I2P 0.9.5 Released
Written for I2P by KYTV on 2013-03-09
0.9.5 includes bug fixes and defenses for some issues and vulnerabilities that are being investigated by researchers at UCSB. We continue to work with them on additional improvements. This is a good opportunity to remind the community that while our network continues to grow rapidly, it is still relatively small. There may be multiple weaknesses or bugs that could compromise your anonymity. Help us grow the network by spreading the word and contributing where you can.
In this upgrade cycle, a random 1% of routers, (plus all routers running a development build) will attempt to update via the experimental in-network bittorrent with i2psnark. If this doesn't work, it should fall back to standard in-network HTTP update.
Files are available on the download page.
RELEASE DETAILS
Defenses and Bug Fixes
- Fix router bug causing lockup when using iMule
- Recognize, handle, reject duplicate tunnel IDs
- Fix changing of the log file name
- Prevent hashcode attack in session tags
- Add build request throttler based on previous hop
- Limit concurrent next-hop lookups
- Catch exceptions storing nonces in console
- Fix saving graph settings in console
- Fix eepget generation of URLs when not proxied
- Encrypt database lookup messages end-to-end when sent through
exploratory tunnels
- Don't use multiple floodfills from the same /16 in a query
- Randomize delay before verifying floodfill store
- Increase number of floodfills
Other
- Improve support for mobile browsers
- Partial defenses for UCSB attacks
- Add announce list support to i2psnark
- Jetty: upgrade Apache Tomcat to 6.0.36
- Split router info files into multiple subdirectories
- Add IP to hostname mapping option in SOCKS
- Improve PRNG seeding
- Translation updates: French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Russian, Swedish
- Update GeoIP data (new installs and PPA only)
- Update wrapper to 3.5.17 (new installs and PPA only)
