I2P 0.9.9

Milestone information

Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon i2pupdate_0.9.9.zip (md5, sig) I2P 0.9.9 update 100
last downloaded 23 weeks ago
download icon i2psource_0.9.9.tar.bz2 (md5, sig) I2P 0.9.9 Source Code 158
last downloaded 15 weeks ago
download icon i2pinstall_0.9.9_windows.exe (md5, sig) I2P 0.9.9 Installer for Windows 1,044
last downloaded 3 weeks ago
download icon i2pinstall_0.9.9.jar (md5, sig) I2P 0.9.9 installer (Linux / OSX / FreeBSD / Solaris) 156
last downloaded 15 weeks ago
Total downloads: 1,458

Release notes 

0.9.9 fixes a number of bugs in the netdb, streaming, and i2ptunnel, and starts work on a year-long plan to increase the strength of the cryptographic signing algorithms used in the router, and support multiple algorithms and key lengths simultaneously. Automatic update files will now be signed with 4096-bit RSA keys.

We now support SSL between your router and your servers for security. See http://zzz.i2p/topics/1495 for more information.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release. Several members of the I2P team will be at 30C3 in Hamburg this year. Come say hello and ask for an I2P sticker. Thanks to everyone for their support this year.


Anonymity Improvements

- Don't build client tunnels through zero-hop exploratory tunnels
- New "su3" file support using stronger keys
- Use su3 for updates

Bug Fixes

- Issues with losing data when closing streams
- Fix various streaming connection limit issues
- Issues with resource usage of closed connections
- Clean up timer threads in close-on-idle tunnels
- Several other streaming fixes
- Reject more non-public IPv6 addresses
- Fix IPv6 GeoIP
- Fix peer selection in first minutes after startup
- Several I2PTunnel bug fixes
- Fix major i2psnark DHT bug that prevented magnets from working well
- Fix client tunnels that fail due to name resolution failure at startup, particularly with b32 hostnames
- Fix changing client i2ptunnel target list
- Fix major bugs preventing reception of encrypted responses to leaseset lookups and verifies
- Fix bad links on some i2psnark buttons in Opera and text-mode browsers
- Fix NPE in Susimail


- Start work on supporting stronger signing keys in the router
- Reduce thread usage for HTTP Server tunnels
- Auto-stop update torrent after some time
- Add ability to stop webapp via console
- New POST throttler in HTTP server tunnel
- Improve connection throttling
- More work to reduce number of connections
- Re-enable router info expiration job
- Extend router info expiration and other changes to reduce load on floodfills
- Support multiple servers through a single server tunnel
- Support specification of server port in i2ptunnel clients
- Add support for SSL connections from i2ptunnel to external server
- SSL and crypto code refactoring
- i2psnark storage code refactoring
- New destination cache
- Lots of code cleanup and resolution of findbugs warnings
- New Japanese translation (partial)
- Translation updates: French, German, Italian, Romanian, Russian, Spanish, Swedish, and others
- Jetty 7.6.13.v20130916
- Wrapper 3.5.22 (new installs and PPA only)
- Update GeoIP data (new installs and PPA only)


View the full changelog

2013-12-04 zzz
i2psnark: Fix ConnectionAcceptor not restarting after tunnel
  restart, preventing incoming connections

2013-12-01 kytv
 * Update geoip.txt based on Maxmind GeoLite Country database from 2013-11-05.
 * French, Italian, Romanian, Spanish, and Swedish translation updates from transifex

2013-11-28 dg
 * I2PTunnel: Don't send 'X-Powered-By' on HTTP server tunnels for anonymity reasons.

2013-11-25 str4d
 * Reseed: Listen to "Require SSL" config option

2013-11-23 zzz
 * i2ptunnel: Clean up old timer threads

2013-11-23 str4d
 * susimail: Fix NPE when deleting last message (ticket #414)

2013-11-19 kytv
 * Translation updates and start of Japanese translation pulled from Transifex

2013-11-14 kytv
 * Update Java Service Wrapper to v3.5.22
    - Windows: Self-compiled with VS2010 in Windows 7. The icon has been
      changed from Tanuki's default to Itoopie.
    - Linux ARMv6: Compiled on a RaspberryPi using gcc 4.6.3-14+rpi1,
      Icedtea6 6b27-1.12.5-1+rpi1 and stripped
    - All other binaries are from the "community edition" deltapack offered by

2013-11-14 zzz
 * Tunnels: Fix reception of encrypted responses to LS lookups (ticket #1125)

2013-11-07 zzz
 * i2psnark: Fix file links, broken in -12 (ticket #1114)
 * Logging: Track duplicates across flush interval (ticket #1110)
 * NetDB: Fix RI publish interval, broken in -7

2013-11-03 zzz
 * NetDB: Allow store of leaseset as long as one lease has not expired
 * Transport:
   - Expire wasUnreachable entries, so inbound tunnel build failures
     don't escalate
   - Add network status to event log

2013-11-01 zzz
 * Transport: Fix GeoIPv6 (ticket #1096)

2013-10-31 zzz
 * i2psnark: Always verify file lengths at startup (ticket #1099)
 * Transports: Increase threshold for idle timeout reduction
   (partially back out change from -10)

2013-10-29 dg
 * i2psnark: Start torrents by default (ticket #1072)

2013-10-29 zzz
 * i2psnark: Fix start and start-all buttons on text-mode browsers
   and Opera (ticket #1093)
 * InboundMessageDistributor:
   - Don't discard an encrypted DSRM received
     down a tunnel, just strip the hashes like we do for unencrypted
   - Send a store of our own encrypted LS received down a tunnel to
     the InNetMessagePool so the FloodfillVerifyStoreJob will see it.
 * NetDB: Fix LS store verifies with encrypted replies
   by storing the tagset with the correct SKM for the inbound tunnel used.
   Broken since 0.9.7 when it was introduced.
 * Tunnels:
   - Build a new exploratory fallback tunnel in the BuildExecutor
     loop if we run out.
   - Don't use closest expl. tunnel as the paired tunnel for a build,
     use a random one instead (partially back out change from -12)

2013-10-29 meeh
 * Adding no.i2p registrar

2013-10-28 dg
 * I2PTunnel: Enable persistent keying for SOCKS tunnels (ticket #1088)

2013-10-27 zzz
 * Streaming; Fix crash caused by previous blacklist fix (ticket #1070)

2013-10-26 zzz
 * i2psnark: Display base name, not torrent file name (ticket #985)
 * I2PTunnel HTTP server: New POST limiter
 * Profiles: Ensure we select random peers even before the first reorganization
 * Streaming: Randomize end of first conn limit period
 * Tunnels:
   - Don't use fallback expl. tunnels as the paired tunnel
     for a client tunnel build.
   - Fix selection of an expl. tunnel close to a hash

2013-10-25 zzz
 * Router: Only log ping file error once (ticket #1086)
 * Streaming:
   - Check blacklist/whitelist before connection limits, so
     a blacklisted peer does not increment the counters
   - Don't increment total throttle if peer is throttled
   - Fix blacklist NPE after config change (ticket #1070)
 * Transports: Reduce connection idle time sooner

2013-10-24 zzz
 * i2psnark: Drop incoming connections on HTTP port
 * I2PTunnel: Don't let uncaught exception kill server acceptor (ticket #1070)
 * I2PTunnel standard, HTTP, and IRC servers:
   Route connections to specific targets based on incoming I2P port
   with custom option targetForPort.xxxx=myserver:yyyy
   This allows multiple services on a single server tunnel (ticket #1066)

2013-10-23 zzz
 * I2PTunnel standard and IRC clients:
   - Allow host:port targets; set defaults in i2ptunnel.config (ticket #1066)
   - Don't fail start if hostname is unresolvable; retry at connect time (ticket #946)
   - Output IRC message on connect exception
   - Update target list on-the-fly when configuration changes
 * NetDB:
   - Increase RI publish interval to reduce the connection load on ffs
   - Save RI-last-published time; check it before publishing

2013-10-19 zzz
 * NetDB:
   - Reinstate ExpireRoutersJob
   - Reduce min part. tunnels for floodfill
   - Reduce floodfill redundancy

2013-10-17 zzz
 * I2CP: Move SSL client socket code to util,
   move cert location to certificates/i2cp.
 * I2PTunnel: Support SSL for connection to local server
   for Standard, HTTP, and IRC server tunnels.
   Put server cert in certificates/i2ptunnel if necessary.
 * Streaming: Throw IOE if socket is closed (ticket #1077)

2013-10-14 kytv
 * French translation updates from Transifex

2013-10-14 zzz
 * Translations: Move country names to a new resource bundle

2013-10-13 zzz
 Prop from branch i2p.i2p.zzz.test2:
 * Console:
   - Implement webapp state detection and stop button for webapps
     on /configclients (Ticket #1025)
   - Set per-connector acceptors back to 1, Jetty default changed to 2?
   - Tag strings on /jobs (ticket #969)
 * Data Structures:
   - Make Destination and RouterIdentity keys and cert immutable
   - Add Destination cache
 * i2psnark:
   - Combine getPeers and announce into a single method, as we must announce to
     the closest from the getPeers, not the closest from the kbuckets
   - Stop getPeers when nothing closer is found
   - Increase DHT dest lookup, search timeouts, and max search depth
   - Loop tracker client faster when in magnet mode or if DHT announce fails
   - Don't return an empty peers list in DHT if we only know about the requestor
   - Refactor Storage file data structures
   - Sort files when creating torrents
   - Add torrent auto-stop support; enable for update file
   - Add tunnel auto-close when no torrents are running
   - Close socket before closing output stream to avoid blocking in
     Peer.disconnect(), and prevent Peer.disconnect() loop
 * I2PTunnelHTTPServer: Don't thread a receiver for GET or HEAD
 * Jetty 7.6.13.v20130916
 * Logging:
   - Require strict match of class name component
   - parseLimits() cleanup
 * SSU: More efficient InboundMessageState
 * Streaming:
   - Fix active stream counting so it doesn't count streams
     that are closed and in TIME-WAIT state. Also, break out of the
     counting loop as soon as we know the answer. (Ticket #1039)
   - Consolidate scheduling of DisconnectEvent, and ensure
     we only do it once. (Ticket #1041)
   - Atomics for close/reset send/receive
     so we only do things once. (Ticket #1041)
   - Remove setCloseReceivedOn(), unused outside Connection
   - OR the isFlagSet parameter instead of multiple calls
   - Remove acked packets from _outboundPackets inside synced iterator
   - Short-circuit _outboundPackets iterator if empty
   - Small optimization if not logging in ConnectionPacketHandler
   - Stub out processing of close ack (ticket #1042)
   - Don't queue a message for an unknown connection on the SYN queue
     if it has a send ID set, it must be for a recently closed connection
   - Major rework of connection disconnect process. Tickets 1040-1042.
   - Prevent multiple calls or reentrancy in disconnect() (ticket #1041)
   - Implement processing of close to skip TIME-WAIT, and
     wait for all packets to be acked (not just the CLOSE) before
     doing so, if possible (ticket #1042)
   - Don't call disconnect() or disconnectComplete() from I2PSocketFull.destroy()
     so retransmissions and acks can still happen (removes some close loops)
   - Don't call disconnect() until we have both sent and received a CLOSE (ticket #1040)
   - Don't reset the connection from CPH just because we sent a CLOSE
     and it was acked (ticket #1040)
   - Ack packets even if we sent a CLOSE (ticket #1040)
   - Retransmit CLOSE if not acked (ticket #1040)
   - Send received packets to the MessageInputStream even if we haven't received a SYN
   - Don't call MessageInputStream.messageReceived() for ack-only packets, that was pointless
   - Don't send a RESET after timeout of an outbound connection
   - Work around bugs on other end by limiting retransmission of CLOSE packets
   - Make I2PSocketFull.close() nonblocking; it will now cause any user-side
     writes blocked in I/O (Connection.packetSendChoke()) to throw
     an exception (tickets #629, #1041)
   - Don't ignore InterruptedExceptions; throw InterruptedIOException
   - MessageInputStream locking fixes
   - Make _isInbound final
   - More cleanups, javadocs, log tweaks
 * Transport: Treat more IPs as local
   - 25/8 Hamachi (moved from 5/8 Nov. 2012)
   - 2620:9b::/32 Hamachi
   - 3ffc::/16 6bone
   - 2001:db8::/32 example (RFC 3849)
   - 0::/8 Includes IPv4 compatibility addresses ::xxxx:xxxx
 * Update:
   - Support notification of updates that cannot be downloaded
     due to "constraints". Add constraint checks for java version,
     router version, configuration, and base permissions. (ticket #1024)
   - Thread news fetcher so it doesn't clog the scheduler
 * Watchdog: Format messages better

2013-10-06 zzz
 Prop from branch i2p.i2p.zzz.ecdsa:
 * Build:
   - Generate su3 file in release target
   - Add zzz's new RSA 4096 pubkey cert for updates
   - Fix checkcerts.sh
 * Console: Move advanced setting to HelperBase
 * DSAEngine changes:
   - Implement raw sign/verify for other SigTypes
   - Add sign/verify methods using Java keys
 * ECDSA Support:
   - Add ECConstants which looks for named curves and falls back to
     explicitly defining the curves
   - Add support for ECDSA to SigType, DSAEngine and KeyGenerator
   - Attempt to add BC as a Provider
   - genSpec: fallback to BC provider
 * EepGet:
   - Fix non-proxied PartialEepGet
   - Prevent non-proxied eepget for an I2P host
 * KeyGenerator changes:
   - Generate key pairs for all supported SigTypes
   - KeyPairGen: Catch ProviderException, fallback to BC provider
   - Add KeyGenerator main() tests
 * KeyRing and DirKeyRing added: simple backend for storing X.509 certs
 * KeyStoreUtil added:
   - Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
     SSLClientListenerRunner, and RouterConsoleRunner into new
     KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
   - Change default to RSA 2048 (ticket #1017)
   - Set file modes on written keys
   - Overwrite check in createKeys()
   - New getCert(), getKey()
   - Extend keygen max wait
   - Read back private key to verify after keygen
   - Validate cert after reading from file
   - Validate CN in cert
   - Specify cert signature algorithm when generating keys
 * NativeBigInteger: Tweak to prevent early context instantiation
 * RSA support added: constants, parameters, sig types, support in DSAEngine, KeyGenerator, SigUtil
 * SHA1Hash: Add no-arg constructor
 * SigType changes:
   - Add parameters (curve specs) to SigTypes
   - Add getHashInstance()
   - Add RSA, fix ECDSA
   - Renumber, rename, comment out types that are too short.
 * SigUtil added:
   - Converters from Java formats (ASN.1, X.509, PKCS#8)
     to I2P formats for Signatures and SigningKeys
   - Move ASN.1 converter from DSAEngine to SigUtil, generalize
     for variable length, add support for longer sequences,
     add more sanity checks, add more exceptions
   - Move I2P-to-Java DSA key conversion from DSAEngine to SigUtil
   - Add Java-to-I2P DSA key conversion
   - Add Java key import
   - New split() and combine() methods
 * SSLEepGet: Move all certificates to certificates/ssl, in preparation
   for other certificate uses by SU3File
 * SU3File changes:
   - Support all SigTypes
   - Implement keygen
   - Readahead to get sigtype on verify, as we need the hash type
   - Enum for content type
   - Add unknown content type, make default
   - Fix NPE if private key not found or sign fails
   - Store generated keys in keystore, and get private key from keystore
     for signing, in Java format
   - Use Java keys to sign and verify so we don't
     lose the key parameters in the conversion to I2P keys
   - Type checking of Java private key vs. type when signing
   - Use certs instead of public keys for verification
   - Fix arg processing
   - Improve validate-without-extract
   - New extract command
   - Change static fields to avoid early context init
   - Reduce PRNG buffer size for faster signing
 * Update: Preliminary work for su3 router updates:
   - New ROUTER_SIGNED_SU3 UpdateType
   - Add support for torrent and HTTP
   - Refactor UpdateRunners to return actual UpdateType
   - Deal with signed/su3 conflicts
   - Verify and extract su3 files.
   - Stub out support for clearnet su3 updating
   - New config for proxying news, separate from proxying update
   - PartialEepGet and SSLEepGet tweaks to support clearnet update
   - Remove proxy, key, and url config from /configupdate
   - More URI checks in UpdateRunner
   - Add https support for news fetch
   - Add su3 mime type
   - Reset found version in update loop so we don't fetch from
     the next host too.
   - Prevent NPE on version after SSL fetch

* 2013-10-02 released

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.