I2P

I2P 0.9.14

Milestone information

Project:: I2P

Series:: trunk

Version:: 0.9.14

Released:: 2014-07-26

Registrant:: KYTV

Release registered:: 2014-07-26

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: No users assigned to blueprints and bugs.

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
i2pupdate_0.9.14.zip (md5, sig)	I2P 0.9.14 update	67 last downloaded 43 weeks ago
i2psource_0.9.14.tar.bz2 (md5, sig)	I2P 0.9.14 Source Code	563 last downloaded 43 weeks ago
i2pinstall_0.9.14_windows.exe (md5, sig)	I2P 0.9.14 Installer for Windows	123 last downloaded 40 weeks ago
i2pinstall_0.9.14.jar (md5, sig)	I2P 0.9.14 installer (Linux / OSX / FreeBSD / Solaris)	149 last downloaded 7 weeks ago
Total downloads:		902

Release notes

0.9.14 includes critical fixes for XSS and remote execution vulnerabilities reported by Exodus Intel. As an added precaution, we have disabled several advanced configuration features in the router console, including installation of new plugins. We plan to re-enable these in a future release after additional review.

Due to I2P library changes, I2P-Bote users must upgrade their plugin to version 0.2.10 to work with I2P 0.9.14. Your router should update the plugin automatically after the router restarts.

The release also contains several bug fixes in i2ptunnel, i2psnark, and other areas, and updates to the latest Jetty, Tomcat, and Wrapper. We've also implemented a faster and more secure method for reseeding. Of course, there's also the usual collection of minor bug fixes and translation updates.

You must update to this release immediately. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS

Security Fixes

    Fix several XSS issues
    Disable changing news feed URL from UI
    Disable plugin install
    Disable setting unsigned update URL from UI
    Disable clients.config editing from the UI
    Add Content-Security-Policy and X-XSS-Protection headers
    Disable unused ExecNamingService (thx joernchen of Phenoelit)

Bug Fixes

    Fix tunnel building so it doesn't get "stuck" on a single pool
    Reject participating tunnels when hidden
    Several i2psnark improvements and fixes (GUI and DHT), including changes for better compatibility with Vuze

Other

    Reseeding now fetches a signed zip file containing router infos for security and speed
    Use JVM's AES implementation if it is faster
    More advanced options shown in the i2ptunnel edit pages
    Per-message reliabilitiy settings in I2CP and error propagation back from router to client
    Lots of findbugs fixes and cleanups
    Support signature types in SAM, bump rev to 3.1
    New event log page in console
    Jetty 8.1.15.v20140411
    Tomcat 6.0.41
    Wrapper 3.5.25 (new installs and PPA only)
    Translation updates
    Update GeoIP data (new installs and PPA only)

Changelog

This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

Related milestones and releases

This milestone contains Public information

Everyone can see this information.