New TorBrowser (6.5.1) out with security fixes. New TAILS 2.11 as well.

https://blog.torproject.org/blog/tor-browser-651-released

Tor Browser 6.5.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is the first minor release in the 6.5 series and it mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.2.9.10, OpenSSL to 1.0.1k, and HTTPS-Everywhere to 5.2.11.

Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.

In Tor Browser 6.5 we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.

An other regression introduced in Tor Browser 6.5 is the resizing of the window. We are currently working on a fix for this issue.

Here is the full changelog since 6.5:

All Platforms
    Update Firefox to 45.8.0esr
    Tor to 0.2.9.10
    OpenSSL to 1.0.2k
    Update Torbutton to 1.9.6.14
        Bug 21396: Allow leaking of resource/chrome URIs (off by default)
        Bug 21574: Add link for zh manual and create manual links dynamically
        Bug 21330: Non-usable scrollbar appears in tor browser security settings
        Translation updates
    Update HTTPS-Everywhere to 5.2.11
    Bug 21514: Restore W^X JIT implementation removed from ESR45
    Bug 21536: Remove scramblesuit bridge
    Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
Linux
    Bug 21326: Update the "Using a system-installed Tor" section in start script

NEW TAILS: https://tails.boum.org/news/version_2.11/

New features

If running on a 32-bit processor, notify the user that it won't be able to start Tails 3.0 anymore. (#12193)

Notify I2P users that I2P will be removed in Tails 2.12. (#12271)

Upgrades and changes

Upgrade Tor Browser to 6.5.1.

Fix CVE-2017-6074 (local root privilege escalation) by disabling the dccp module. (#12280) Also disable kernel modules for some other uncommon network protocols. (Part of #6457)

Fixed problems

Tor Browser: Don't show offline warning when opening the local documentation of Tails. (#12269)

Fix rare issue causing automatic upgrades to not apply properly (#8449 and #11839)

Install Linux 4.8.15 to prevent GNOME from freezing with Intel GM965/GL960 Integrated Graphics. (#12217)

Changes

We are very sad to announce that Tails 2.11 will be the last version to include I2P, an alternative anonymizing network.

Maintaining software like I2P well-integrated in Tails takes time and effort and our team is too busy with other priorities. Unfortunately, we failed to find a developer outside of our team to maintain I2P in Tails. As a consequence, the last version of I2P being shipped in Tails is 0.9.25, which is nearly one year old now at this moment.

But we will be happy to reintroduce I2P if we find a volunteer to take care of maintaining it in Tails. If you are a developer and care about I2P in Tails, that person could be you!


Comments


[4 Points] assblood69:

Do I just download the new update from tor website or do I have to like completely uninstall tor and re install it?


[2 Points] alt_right_shift:

Hopefully they upgraded electrum as well.


[2 Points] None:

Would updating your tails mean having to create a "new" usb stick?