Greetings,
We have just put out a security release of C-tor:
https://forum.torproject.org/t/security-release-0-4-8-9/10155
Here is the changelog. Cheers!
Changes in version 0.4.8.9 - 2023-11-09 This is another security release fixing a high severity bug affecting onion services which is tracked by TROVE-2023-006. We are also releasing a guard major bugfix as well. If you are an onion service operator, we strongly recommend to update as soon as possible.
o Major bugfixes (guard usage): - When Tor excluded a guard due to temporary circuit restrictions, it considered *additional* primary guards for potential usage by that circuit. This could result in more than the specified number of guards (currently 2) being used, long-term, by the tor client. This could happen when a Guard was also selected as an Exit node, but it was exacerbated by the Conflux guard restrictions. Both instances have been fixed. Fixes bug 40876; bugfix on 0.3.0.1-alpha.
o Major bugfixes (onion service, TROVE-2023-006): - Fix a possible hard assert on a NULL pointer when recording a failed rendezvous circuit on the service side for the MetricsPort. Fixes bug 40883; bugfix on 0.4.8.1-alpha
o Minor features (fallbackdir): - Regenerate fallback directories generated on November 09, 2023.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/11/09.