Loading CHANGELOG.md +194 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,200 @@ This file describes changes in Arti through the current release. Once Arti is more mature, we may switch to using a separate changelog for each crate. # Arti 1.8.0 — 1 December 2025 Arti 1.8.0 continues work on relay and directory authority development. This release introduces a new, usage-based timeout for strongly isolated circuits, experimental [`tokio-console`] support, a new `arti hsc ctor-migrate` command, and a configuration option for controlling which onion services to launch. As usual, there are also various under-the-hood improvements and bug fixes, which are documented below. <!-- Up to date as of f57f44a5. --> ### Breaking changes - In `arti-client`, `TorClient::launch_onion_service()` and `TorClient::launch_onion_service_with_hsid()` now return `None` if the onion service is disabled in the config. ### Security fixes - Added `Host` header validation for non-CONNECT requests to HTTP CONNECT port, to prevent adversarial web pages from probing the version of Arti and its capabilities. ([!3429], [!3468]) ### Major bugfixes - Arti no longer exits with an error if configured with a log file with no directory prefix. ([!3491], [#2240]) - `fs-mistrust` now has consistent behavior with `stat` and `mkdir`, which consider `""` to be an invalid path, and all of its error messages now include the file name that triggered the error. ([!3491], [#2265], [#2266]) ### Major features - Implemented a usage-based timeout for strongly isolated circuits, as specified in [proposal 368]. ([!3430], [#2237]) - New experimental `arti hsc ctor-migrate` command line invocation for migrating C Tor onion service client keys to the Arti keystore. ([!3390], [!3485], [#2213]) ### Breaking changes in lower-level crates - In `tor-proto`, we no longer export `ClientCircSyncView`, and `IncomingStreamRequestFilter` now takes a `&CircSyncView`. `ClientInitiatorHandshake::connect()` now returns an `UnverifiedClientChannel`, and `VerifiedChannel` and `UnverifiedChannel` are no longer `pub`. - In `tor-llcrypto`, `CtByteArray` no longer derives `Deref`. - In `tor-hsservice`, we no longer export `RestrictedDiscoveryConfig::build_unvalidated()`. ([!3503]) - In `tor-hsservice`, `OnionService::launch()` now returns `None` if the service is disabled in the config. - In `tor-circmgr`, the `CircMgrConfig` trait now requires that the implementing type also implements `AsRef<VanguardConfig>`, and the `vanguard_config()` function is no longer conditional upon feature flags. - In `tor-netdoc`, individual relay flags are now variants of a `RelayFlag` enum, rather than constants, and `RelayFlag` has a different API. `RouterStatus` now contains the new `DocRelayFlags` type. The `parse2` entrypoints now take a new `ParseInput`, `parse2::MultiplicitySelector` replaces `ItemSetSelector` etc. ### Onion service development - Individual onion services can now be disabled via the config. ([!3253], [#2133]) ### Relay development - Internal refactoring to support reusing `IncomingStreamRequestFilter` for exit relay streams. ([!3414]) - Various internal refactorings in `tor-proto`, to enable us to reuse implementation-agnostic parts of the client circuit reactor implementation for relays. ([!3408], [!3467], [!3470]) - Refactored the experimental `RelayCirc` API. ([!3410]) - Added an OR port listener task, for listening for incoming connections. ([!3396]) - In `tor-rtcompat`, TCP listening sockets have the same options set regardless of the underlying runtime. Additionally, we set `IPV6_V6ONLY` on Unix platforms to enable binding AF_INET and AF_INET6 sockets to the same port. ([!3457], [#2246]) - Added support for generating the keys and certificates relays need for TLS. ([!3349], [#2205]) - New configuration options for setting the OR port used for listening. ([!3466]) - Extracted the client- and relay-specific parts `UnverifiedChannel` and `VerifiedChannel` in separate modules. ([!3401]) - In `tor-circmgr`, `CircMgrConfig::vanguard_config()` is no longer feature-gated. ([!3498], [#2270]) ### Directory authority development - Added initial groundwork for the directory mirror component of `tor-dirserver`. ([!3301], [!3436], [!3426], [!3460], [!3501], [#2254], [#2255], [#2256]) - Many internal refactorings to reduce code duplication, and to improve the structure of the new netdoc parser. ([!3450], [!3456], [!3455], [!3486], [!3499]) - Overhauled `RelayFlags`, and added support for conditionally retaining unknown info. ([!3454], [!3477], [!3489]) - In `tor-netdoc`, much of the `encode` is now public. ([!3471]) - Improved the ergonomics of the new netdoc parser. ([!3478]) ### Testing - Updated the CLI tests to use use the new `cargo_bin_cmd!` macro, fixing a deprecation warning. ([4ed5695f844aec6bbe05ced9e8efde437bfece27]) - Fixed the flaky `client::circuit::test::bad_extend_crypto` test. ([!3433], [#2232]) - Replaced the deprecated `MockSleepProvider` with `SimpleMockTimeProvider`. ([!3424], [#1885]) ### Documentation - Added `perl-Time-Piece` to the list of required dependencies in `CONTRIBUTING.md`. ([66eedd0140cd85bc8abd43d790d1a0093b35d21d]) - Removed security disclaimer about onion service support. ([!3464]) - Improved the documentation of the new netdoc parser. ([!3479]) - Added documentation clarifying the behavior of the `max_concurrent_streams_per_circuit` onion service setting. ([!3492]) - Added `rate_limit_at_intro` to the example onion service config. ([!3493]) - Updated the anonticket URL in the README and CONTRIBUTING.md. ([!3500]) - Moved the naming convention documentation to the `poc` module. ([!3505]) ### Infrastructure - Rust 1.91 is now our "recent" Rust image in CI. ([!3418], [!3419]) - In CI, bump `shadow` to the latest version. ([!3431]) - Refactored the shadow CI test script to have better output. ([335148a46e68a40c08181ea732a6aa5f6ca113c8]) - In CI, the shadow tests now have a higher success threshold for onion service transfers. ([!3428]) - New `maint` script for checking if all published crates specify an MSRV in their `Cargo.toml`. ([!3405]) - Imported the latest changes from [`rust-maint-common`]. ([!3438]) ### Cleanups, minor features, and bugfixes - Updated dependencies. ([!3417]) - Replaced `copy_interactive` with our new `futures-copy` crate, to avoid spawning extra tasks and reduce lock contention. ([!3416], [#786]) - Added vim `*.swp` files to `.gitignore`. ([!3437]) - Added experimental support for [`tokio-console`]. ([!3441], [!3444], [!3445], [#2236]) - Bumped `pwd-grp` to 1.0.1. ([!3443], [#2136]) - Bumped `derive-deftly` to the latest version. ([!3448], [!3451], [!3494]) - Resolved the clippy lints reported by the beta version of Rust. ([!3449]) - Reduced the high-water mark for writes of `ChannelFrame`. ([!3447], [#2200]) - Renamed `OutPtr` to `OutBoxedPtr` for clarity in `arti-rpc-client-core`. ([!3439], [#1588]) - Added TODO about adding guardrails to prevent launching onion services with a different configuration than the one they were instantiated with. ([!3453], [#2249]) - Added an `InertTorClient` function for creating an `OnionService`. ([!3435], [#2118]) - Updated to the latest list of Tor fallback directories. ([!3459]) - Removed an outdated TODO. ([!3463]) - Added comment to explain why `RetryError` deduplicates the errors it displays. ([!3465], [!3474]) - Arti now displays a warning if the opentelemetry config is set, but the `opentelemetry` feature is not enabled. ([!3458], [#2247]) - Bumped `num-bugint-dig` to 0.8.6. ([!3475], [#2110]) - Improved error reporting in our HTTP CONNECT proxy. ([!3476]) - Fixed an incorrectly gated `match` arm in `tor-circmgr`. ([!3482]) - In `hashx`, the internal `Register::as_u8()` is now gated behind the `compiler` feature, fixing a dead code warning. ([!3483]) - `CtByteArray` no longer derives `Deref` ([!3432], [#2172]) - Improved opentelemetry instrumentation, to help debug [#2079] and other related issues. ([!3403]) - Arti's HTTP CONNECT proxy now returns a status code derived from the remote END reason. Additionally, the proxy now includes its supported capabilities in the `Tor-Capabilities` response header, to conform with [proposal365]. ([!3481], [!3473], [#2259]) - Added a missing test host to the shadow CI script. ([!3490]) - Fixed a typo in an onion service client error message. ([!3488]) - INTRODUCE_ACK errors now include the index of the introduction point the error originates from. ([!3495]) - Fixed a typo in a debug log. ([!3504]) - Fixed a number of nightly warnings. ([!3508]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Dimitris Apostolou, hashcatHitman, hjrgrn, Mynacol, Neel Chauhan, nield, Nihal, NoisyCoil. Also, our deep thanks to the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! <!-- links go here --> # Arti 1.7.0 — 30 October 2025 Arti 1.7.0 continues high-level and low-level work on relay development. Loading Loading
CHANGELOG.md +194 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,200 @@ This file describes changes in Arti through the current release. Once Arti is more mature, we may switch to using a separate changelog for each crate. # Arti 1.8.0 — 1 December 2025 Arti 1.8.0 continues work on relay and directory authority development. This release introduces a new, usage-based timeout for strongly isolated circuits, experimental [`tokio-console`] support, a new `arti hsc ctor-migrate` command, and a configuration option for controlling which onion services to launch. As usual, there are also various under-the-hood improvements and bug fixes, which are documented below. <!-- Up to date as of f57f44a5. --> ### Breaking changes - In `arti-client`, `TorClient::launch_onion_service()` and `TorClient::launch_onion_service_with_hsid()` now return `None` if the onion service is disabled in the config. ### Security fixes - Added `Host` header validation for non-CONNECT requests to HTTP CONNECT port, to prevent adversarial web pages from probing the version of Arti and its capabilities. ([!3429], [!3468]) ### Major bugfixes - Arti no longer exits with an error if configured with a log file with no directory prefix. ([!3491], [#2240]) - `fs-mistrust` now has consistent behavior with `stat` and `mkdir`, which consider `""` to be an invalid path, and all of its error messages now include the file name that triggered the error. ([!3491], [#2265], [#2266]) ### Major features - Implemented a usage-based timeout for strongly isolated circuits, as specified in [proposal 368]. ([!3430], [#2237]) - New experimental `arti hsc ctor-migrate` command line invocation for migrating C Tor onion service client keys to the Arti keystore. ([!3390], [!3485], [#2213]) ### Breaking changes in lower-level crates - In `tor-proto`, we no longer export `ClientCircSyncView`, and `IncomingStreamRequestFilter` now takes a `&CircSyncView`. `ClientInitiatorHandshake::connect()` now returns an `UnverifiedClientChannel`, and `VerifiedChannel` and `UnverifiedChannel` are no longer `pub`. - In `tor-llcrypto`, `CtByteArray` no longer derives `Deref`. - In `tor-hsservice`, we no longer export `RestrictedDiscoveryConfig::build_unvalidated()`. ([!3503]) - In `tor-hsservice`, `OnionService::launch()` now returns `None` if the service is disabled in the config. - In `tor-circmgr`, the `CircMgrConfig` trait now requires that the implementing type also implements `AsRef<VanguardConfig>`, and the `vanguard_config()` function is no longer conditional upon feature flags. - In `tor-netdoc`, individual relay flags are now variants of a `RelayFlag` enum, rather than constants, and `RelayFlag` has a different API. `RouterStatus` now contains the new `DocRelayFlags` type. The `parse2` entrypoints now take a new `ParseInput`, `parse2::MultiplicitySelector` replaces `ItemSetSelector` etc. ### Onion service development - Individual onion services can now be disabled via the config. ([!3253], [#2133]) ### Relay development - Internal refactoring to support reusing `IncomingStreamRequestFilter` for exit relay streams. ([!3414]) - Various internal refactorings in `tor-proto`, to enable us to reuse implementation-agnostic parts of the client circuit reactor implementation for relays. ([!3408], [!3467], [!3470]) - Refactored the experimental `RelayCirc` API. ([!3410]) - Added an OR port listener task, for listening for incoming connections. ([!3396]) - In `tor-rtcompat`, TCP listening sockets have the same options set regardless of the underlying runtime. Additionally, we set `IPV6_V6ONLY` on Unix platforms to enable binding AF_INET and AF_INET6 sockets to the same port. ([!3457], [#2246]) - Added support for generating the keys and certificates relays need for TLS. ([!3349], [#2205]) - New configuration options for setting the OR port used for listening. ([!3466]) - Extracted the client- and relay-specific parts `UnverifiedChannel` and `VerifiedChannel` in separate modules. ([!3401]) - In `tor-circmgr`, `CircMgrConfig::vanguard_config()` is no longer feature-gated. ([!3498], [#2270]) ### Directory authority development - Added initial groundwork for the directory mirror component of `tor-dirserver`. ([!3301], [!3436], [!3426], [!3460], [!3501], [#2254], [#2255], [#2256]) - Many internal refactorings to reduce code duplication, and to improve the structure of the new netdoc parser. ([!3450], [!3456], [!3455], [!3486], [!3499]) - Overhauled `RelayFlags`, and added support for conditionally retaining unknown info. ([!3454], [!3477], [!3489]) - In `tor-netdoc`, much of the `encode` is now public. ([!3471]) - Improved the ergonomics of the new netdoc parser. ([!3478]) ### Testing - Updated the CLI tests to use use the new `cargo_bin_cmd!` macro, fixing a deprecation warning. ([4ed5695f844aec6bbe05ced9e8efde437bfece27]) - Fixed the flaky `client::circuit::test::bad_extend_crypto` test. ([!3433], [#2232]) - Replaced the deprecated `MockSleepProvider` with `SimpleMockTimeProvider`. ([!3424], [#1885]) ### Documentation - Added `perl-Time-Piece` to the list of required dependencies in `CONTRIBUTING.md`. ([66eedd0140cd85bc8abd43d790d1a0093b35d21d]) - Removed security disclaimer about onion service support. ([!3464]) - Improved the documentation of the new netdoc parser. ([!3479]) - Added documentation clarifying the behavior of the `max_concurrent_streams_per_circuit` onion service setting. ([!3492]) - Added `rate_limit_at_intro` to the example onion service config. ([!3493]) - Updated the anonticket URL in the README and CONTRIBUTING.md. ([!3500]) - Moved the naming convention documentation to the `poc` module. ([!3505]) ### Infrastructure - Rust 1.91 is now our "recent" Rust image in CI. ([!3418], [!3419]) - In CI, bump `shadow` to the latest version. ([!3431]) - Refactored the shadow CI test script to have better output. ([335148a46e68a40c08181ea732a6aa5f6ca113c8]) - In CI, the shadow tests now have a higher success threshold for onion service transfers. ([!3428]) - New `maint` script for checking if all published crates specify an MSRV in their `Cargo.toml`. ([!3405]) - Imported the latest changes from [`rust-maint-common`]. ([!3438]) ### Cleanups, minor features, and bugfixes - Updated dependencies. ([!3417]) - Replaced `copy_interactive` with our new `futures-copy` crate, to avoid spawning extra tasks and reduce lock contention. ([!3416], [#786]) - Added vim `*.swp` files to `.gitignore`. ([!3437]) - Added experimental support for [`tokio-console`]. ([!3441], [!3444], [!3445], [#2236]) - Bumped `pwd-grp` to 1.0.1. ([!3443], [#2136]) - Bumped `derive-deftly` to the latest version. ([!3448], [!3451], [!3494]) - Resolved the clippy lints reported by the beta version of Rust. ([!3449]) - Reduced the high-water mark for writes of `ChannelFrame`. ([!3447], [#2200]) - Renamed `OutPtr` to `OutBoxedPtr` for clarity in `arti-rpc-client-core`. ([!3439], [#1588]) - Added TODO about adding guardrails to prevent launching onion services with a different configuration than the one they were instantiated with. ([!3453], [#2249]) - Added an `InertTorClient` function for creating an `OnionService`. ([!3435], [#2118]) - Updated to the latest list of Tor fallback directories. ([!3459]) - Removed an outdated TODO. ([!3463]) - Added comment to explain why `RetryError` deduplicates the errors it displays. ([!3465], [!3474]) - Arti now displays a warning if the opentelemetry config is set, but the `opentelemetry` feature is not enabled. ([!3458], [#2247]) - Bumped `num-bugint-dig` to 0.8.6. ([!3475], [#2110]) - Improved error reporting in our HTTP CONNECT proxy. ([!3476]) - Fixed an incorrectly gated `match` arm in `tor-circmgr`. ([!3482]) - In `hashx`, the internal `Register::as_u8()` is now gated behind the `compiler` feature, fixing a dead code warning. ([!3483]) - `CtByteArray` no longer derives `Deref` ([!3432], [#2172]) - Improved opentelemetry instrumentation, to help debug [#2079] and other related issues. ([!3403]) - Arti's HTTP CONNECT proxy now returns a status code derived from the remote END reason. Additionally, the proxy now includes its supported capabilities in the `Tor-Capabilities` response header, to conform with [proposal365]. ([!3481], [!3473], [#2259]) - Added a missing test host to the shadow CI script. ([!3490]) - Fixed a typo in an onion service client error message. ([!3488]) - INTRODUCE_ACK errors now include the index of the introduction point the error originates from. ([!3495]) - Fixed a typo in a debug log. ([!3504]) - Fixed a number of nightly warnings. ([!3508]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Dimitris Apostolou, hashcatHitman, hjrgrn, Mynacol, Neel Chauhan, nield, Nihal, NoisyCoil. Also, our deep thanks to the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! <!-- links go here --> # Arti 1.7.0 — 30 October 2025 Arti 1.7.0 continues high-level and low-level work on relay development. Loading
