The’re actually announceing it, they’ve already put it in place and you and your familly are now granted access to Tor version 0.1.2.16 by the Tor developers.
You must buy it now
Official Tor story regarding security of current versions of Tor and good reasons to upgrade is this:
Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user’s torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.Users who do not have ControlPort enabled are secure; if you are not
sure, you should upgrade and you should probably overwrite your torrc
file with the default when you upgrade. More details will be posted over
the next few days.https://tor.eff.org/download.html
We have Vidalia bundles for OS X Tiger on the website now. The recommended
workaround for Windows users is either to wait until we have a Vidalia
bundle ready, or do separate installs of the Win32 “expert” package from
https://tor.eff.org/download-windowsand the Windows Vidalia-only package from
http://vidalia-project.net/download.phpChanges in version 0.1.2.16 – 2007-08-01
o Major security fixes:
- Close immediately after missing authentication on control port;
do not allow multiple authentication attempts.
Immediate danger indicated
Unofficial developer on IRC story regarding the new version is this:
02:06 < xiando> I read the annoucement. It says immediate danger for all tor users. very bad. news at 11.
02:07 < nickm> yup. all users who don’t upgrade. quite bad. upgrade upgrade upgrade.
You upgrade your Tor immediately by downloading from https://tor.eff.org/download.html (or svn update)
