This release contains critical security updates.
PLEASE UPDATE from V6.4.0 to V6.4.1.
The anonymity in V6.4.0 did not function properly.
Users are advised to only enable anonymous downloading in V6.4.1 it if
they understand the implications stated within the on-screen advisory.
Our experimental hidden seeding feature did not perform adequately.
You are likely to function as a exit node for the traffic of other
users. Very very bad of us. We're working hard on fixing this issue,
but that will take significant amount of work (issue #23 in Github).
We want to get this right. We are very grateful for the help that
security expert "Yawning" is giving us. All critical issues raised by
him/her are either fixed or are being working on. Especially the
advise to replace our simplistic AES-ECB with AES-GCM saved us quite
some development time. You can track our progress at:
#1066
Detailed issues:
- removed all references to gmpy.rand (security cleanup)
- one-time AES keys are generated with python's random.randint() (FIXED)
- code for researching homomorphic encryption removed, how not to do
RSA: def rsa_encrypt(key, element) (security cleanup) - warn user about the dangers of enabling anonymity (temporary emergency fix)
- Fix Tribler crashes when starting Tribler just after stopping it.
- Fix: allow removing torrents from own channel (Thanks Dan Arnould!)
- Fixes for the tunnel community.
- Make TunnelCommunity (P2P encrypted proxy downloads) loading configurable and disabled by default
- Opt-in dialog for TunnelCommunity
- Several fixes and cleanups for the cryptographic code.
- Update .deb dependencies
- Update windows packager for new curves.ec location
- Updated tunneled download test description
To see a complete list of the changes, please see:
v6.4.0...v6.4.1