I2P 0.9.14

Milestone information

Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon i2pupdate_0.9.14.zip (md5, sig) I2P 0.9.14 update 54
last downloaded 3 weeks ago
download icon i2psource_0.9.14.tar.bz2 (md5, sig) I2P 0.9.14 Source Code 552
last downloaded 11 weeks ago
download icon i2pinstall_0.9.14_windows.exe (md5, sig) I2P 0.9.14 Installer for Windows 102
last downloaded 37 weeks ago
download icon i2pinstall_0.9.14.jar (md5, sig) I2P 0.9.14 installer (Linux / OSX / FreeBSD / Solaris) 133
last downloaded 3 weeks ago
Total downloads: 841

Release notes 

0.9.14 includes critical fixes for XSS and remote execution vulnerabilities reported by Exodus Intel. As an added precaution, we have disabled several advanced configuration features in the router console, including installation of new plugins. We plan to re-enable these in a future release after additional review.

Due to I2P library changes, I2P-Bote users must upgrade their plugin to version 0.2.10 to work with I2P 0.9.14. Your router should update the plugin automatically after the router restarts.

The release also contains several bug fixes in i2ptunnel, i2psnark, and other areas, and updates to the latest Jetty, Tomcat, and Wrapper. We've also implemented a faster and more secure method for reseeding. Of course, there's also the usual collection of minor bug fixes and translation updates.

You must update to this release immediately. The best way to maintain security and help the network is to run the latest release.


Security Fixes

    Fix several XSS issues
    Disable changing news feed URL from UI
    Disable plugin install
    Disable setting unsigned update URL from UI
    Disable clients.config editing from the UI
    Add Content-Security-Policy and X-XSS-Protection headers
    Disable unused ExecNamingService (thx joernchen of Phenoelit)

Bug Fixes

    Fix tunnel building so it doesn't get "stuck" on a single pool
    Reject participating tunnels when hidden
    Several i2psnark improvements and fixes (GUI and DHT), including changes for better compatibility with Vuze


    Reseeding now fetches a signed zip file containing router infos for security and speed
    Use JVM's AES implementation if it is faster
    More advanced options shown in the i2ptunnel edit pages
    Per-message reliabilitiy settings in I2CP and error propagation back from router to client
    Lots of findbugs fixes and cleanups
    Support signature types in SAM, bump rev to 3.1
    New event log page in console
    Jetty 8.1.15.v20140411
    Tomcat 6.0.41
    Wrapper 3.5.25 (new installs and PPA only)
    Translation updates
    Update GeoIP data (new installs and PPA only)


This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.