From 4e828326942a905e4991f9f5e646abbe69a61a2b Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Tue, 22 Nov 2022 19:15:34 -0800 Subject: [PATCH] Update tor browser EOL info --- content/notes/state-of-the-tor-uplift.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/notes/state-of-the-tor-uplift.md b/content/notes/state-of-the-tor-uplift.md index f2f2bd7..071e1ca 100644 --- a/content/notes/state-of-the-tor-uplift.md +++ b/content/notes/state-of-the-tor-uplift.md @@ -1,6 +1,9 @@ --- title: "State of the Tor Uplift" date: 2022-09-19T20:15:05-07:00 +syndicatedCopies: + - title: 'The Fediverse' + url: 'https://pleroma.envs.net/notice/ANk750WNh4ufFOK3FI' --- Currently, the Tor Browser is based on Firefox Extended Support Release (ESR); it lags behind stable releases by up to and only receives the subset of security backports deemed to be a high-enough priority. @@ -8,6 +11,7 @@ The [Tor Uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) is an ini On , Firefox 102 ESR was released. Today, on , Firefox 91 ESR will lose support. That gave a window of about three months (the duration of three Firefox stable releases) to re-base Tor Browser patches. -The first stable release of the Tor Browser based on ESR 102 hasn't yet shipped (it's close; [an alpha version is available](https://blog.torproject.org/new-alpha-release-tor-browser-120a2/)). Seven years into the Tor uplift, the Tor Project isn't able to keep up with the Firefox ESR release calendar. I don't think the Tor Uplift will succeed at getting the Tor Browser to track Firefox's stable channel; at best, it's keeping the Tor Browser from falling too far behind ESR. +The first stable release of the Tor Browser based on 102 ESR hasn't yet shipped (it's close; [an alpha version is available](https://blog.torproject.org/new-alpha-release-tor-browser-120a2/)). Seven years into the Tor uplift, the Tor Project isn't able to keep up with the Firefox ESR release calendar. I don't think the Tor Uplift will succeed at getting the Tor Browser to track Firefox's stable channel; at best, it's keeping the Tor Browser from falling too far behind ESR. + +Update : Almost since Firefox 102 became the latest ESR, over since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser release (11.5.7) is still based on Firefox 91 ESR. [Five CVEs fixes from v102 were backported](https://blog.torproject.org/new-release-tor-browser-1154/). It's reasonable to assume that v91 has issues of its own that won't be addressed. Until the v102-based 12.x hits stable: if you don't use "safest", you might want to re-consider that with this information in mind. -Update : 30 days since Firefox ESR 91 reached end-of-life, the latest stable Tor Browser release (11.5.4) is still based on v91. [Five CVEs fixes from v102 have already been backported](https://blog.torproject.org/new-release-tor-browser-1154/). It's reasonable to assume that v91 has issues of its own that won't be addressed. Until the v102-based 12.x hits stable: if you don't use "safest", you might want to re-consider that with this information in mind.