Tor Release Notes

Tor Browser 15.0.9 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.8 is:

• All Platforms
  • Updated Tor to 0.4.9.6
  • Updated NoScript to 13.6.15.1984
  • Bug tor-browser#44837: Rebase Tor Browser stable onto 140.9.1esr
• Windows + macOS + Linux
  • Updated Firefox to 140.9.1esr
• Android
  • Updated GeckoView to 140.9.1esr
• Build System
  • All Platforms
    • Bug tor-browser-build#41758: Rename tools/signing/deploy-legacy to tools/signing/redeploy-update_responses-release
  • Windows + macOS
    • Bug tor-browser-build#41741: Create a 13.5-specific update path

Original source Report a problem

Tor Browser 16.0a5 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.

Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.

If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 16.0a4 is:

All Platforms

• Updated NoScript to 13.6.14.90101984
• Updated Tor to 0.4.9.6
• Bug tor-browser#43858: Clean out deprecated or unused methods in TorConnect
• Bug tor-browser#44251: Drop pt_config.json meek-azure migration logic
• Bug tor-browser#44546: Rename appearance-chooser-item to setting-chooser-item after we reach nightly 149
• Bug tor-browser#44621: Move about:torconnect back to browser
• Bug tor-browser#44702: Rebase alpha onto 149.0a1
• Bug tor-browser#44720: Migrate New Identity commit to Tor Browser
• Bug tor-browser#44753: Drop TorProvider.isBootstrapDone
• Bug tor-browser#44755: Trusted Types (Firefox 148 and above) + Web Workers broken on Safer Level
• Bug rebase-149#44757: Update tests for removed Services.search [tor-browser]
• Bug tor-browser#44761: Safer Level's worker patching filters out Worker constructor options
• Bug tor-browser#44763: Disable WebGPU until audited
• Bug tor-browser#44764: Review Mozilla 2012344: Hide main AI settings when the feature is blocked
• Bug tor-browser#44765: Review Mozilla 1972073: Convert Sidebar to config-based prefs
• Bug tor-browser#44767: Safer Level's worker patching throws on new about:blank frames with Trusted Types
• Bug tor-browser#44772: Review Mozilla 1980264: Canvas randomization is too slow
• Bug tor-browser#44778: Safer Level: xray causes patched TrustedTypePolicy instances to be unusable by content.
• Bug tor-browser#44801: Redact onion origins from Location.ancestorOrigins.
• Bug tor-browser#44814: Disable trustpanel until our new designs are ready

Windows + macOS + Linux

• Updated Firefox to 149.0a1
• Bug tor-browser#44714: The browser opens a new about:blank tab in 148
• Bug tor-browser#44780: AIFeature.sys.mjs failures in 149 desktop builds
• Bug tor-browser#44781: Use a static page title for about:torconnect
• Bug tor-browser#44793: privacy.spoof_english console error in about:preferences
• Bug tor-browser#44797: Clean up about:torconnect styling
• Bug tor-browser#44799: Onionize toggle in about:tor uses blue text color

Android

• Updated GeckoView to 149.0a1
• Bug tor-browser#43790: Address "Various android workarounds" commit introduced in the 138 rebase
• Bug tor-browser#44332: Fix android tor logs screen issues presented in 144 rebase
• Bug tor-browser#44594: DoH is visible on Android
• Bug tor-browser#44653: Disable "Allow search suggestions in private sessions" prompt presented in RR 148 android
• Bug tor-browser#44694: Remove new "Tab bar" feature on Android
• Bug tor-browser#44698: Clean up comments in AccountSettingsFragment.kt. FIXME: Update A-S
• Bug tor-browser#44700: Untracked change to HomepageHeader.kt
• Bug tor-browser#44751: Noscript (and likely any extension) can be accidently turned off on Android alpha
• Bug tor-browser#44752: Remove new expanded toolbar option on Android due to fingerprintability
• Bug tor-browser#44785: Fix SiteSecurityRobot.kt after the 149 rebase
• Bug tor-browser#44788: Extensions are unreachable via 3 dot menu in alpha (android)
• Bug tor-browser#44789: Icon of "New Circuit" is not centered but lies in top left corner

Build System

All Platforms

• Bug tor-browser#43180: Remove translation CI 13.5 legacy extension
• Bug tor-browser-build#41758: Rename tools/signing/deploy-legacy to tools/signing/redeploy-update_responses-release
• Bug tor-browser-build#41766: Use gzip for all platforms for Go vendoring

Windows + macOS

• Bug tor-browser-build#41741: Create a 13.5-specific update path

macOS

• Bug tor-browser-build#41753: Allow running custom commands when vendoring Go dependencies

Original source Report a problem

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 2.2.0.

This release adds support for using HTTP CONNECT rather than SOCKS, when connecting to the Tor network via Arti. This previously-experimental feature is now included a full build, and will then be enabled by default. The HTTP CONNECT protocol is available over the same port as SOCKS.

The RPC client library (arti-rpc-client-core) now supports non-blocking requests, and integration with application event loops. And the RPC system now supports administrative access to the Arti instance, via a new "superuser" facility.

We also fixed a low-severity security issue, TROVE-2026-005, which would somewhat weaken DoS resistance in in certain unusual embedded build configurations.

Behind the scenes we have been working on relay support, including relay channels and circuits, and directory server functionality (mirrors and authorities). As ever there are also lots of bugfixes, cleanups, and test and CI improvements.

For full details on what we've done, including API changes, and for information about many more minor and less-visible changes, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including hjrgrn, HydroxideUnlaced, Nihal, and Tobias Stoeckmann.

Also, our deep thanks to our sponsors for funding the development of Arti!

Original source Report a problem

New features

Automatic Tor bridges

You can now learn about Tor bridges directly from the Tor Connection assistant in Tails.

Tor bridges are secret Tor relays that hide that you are connecting to Tor. If connecting to Tor is blocked from where you are, you can use a bridge as your first Tor relay to circumvent this censorship.

In Tails 7.6, choose Connect to Tor automatically when opening Tor Connection. If access to the Tor network is blocked, the bridge configuration screen offers a new option called Ask for a Tor bridge based on your region.

This feature uses the same technology as the connection assistant in Tor Browser outside of Tails, which was introduced in Tor Browser 11.5 (July 2022).

Tails downloads information about bridges that are most likely to work in your region from the Moat API of the Tor Project. To circumvent censorship, this connection is disguised as a connection to another website using domain fronting.

GNOME Secrets

In Tails 7.6, the Secrets password manager replaces KeePassXC.

Secrets has a simpler interface and is better integrated in the GNOME desktop. For example, accessibility features, such as the screen keyboard and cursor size, are working again with Secrets.

Secrets offers to unlock your previous KeePassXC database automatically, because both Secrets and KeePassXC use the same file format to store passwords.

If you miss more advanced features from KeePassXC, you can install KeePassXC as additional software.

The main keyboard shortcuts of Secrets are similar to the ones of KeePassXC, with Shift in addition to Ctrl:

• Shift+Ctrl+C: copy password
• Shift+Ctrl+V: copy address
• Shift+Ctrl+B: copy username
• Shift+Ctrl+T: copy one-time password

To see the full list of keyboard shortcuts of Secrets, press Ctrl+?.

Changes and updates

• Update Electrum from 4.5.8 to 4.7.0.
• Update Tor Browser to 15.0.8.
• Update Thunderbird to 140.8.0.
• Update most firmware packages. This improves support for newer hardware: graphics, Wi-Fi, and so on.

Fixed problems

• Translate the confirmation dialog that appears before saving the language and keyboard layout on the USB stick. (#21448)
• Fix the Learn More button in the Thunderbird migration notification. (#21455)
• Fix automated upgrades in Turkish. (#21466)

For more details, read our changelog.

Get Tails 7.6

To upgrade your Tails USB stick and keep your Persistent Storage

• Automatic upgrades are available from Tails 7.0 or later to 7.6.
• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.6 on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.6 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Original source Report a problem

Tor Browser 15.0.8 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.7 is:

• All Platforms

  • Updated NoScript to 13.6.12.1984
  • Bug tor-browser#44663: NoScript behavior on “Safer” security level prevents integrity checks for dynamically loaded javascript
  • Bug tor-browser#44680: Properly handle subdocuments created by data: URLs
  • Bug tor-browser#44761: Safer Level's worker patching filters out Worker constructor options
  • Bug tor-browser#44771: Rebase Tor Browser stable onto 140.9.0esr
  • Bug tor-browser#44784: Backport Security Fixes from Firefox 149
  • Bug tor-browser-build#41738: Allow to specify an unsupportedURL on update responses

• Windows + macOS + Linux

  • Updated Firefox to 140.9.0esr
  • Bug tor-browser#44327: ERROR: Your Tor Browser profile cannot be loaded. It may be missing or inaccessible
  • Bug tor-browser#44386: Firefox profiles no longer work in Tor Browser 15.0

• Linux

  • Bug tor-browser#44657: Backport tor-browser#44394: Do not read default prefs from /etc/firefox

• Android

  • Updated GeckoView to 140.9.0esr

• Build System

  • Windows + Linux + Android
    • Updated Go to 1.25.8
    • Bug tor-browser#44249: Backport tor-browser-build#41580: Update Go major to 1.25.x

Original source Report a problem

Tor Browser 16.0a4 is now available from the
Tor Browser download page
and also from our
distribution directory
.

This version includes important
security updates
to Firefox.

⚠️
Reminder
: The Tor Browser Alpha release-channel is for
testing only
. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.

Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the
Future of Tor Browser Alpha
blog post.

If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the
stable release channel
.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release,
please let us know
.

Full changelog

The
full changelog
since Tor Browser 16.0a3 is:

• All Platforms

• Updated NoScript to 13.6.6.90401984

• Updated zlib to 1.3.2

• Bug tor-browser#44663: NoScript behavior on “Safer” security level prevents integrity checks for dynamically loaded javascript

• Bug tor-browser#44675: Restore "BB 43850: Modify the Contrast Control settings for RFP" dropped during the 148.0a1 rebase

• Bug tor-browser#44679: Review Mozilla 2006066: Credit cards autofill settings are not visible

• Bug tor-browser#44680: Properly handle subdocuments created by data: URLs

• Bug tor-browser#44687: Security level requires a restart in a new profile after 148 update

• Bug tor-browser#44689: Forwardport tor-browser#44668 from legacy to alpha: Set detailsURL in update XML to be useful for 13.5 users

• Bug tor-browser#44701: Unexpected change to
  network/url-classifier/components.conf

• Bug tor-browser#44706: creating a new profiles causes crash ENOTTY

• Bug tor-browser-build#41738: Allow to specify an unsupportedURL on update responses

• Windows + macOS + Linux

• Updated Firefox to 148.0a1

• Bug tor-browser#42664: Use mozilla token sizes in CSS

• Bug tor-browser#44634: Review Mozilla 2006250: add ai window about:preferences section within ai features

• Bug tor-browser#44682: Wrong pid in the exit log

• Bug tor-browser#44709: Hide the AI settings panel

• Bug tor-browser#44710: Hide about:preferences#translations

• Bug tor-browser#44713: The about dialog is missing some padding in 148.0a1

• Bug tor-browser#44717: Search suggestion settings are visible in 148

• Windows + Linux

• Bug tor-browser-build#40892: Move torrc-defaults, geoip and geoip6 on Windows and Linux

• Windows

• Bug tor-browser#44461: Window controls are missing on Windows

• Bug tor-browser#44633: Move D3D11 function from local webrtc changes to tbb webrtc patches

• Linux

• Bug tor-browser#44394: Do not read default prefs from /etc/firefox

• Android

• Updated GeckoView to 148.0a1

• Bug tor-browser#43349: Add user feedback for when Tor connects (Android)

• Bug tor-browser#43909: Review Mozilla: TBD: new Android tab-strip feature

• Bug tor-browser#44226: Disable all link sharing functionality

• Bug tor-browser#44274: Review Mozilla 1986534: Disable screenshots in PBM

• Bug tor-browser#44469: Fix branding on Android RR

• Bug tor-browser#44506: Remove more sync from 147

• Bug tor-browser#44582: Fix or remove new settings search functionality on Android

• Bug tor-browser#44661: Restore or fix new rebase-148 uses of moz assets instead of TB ones

• Bug tor-browser#44718: Fix splash screen branding and other issues in RR

• Bug tor-browser#44721: Android build failure in nightlyOssLicensesTask: missing dependencies.json file

• Build System

• All Platforms

• Bug tor-browser-build#41690: Merge list_toolchain_updates-firefox-* commands into one

• Bug tor-browser-build#41725: Update toolchains for Firefox 148

• Bug tor-browser-build#41726: Check in list_toolchain_updates that the sha512sum we have for the macOS SDK is the same as Mozilla

• Bug tor-browser-build#41727: Split the list_toolchain_updates_checks script in two

• Bug tor-browser-build#41728: Update projects/application-services/list_toolchain_updates_checks to check nss sha256sum

• Windows + macOS + Linux

• Bug tor-browser#44406: Fix CSS linting issues introduced by 146

• Windows + Linux + Android

• Updated Go to 1.25.8

• Android

• Bug tor-browser-build#41736: Add generate_gradle_dependencies_list-$project makefile targets

• Bug tor-browser-build#41737: Remove comment from gen-gradle-deps-file.py saying var/gradle_dependencies_version should be updated

• Bug tor-browser-build#41743: Make an error if gradle-dependencies-list is missing in the input files

• Bug tor-browser-build#41744: Reduce duplication between projects/geckoview/build and projects/geckoview/build_apk

• Bug tor-browser-build#41745: Add .sh file extension to included build_* scripts in projects/geckoview

• Bug tor-browser-build#41751: Fix the NDK path

Original source Report a problem

Arti 2.1.0

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 2.1.0.

This release contains a lot of behind-the-scenes work on relay support and on RPC development. While Arti still cannot run as a relay, we are making good progress, and we think it will soon be ready for Arti developers to test it as a middle relay.

Additionally, we have overhauled all of Arti's configuration to use a new, derive-deftly-based approach. We believe this will make defining new configuration types easier, saving us development time in the long run.

This release also contains a number of bugfixes, cleanups, as well as improvements to our CI infrastructure.

Finally, Arti 2.1.0 increases our MSRV (Minimum Supported Rust Version) to 1.89.0, in accordance with our MSRV policy.

For full details on what we've done, including API changes, and for information about many more minor and less-visible changes, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Niel Duysters, Nihal, Nuhiat-Arefin, Robert Bartlensky, carti-it, hjrgrn, moumenalaoui, robertb, and sjcobb!

Also, our deep thanks to our sponsors for funding the development of Arti!

Original source Report a problem

New Release: Tails 7.5

by tails | February 26, 2026

Changes and updates

• Update Tor Browser to 15.0.7.

• Simplify the home page of Tor Browser.

• Update the Tor client to 0.4.9.5.

• Update Thunderbird to 140.7.1.

• Install Thunderbird as additional software to improve its security, if you have both the Thunderbird Email Client and Additional Software features of the Persistent Storage turned on.

Until Tails 7.5, a new version of Thunderbird was released by Mozilla only a few days after we released a new version of Tails. As a consequence, the version of Thunderbird in Tails was almost always outdated, with known security vulnerabilities.

By installing Thunderbird as additional software, the latest version of Thunderbird is installed automatically from your Persistent Storage each time you start Tails.

If the Thunderbird Migration dialog below appears when you start Thunderbird, it means that Tails successfully installed Thunderbird as additional software.

Thunderbird Migration: Tails installed Thunderbird as additional software to improve its security.

• Include the language pack for Mexican Spanish in Thunderbird in addition to the language pack for Spanish from Spain.

For more details, read our changelog.

Get Tails 7.5

To upgrade your Tails USB stick and keep your Persistent Storage

• Automatic upgrades are available from Tails 7.0 or later to 7.5.
• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.5 on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.5 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Original source Report a problem

Tor Browser 15.0.7 release

Tor Browser 15.0.7 is now available from the
Tor Browser download page
and also from our
distribution directory
.

This version includes important
security updates
to Firefox.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release,
please let us know
.

Full changelog

The
full changelog
since Tor Browser 15.0.6 is:

All Platforms

• Updated NoScript to 13.5.14.1984
• Updated zlib to 1.3.2
• Bug tor-browser#44656: Rebase Tor Browser release onto 140.8.0esr
• Bug tor-browser#44681: Backport Security Fixes from Firefox 148

Windows + macOS + Linux

• Updated Firefox to 140.8.0esr

Android

• Updated GeckoView to 140.8.0esr
• Bug tor-browser#44620: Move the Android IPC directory

Original source Report a problem

Tor Browser 16.0a3 is now available from the
Tor Browser download page and also from our
distribution directory.

This version includes important
security updates
to Firefox.

⚠️Reminder: The Tor Browser Alpha release-channel is for
testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.

Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the
Future of Tor Browser Alpha
blog post.

If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the
stable release channel.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release,
please let us know.

Full changelog

The
full changelog
since Tor Browser 16.0a2 is:

All Platforms

• Updated Tor to 0.4.9.5
• Updated NoScript to 13.5.12.90301984
• Bug tor-browser#44562: Set the new online Suggest prefs to false
• Bug tor-browser#44571: Disable restrict_to_adults for potential fingerprintability
• Bug tor-browser#44619: Add custom logs to Tor logs
• Bug tor-browser#44625: metamask.io won't load on Safer security level
• Bug tor-browser#44626: Propagate WASM blocking to workers
• Bug tor-browser#44647: Clean up patch for
  SearchEngineSelector.sys.mjs.
• Bug tor-browser#44652: Backport fix for Firefox Bug 2014390
• Bug tor-browser-build#41713: Try to find a component for bugs found with commits in triage spreadsheets

Windows + macOS + Linux

• Bug tor-browser#43560: Add "UTC" to the end of the timestamp on tor logs (Desktop)
• Bug tor-browser#44459: Letterboxing content alignment setting is missing styling
• Bug tor-browser#44520: Make sure "Firefox labs" is hidden by default

Windows

• Bug tor-browser#44623: 16.0a2: about:preferences#privacy is empty

Linux

• Bug tor-browser#44050: Consider changing the domain in DBus interfaces

Android

• Bug tor-browser#43403: Add "UTC" to the end of the timestamp on tor logs (Android)
• Bug tor-browser#44057: Drop about:torconnect from android
• Bug tor-browser#44620: Move the Android IPC directory
• Bug tor-browser-build#28595: Remove the need to update var/gradle_dependencies_version

Build System

All Platforms

• Bug tor-browser-build#40338: Running
  make release
  multiple times fails
• Bug tor-browser-build#41660: Add a Firefox target to build unpatched Firefox in tor-browser-build
• Bug tor-browser-build#41693: Drop base-browser targets
• Bug tor-browser-build#41720: cp -l in release/build fails when crossing file systems
• Bug rbm#40093: Make it easy to get the sha256sum of an input_files file
• Bug rbm#40103: Allow having multiple tmp_dir values

Windows + Linux + Android

• Updated Go to 1.25.7

Android

• Bug tor-browser-build#41719: Enable network when var/generate_gradle_dependencies_list is set in geckoview

Original source Report a problem