Changes 1.0.1d -> 1.0.1e: https://www.openssl.org/news/announce.html * Update compile settings to build against iOS SDK 6.1. App remains compatible for devices running iOS 5.0+. ===== 1.3.3 ===== Dec 07, 2012 - Build date Dec 13, 2012 - App Store accept date * Update tor to 0.2.3.25 (Nov 19, 2012). This is a stable release. * Update libevent to 2.0.21-stable (Nov 18, 2012) ===== 1.3.2 ===== Nov 04, 2012 - Build/submit date Nov 12, 2012 - App Store accept date * Update tor to 0.2.3.24-rc (Oct 25, 2012). Fixes several security and connectivity-related issues. ===== 1.3.1 ===== Sep 12, 2012 - Build/submit date Sep 18, 2012 - App Store accept date * Support iPhone 5 (taller 4" Retina screen). Also compile openssl, libevent, and Tor for "armv7s" CPU target, which represents the new A6 processor. May improve performance on the iPhone 5 versus more generically compiled versions of those libraries. * Bookmarking feature. Moved most of the "quick links" from startup page into "preset" bookmarks. * Ability to configure Tor bridges. This is primarily geared toward advanced users that are using networks that attempt to block Tor via a "master list" of Tor nodes. See http://onionbrowser.com/help/ for instructions. * Major changes to underlying Tor wrapper code. May solve issues related to connection dying after the app has been open for some time and if the app was open while the device went into idle sleep. (Issue #2, Issue #3) * Fixes CSS/JS on sites like meine-startseite.de, where statically gzipped resources are served (i.e. "foo.gz.css") automatically. HTTP code in Onion Browser now automatically handles these cases. (Issue #21) * Fix issue where devices running iOS 5.1+ would work. Onion Browser should now work properly in all devices that have iOS 5.0 or higher. * Update tor to 0.2.3.22-rc (Sep 11, 2012). ===== 1.3.0 ===== * Note: 1.3.0 was not released due to a bug discovered after original submission. 1.3.1 (above) contains and supersedes all changes that were originally slatedfor that version. All changes since 1.2.6 are listed above. ===== 1.2.6 ===== Sep 05, 2012 - Build/submit date Sep 11, 2012 - App Store accept date * Add warning message when clicking "New Identity" because of possible history leak: ":visited" CSS style still triggers on visited URLs despite clearing UIWebView history. (Issue #20 reported by sintime.) * Closing the app while doing "initial connection" no longer causes connection to hang. App properly cancels connections/exits so that initialization retries properly on next app open. * HTTP Pipelining can now be disabled. Can fix issues with some websites. (Based on issue reported by Jose C. M.) * User-Agent spoof strings updated to Windows 7 Firefox 10 (matching TorButton) and Safari 6 Mountain Lion. * Updated libevent to 2.0.20-stable (Aug 23, 2012) ===== 1.2.5 ===== Aug 23, 2012 - Build/submit date Aug 30, 2012 - App Store accept date * Fix rare IP address leak demonstrated on "ip-check.info": web pages with resources defined in non-HTTP/HTTPS URLs (i.e. "ftp://...") would leak IP address. (Hat-tip to Graham R.) * Update tor to 0.2.3.20-rc (Aug 05, 2012). ===== 1.2.4 ===== Jul 20, 2012 - Build/submit date Jul 31, 2012 - App Store accept date * Add searchbox for DuckDuckGo Tor on start pageto make searching slightly easier. * Update tor to 0.2.3.19-rc (Jul 06, 2012). ===== 1.2.3 ===== Jun 25, 2012 - Build/submit date Jul 05, 2012 - App Store accept date * Fixed checkbox behavior for Cookies in the options menu. * Added help text to “Connecting…” stage. * Update tor to 0.2.3.17-beta (Jun 15, 2012). ===== 1.2.2 ===== Jun 13, 2012 - Build/submit date Jun 20, 2012 - App Store accept date * Update tor to 0.2.3.16-alpha (Jun 05, 2012).