do not recommend vulnerable tor versions - update "recommended versions"
Most of the tor network runs versions vulnerable to CVE-2016-8860
for a current CW fraction / version distribution see: https://github.com/ornetstats/stats/blob/master/o/version_share.txt
Dir auths still have vulnerable versions in their recommended version string.
Drop all vulnerable version as soon as an updated TBB is available.