i2p.www/i2p2www/blog/2014/07/26/0.9.14-Release.rst

{% trans -%}
==============
0.9.14 Release
==============
{%- endtrans %}

.. meta::
   :author: zzz
   :date: 2014-07-26
   :category: release
   :excerpt: {% trans %}0.9.14 includes critical security fixes{% endtrans %}

{% trans -%}
0.9.14 includes critical fixes for XSS and remote execution vulnerabilities reported by Exodus Intelligence.
As an added precaution, we have disabled several advanced configuration features in the router console,
including installation of new plugins.
We plan to re-enable these in a future release after additional review.
{%- endtrans %}

{% trans -%}
Due to I2P library changes, I2P-Bote users must upgrade their plugin to version 0.2.10 to work with I2P 0.9.14.
Your router should update the plugin automatically after the router restarts.
{%- endtrans %}

{% trans -%}
The release also contains several bug fixes in i2ptunnel, i2psnark, and other areas,
and updates to the latest Jetty, Tomcat, and Wrapper.
We've also implemented a faster and more secure method for reseeding.
Of course, there's also the usual collection of minor bug fixes and translation updates.
{%- endtrans %}

{% trans -%}
You must update to this release immediately. The best way to
maintain security and help the network is to run the latest release.
{%- endtrans %}


**{% trans %}RELEASE DETAILS{% endtrans %}**

**{% trans %}Security Fixes{% endtrans %}**

- {% trans %}Fix several XSS issues{% endtrans %}
- {% trans %}Disable changing news feed URL from UI{% endtrans %}
- {% trans %}Disable plugin install{% endtrans %}
- {% trans %}Disable setting unsigned update URL from UI{% endtrans %}
- {% trans %}Disable clients.config editing from the UI{% endtrans %}
- {% trans %}Add Content-Security-Policy and X-XSS-Protection headers{% endtrans %}
- {% trans %}Disable unused ExecNamingService (thx joernchen of Phenoelit){% endtrans %}


**{% trans %}Bug Fixes{% endtrans %}**

- {% trans %}Fix tunnel building so it doesn't get "stuck" on a single pool{% endtrans %}
- {% trans %}Reject participating tunnels when hidden{% endtrans %}
- {% trans %}Several i2psnark improvements and fixes (GUI and DHT), including changes for better compatibility with Vuze{% endtrans %}


**{% trans %}Other{% endtrans %}**

- {% trans %}Reseeding now fetches a signed zip file containing router infos for security and speed{% endtrans %}
- {% trans %}Use JVM's AES implementation if it is faster{% endtrans %}
- {% trans %}More advanced options shown in the i2ptunnel edit pages{% endtrans %}
- {% trans %}Per-message reliabilitiy settings in I2CP and error propagation back from router to client{% endtrans %}
- {% trans %}Lots of findbugs fixes and cleanups{% endtrans %}
- {% trans %}Support signature types in SAM, bump rev to 3.1{% endtrans %}
- {% trans %}New event log page in console{% endtrans %}
- Jetty 8.1.15.v20140411
- Tomcat 6.0.41
- {% trans %}Wrapper 3.5.25 (new installs and PPA only){% endtrans %}
- {% trans %}Translation updates{% endtrans %}
- {% trans %}Update GeoIP data (new installs and PPA only){% endtrans %}


**{% trans %}SHA256 Checksums:{% endtrans %}**

::

    8e400551866c790e72d14d6f340653cb6e8c4c323cc8124f65200ec38a78aa75  i2pinstall_0.9.14_windows.exe
    a3731f5ac0ca1fab4777ec9894e5064a576e9805785027a49850b9857898ef0a  i2pinstall_0.9.14.jar
    30bb7bbfd1ff829dab048bbb6264d6cf20b2a01511e7cddd4fc13771feb6a780  i2psource_0.9.14.tar.bz2
    404b0e6997474097cf7bd7ca006e59442d502b178dd3dd5de16e26d99a152ceb  i2pupdate_0.9.14.zip
    94eb8e05df8b9d95e034810c6132c51634acb3e7f7c9ece8f473af238740a27d  i2pupdate.su2
    fe64bfd41710a97bc6b0ceeebd95a99f0c757c6c815e9cf8c6a0c336043add91  i2pupdate.su3
    38b1966729e464696c6bace65e38fbdeb0a750f227a9f6b40b30ab498eff83ac  i2pupdate.sud
release notes draft 2014-07-26 22:16:52 +00:00			`{% trans -%}`
			`==============`
			`0.9.14 Release`
			`==============`
			`{%- endtrans %}`
Attempt to fix RST-related syntax errors 2019-02-15 11:16:53 +00:00
release notes draft 2014-07-26 22:16:52 +00:00			`.. meta::`
			`:author: zzz`
			`:date: 2014-07-26`
			`:category: release`
Blog post fixes 2014-07-26 22:48:49 +00:00			`:excerpt: {% trans %}0.9.14 includes critical security fixes{% endtrans %}`
release notes draft 2014-07-26 22:16:52 +00:00
			`{% trans -%}`
update credit 2014-07-27 11:02:23 +00:00			`0.9.14 includes critical fixes for XSS and remote execution vulnerabilities reported by Exodus Intelligence.`
release notes draft 2014-07-26 22:16:52 +00:00			`As an added precaution, we have disabled several advanced configuration features in the router console,`
			`including installation of new plugins.`
			`We plan to re-enable these in a future release after additional review.`
			`{%- endtrans %}`

			`{% trans -%}`
			`Due to I2P library changes, I2P-Bote users must upgrade their plugin to version 0.2.10 to work with I2P 0.9.14.`
			`Your router should update the plugin automatically after the router restarts.`
			`{%- endtrans %}`

			`{% trans -%}`
			`The release also contains several bug fixes in i2ptunnel, i2psnark, and other areas,`
			`and updates to the latest Jetty, Tomcat, and Wrapper.`
			`We've also implemented a faster and more secure method for reseeding.`
			`Of course, there's also the usual collection of minor bug fixes and translation updates.`
			`{%- endtrans %}`

			`{% trans -%}`
			`You must update to this release immediately. The best way to`
			`maintain security and help the network is to run the latest release.`
			`{%- endtrans %}`


			`{% trans %}RELEASE DETAILS{% endtrans %}`

			`{% trans %}Security Fixes{% endtrans %}`

			`- {% trans %}Fix several XSS issues{% endtrans %}`
			`- {% trans %}Disable changing news feed URL from UI{% endtrans %}`
			`- {% trans %}Disable plugin install{% endtrans %}`
			`- {% trans %}Disable setting unsigned update URL from UI{% endtrans %}`
			`- {% trans %}Disable clients.config editing from the UI{% endtrans %}`
			`- {% trans %}Add Content-Security-Policy and X-XSS-Protection headers{% endtrans %}`
			`- {% trans %}Disable unused ExecNamingService (thx joernchen of Phenoelit){% endtrans %}`


			`{% trans %}Bug Fixes{% endtrans %}`

			`- {% trans %}Fix tunnel building so it doesn't get "stuck" on a single pool{% endtrans %}`
			`- {% trans %}Reject participating tunnels when hidden{% endtrans %}`
			`- {% trans %}Several i2psnark improvements and fixes (GUI and DHT), including changes for better compatibility with Vuze{% endtrans %}`


			`{% trans %}Other{% endtrans %}`

			`- {% trans %}Reseeding now fetches a signed zip file containing router infos for security and speed{% endtrans %}`
			`- {% trans %}Use JVM's AES implementation if it is faster{% endtrans %}`
			`- {% trans %}More advanced options shown in the i2ptunnel edit pages{% endtrans %}`
			`- {% trans %}Per-message reliabilitiy settings in I2CP and error propagation back from router to client{% endtrans %}`
			`- {% trans %}Lots of findbugs fixes and cleanups{% endtrans %}`
			`- {% trans %}Support signature types in SAM, bump rev to 3.1{% endtrans %}`
			`- {% trans %}New event log page in console{% endtrans %}`
			`- Jetty 8.1.15.v20140411`
			`- Tomcat 6.0.41`
			`- {% trans %}Wrapper 3.5.25 (new installs and PPA only){% endtrans %}`
Blog post fixes 2014-07-26 22:48:49 +00:00			`- {% trans %}Translation updates{% endtrans %}`
release notes draft 2014-07-26 22:16:52 +00:00			`- {% trans %}Update GeoIP data (new installs and PPA only){% endtrans %}`


			`{% trans %}SHA256 Checksums:{% endtrans %}`

			`::`

			`8e400551866c790e72d14d6f340653cb6e8c4c323cc8124f65200ec38a78aa75 i2pinstall_0.9.14_windows.exe`
			`a3731f5ac0ca1fab4777ec9894e5064a576e9805785027a49850b9857898ef0a i2pinstall_0.9.14.jar`
			`30bb7bbfd1ff829dab048bbb6264d6cf20b2a01511e7cddd4fc13771feb6a780 i2psource_0.9.14.tar.bz2`
			`404b0e6997474097cf7bd7ca006e59442d502b178dd3dd5de16e26d99a152ceb i2pupdate_0.9.14.zip`
			`94eb8e05df8b9d95e034810c6132c51634acb3e7f7c9ece8f473af238740a27d i2pupdate.su2`
			`fe64bfd41710a97bc6b0ceeebd95a99f0c757c6c815e9cf8c6a0c336043add91 i2pupdate.su3`
			`38b1966729e464696c6bace65e38fbdeb0a750f227a9f6b40b30ab498eff83ac i2pupdate.sud`