remove vulnerable tor versions from 'recommended versions'
Tor versions prior to v0.2.2.39, v0.2.3.22 and v0.2.4.3 should be removed from the 'recommended versions' consensus parameter to inform relay operators to update (at least the ones that read their logs ;)
The current recommended tor version list looks like this [1]:
consensus
client-versions 0.2.2.35,0.2.2.36,0.2.2.37,0.2.2.38,0.2.2.39,0.2.3.10-alpha,0.2.3.11-alpha,0.2.3.12-alpha,0.2.3.13-alpha,0.2.3.14-alpha,0.2.3.15-alpha,0.2.3.16-alpha,0.2.3.17-beta,0.2.3.18-rc,0.2.3.19-rc,0.2.3.20-rc,0.2.3.21-rc,0.2.3.22-rc,0.2.4.1-alpha,0.2.4.2-alpha,0.2.4.3-alpha
server-versions 0.2.2.35,0.2.2.36,0.2.2.37,0.2.2.38,0.2.2.39,0.2.3.10-alpha,0.2.3.11-alpha,0.2.3.12-alpha,0.2.3.13-alpha,0.2.3.14-alpha,0.2.3.15-alpha,0.2.3.16-alpha,0.2.3.17-beta,0.2.3.18-rc,0.2.3.19-rc,0.2.3.20-rc,0.2.3.21-rc,0.2.3.22-rc,0.2.4.1-alpha,0.2.4.2-alpha,0.2.4.3-alpha
[1] https://metrics.torproject.org/consensus-health.html
Trac:
Username: cypherpunkx