We are pleased to announce the sixth beta release of TorBirdy and the first in the 0.2 series: TorBirdy 0.2.0. All users are encouraged to upgrade as this release fixes numerous security and privacy issues.
Notable changes include fixing local timestamp disclosure in the date and the message-ID headers, as detailed in tickets #6314 [0] and #6315 [1]. The patch for sanitizing the date header is shipped [2] with TorBirdy. The patch for the message-ID header was submitted upstream [3] to Mozilla and merged in Thunderbird 45, and it is therefore recommended that you upgrade to Thunderbird 45 if possible.
There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply.
If you are using TorBirdy for the first time, visit the wiki [4] to get started.
Other changes in this release include:
0.2.0, 27 Jun 2016
* Bug #6314 [5]: Prevent local timestamp disclosure via Date header * Bug #6315 [6]: Prevent local timestamp disclosure via Message-ID header * Bug #13721 [7]: Fix usage of wrong locale * Bug #17426 [8]: Allow configuration of default email protocol * Bug #15459 [9]: Add support for deterministic XPI generation * Bug #11387 [10], #13006 [11]: Fix non-standard EHLO argument * Bug #17118 [12]: Allow manual account configuration for Gmail with OAuth2 * Bug #19031 [13]: Add and audit support for RSS reader * Bug #7847 [14]: Audit and update support for NNTP * Bug #10683 [15]: Update Thunderbird UI to reflect TorBirdy's state * Bug #19330 [16]: Set secure defaults for outgoing mail servers * Removed compatibility for older versions of Thunderbird and added support for Thunderbird 37+ * Added support for automatic configuration of Riseup email accounts * Updated various privacy and security settings (see commit 2bdeffbb [17] for a list of the changes) * Update translations for current languages
Many thanks to Arthur Edelstein and the Tails Developers for this release!
We offer two ways of installing TorBirdy -- either by visiting our website [18] (GPG signature [19]; signed by 0xB01C8B006DA77FAA) or by visiting the Mozilla Add-ons page [20] for TorBirdy. Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page.
(Packages for Debian GNU/Linux will be created and uploaded shortly.)
[0] - https://bugs.torproject.org/6314 [1] - https://bugs.torproject.org/6315 [2] - https://gitweb.torproject.org/torbirdy.git/commit/?id=bfa822de6071e894dad3d5... [3] - https://bugzilla.mozilla.org/show_bug.cgi?id=902580 [4] - https://trac.torproject.org/projects/tor/wiki/torbirdy [5] - https://bugs.torproject.org/6314 [6] - https://bugs.torproject.org/6315 [7] - https://bugs.torproject.org/13721 [8] - https://bugs.torproject.org/17426 [9] - https://bugs.torproject.org/15459 [10] - https://bugs.torproject.org/11387 [11] - https://bugs.torproject.org/13006 [12] - https://bugs.torproject.org/17118 [13] - https://bugs.torproject.org/19031 [14] - https://bugs.torproject.org/7847 [15] - https://bugs.torproject.org/10683 [16] - https://bugs.torproject.org/19330 [17] - https://gitweb.torproject.org/torbirdy.git/commit/?id=2bdeffbb [18] - https://dist.torproject.org/torbirdy/torbirdy-current.xpi [19] - https://dist.torproject.org/torbirdy/torbirdy-current.xpi.asc [20] - https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
[Also on https://blog.torproject.org/blog/torbirdy-020-sixth-beta-release]