I2P_Developers/i2p.newsxml
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
1829ed012e0f7d8cde4b3a44cfbdf2c65caef7e2
i2p.newsxml/data/entries.html
eyedeekay 1829ed012e fix version numbers and blog post URLS
2023-07-11 17:27:23 -04:00

1501 lines
61 KiB
HTML
Raw Blame History

<div>
<header title="I2P News">News feed, and router updates</header>
<article
id="urn:uuid:"
title="New Release I2P 2.3.0 - Security Fixes, Tweakable blocklists, DTG API"
href="http://i2p-projekt.i2p/en/blog/post/2023/06/25/new_release_2.3.0"
author="idk"
published="2023-06-25T12:00:00Z"
updated="2023-06-25T12:00:00Z">
<details>
<summary>I2P 2.3.0 - Security Fixes, Tweakable blocklists, DTG API</summary>
</details>
<p>
This release contains fixes for CVE-2023-36325.
CVE-2023-36325 is a context-confusion bug which occurred in the bloom filter.
An attacker crafts an I2NP message containing a unique messageID, and sends that messageID to a client.
The message, after passing through the bloom filter, is not allowed to be re-used in a second message.
The attacker then sends the same message directly to the router.
The router passes the message to the bloom filter, and is dropped.
This leaks the information that the messageID has been seen before, giving the attacker a strong reason to believe that the router is hosting the client.
This has been fixed by separting the bloom filter's functionality into different contexts based on whether a message came down a client tunnel, an exploratory tunnel, was sent to the router directly.
Under normal circumstances, this attack takes several days to perform successfully and may be confounded by several factors such as routers restarting during the attack phase and sensitivity to false-positives.
Users of Java I2P are recommended to update immediately to avoid the attack.
</p>
<p>
In the course of fixing this context confusion bug, we have revised some of our strategies to code defensively, against these types of leaks.
This includes tweaks to the netDb, the rate-limiting mechanisms, and the behavior of floodfill routers.
</p>
<p>
This release adds not_bob as a second default hosts provider, and adds <a href="http://notbob.i2p">notbob.i2p</a> and <a href="http://ramble.i2p">ramble.i2p</a> to the console homepage.
</p>
<p>
This release also contains a tweakable blocklist.
Blocklisting is semi-permanent, each blocked IP address is normally blocked until the router is restarted.
Users who observe explosive blocklist growth during sybil attacks may opt-in to shorter timeouts by configuring the blocklist to expire entries at an interval.
This feature is off-by-default and is only recommended for advanced users at this time.
</p>
<p>
This release also includes an API for plugins to modify with the Desktop GUI(DTG).
It is now possible to add menu items to the system tray, enabling more intuitive launching of plugins which use native application interfaces.
</p>
<p>
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:d960054d-6e03-4638-b808-cd3dadae40d5"
title="New Release 2.2.1, Packaging fixes for Docker, Ubuntu Lunar and Debian Sid"
href="http://i2p-projekt.i2p/en/blog/post/2023/4/12/new_release_2.2.1"
author="idk"
published="2023-04-12T03:00:00Z"
updated="2023-04-12T03:00:00Z">
<details>
<summary>I2P 2.2.1 - maintenance release for 2.2.0</summary>
</details>
<p>
After the I2P 2.2.0 release, which was moved forward to accelerate mitigations for the DDOS attacks, we learned about a few developing issues which made it necessary to build and release new packages.
This release fixes an issue within Ubuntu Lunar and Debian Sid where the router console was inaccessible using an updated version of the jakarta package.
Docker packages were not reading arguments correctly, resulting in inaccessible configuration files.
This issue has also been resolved.
The docker container is now also compatible with Podman.
</p>
<p>
This release syncs translations with transifex and updates the GeoIP database.
</p>
<p>
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:3b44ff84-d820-4976-bb4a-9c6e4dd3e362"
title="New Release 2.2.0, Mitigations to DDOS attacks and tweaks to the Streaming subsystem"
href="http://i2p-projekt.i2p/en/blog/post/2023/3/13/new_release_2.2.0"
author="idk"
published="2023-03-13T17:00:00Z"
updated="2023-03-13T17:00:00Z">
<details>
<summary>Mitigations to DDOS attacks and tweaks to the Streaming subsystem</summary>
</details>
<p>
We have elected to move forward the 2.2.0 release date, which will be occurring today, March 13, 2023.
This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks.
The attacks are likely to continue, but the improvements to these systems will help to mitigate the risk of DDOS attacks by helping the router identify and de-prioritize routers that appear malicious.
</p>
<p>
This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
This is a backward-compatible change, so older routers will still be able to use the streaming capabilities of newer routers.
This issue was discovered and fixed internally, by the I2P development team, and is not related to the DDOS attacks.
We have never encountered a replayed streaming packet in the wild and do not believe a streaming replay attack has ever taken place against the I2P network at this time.
</p>
<p>
As you may have noticed, these release notes and the release itself have been signed by idk, and not zzz.
zzz has chosen to step away from the project and his responsibilities are being taken on by other team members.
As such, the project is working on replacing the network statistics infrastructure and moving the development forum to i2pforum.i2p.
We thank zzz for providing these services for such a long time.
</p>
<p>
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:1a4d272b-8f28-4bb0-bab7-59953c1013f7"
title="DDoS Update"
href="http://zzz.i2p/topics/3593"
author="zzz"
published="2023-02-14T19:00:00Z"
updated="2023-02-14T19:00:00Z">
<details>
<summary>DDoS Update</summary>
</details>
<p>
We have confirmed that the attacker controls a large number of routers.
Our investigations and mitigations continue.
</p><p>
This is a good time to remind people that even after 20 years, the I2P network is relatively small.
We have no evidence that the attacker is attempting to deanonymize any particular user or hidden service.
However, if you have a high-risk threat model, you should carefully consider whether I2P currently provides the protection you require.
The best solution, in the long run, is to spread the word and grow the I2P network to increase security of our users.
</p><p>
We will provide additional information here in the news feed and on <a href="http://zzz.i2p">zzz.i2p</a> as necessary.
We ask for your patience as we work to improve I2P.
</p>
</article>
<article
id="urn:uuid:6558c015-7767-45f1-b80a-07def923a88d"
title="About the recent Denial of Service attacks"
href="http://i2p-projekt.i2p/en/blog/post/2023/2/9/about_the_recent_denial_of_service_attacks"
author="sadie,idk"
published="2023-02-09T23:00:00Z"
updated="2023-02-09T23:00:00Z">
<details>
<summary>I2P remains intact with impaired performance</summary>
</details>
<p>
The I2P network is currently being affected by a Denial of Service attack.
The floodfill function of the network has been affected, resulting in responses being disrupted and tunnel build success rates dropping.
Participants in the network have experienced difficulties connecting to I2P sites and using I2P services.
Mitigation strategies are being investigated and implemented gradually.
</p>
<p>
While the attack has degraded performance, the network remains intact and usable.
Java I2P routers appear to be handling the issues better than i2pd routers for now.
Various mitigations should begin to appear in dev builds of both Java and C++ routers in the next week.
</p>
</article>
<article
id="urn:uuid:68f9a58c-de7f-493e-8cb7-c0ceeda78007"
title="2.1.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2023/01/09/2.1.0-Release"
author="zzz"
published="2023-01-09T12:00:00Z"
updated="2023-01-09T12:00:00Z">
<details>
<summary>2.1.0 with numerous SSU2 fixes</summary>
</details>
<p>
We have learned several things since our 2.0.0 release in November.
As routers have updated to that release, the network has gone from about 1% to over 60% support for our new SSU2 transport protocol.
First, we have confirmed that SSU2 is a solid, well designed, and secure protocol.
Second, however, we have found and fixed numerous minor or rarely-triggered bugs in the implementation of the protocol.
Cumulatively, the effects of these bugs have reduced the performance of the network.
</p><p>
Also, we are aware of increased tunnel count and reduced tunnel build success rate in the network,
possibly triggered by Bitcoin's new I2P transient address feature,
but made worse by our SSU2 bugs and other congestion control problems.
We are working with Bitcoin and other non-Bitcoin projects to reduce I2P network demands.
We have improved our algorithms to reduce network load during times of congestion.
We are also collaborating with i2pd to develop common congestion control strategies.
</p><p>
Therefore, we have accelerated this release by about six weeks, to get the fixes out to everybody.
i2pd released their version 2.45.0 last week and the early results are encouraging.
New protocols, and distributed networks, are difficult to develop.
Congestion can arrive with little warning and with little clue of the cause.
Thank you for your patience as we have diagnosed and hopefully fixed the problems.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:adf95235-a183-4870-b5fa-99752e3657d2"
title="2.0.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2022/11/21/2.0.0-Release"
author="zzz"
published="2022-11-21T12:00:00Z"
updated="2022-11-21T12:00:00Z">
<details>
<summary>SSU2 Transport Enabled</summary>
</details>
<p>
I2P release 2.0.0 enables our new UDP transport SSU2 for all users, after completion of minor features, testing, and numerous bug fixes.
</p><p>
We also have fixes all over, including for the installer, network database, adding to the private address book, the Windows browser launcher, and IPv6 UPnP.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:65da828c-43de-49a4-98e7-b8bfeed8d341"
title="Recent Blog Posts"
href="http://i2p-projekt.i2p/en/blog/"
author="zzz"
published="2022-10-12T12:00:00Z"
updated="2022-10-12T12:00:00Z">
<details>
<summary>A few recent blog posts</summary>
</details>
<p>
Here's links to several recent blog posts on our website:
</p>
<ul>
<li><a href="http://i2p-projekt.i2p/en/blog/post/2022/10/11/SSU2-Transport">Overview of our new SSU2 transport</a></li>
<li><a href="http://i2p-projekt.i2p/en/blog/post/2022/09/26/i2p-safety-reminder">A warning about I2P coins and other scams</a></li>
<li><a href="http://i2p-projekt.i2p/en/blog/post/2022/09/26/meet-your-maintainer-divaexchange">An interview with Konrad from diva.exchange</a></li>
<li><a href="http://i2p-projekt.i2p/en/blog/post/2022/09/07/Meet_your_Maintainer_StormyCloud">An interview with Dustin from StormyCloud</a></li>
</ul>
</article>
<article
id="urn:uuid:b998384f-08ae-4979-908b-2f57e72b05f5"
title="1.9.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2022/8/22/1.9.0-Release"
author="zzz"
published="2022-08-22T12:00:00Z"
updated="2022-08-22T12:00:00Z">
<details>
<summary>1.9.0 with SSU2 for testing</summary>
</details>
<p>
We have spent the last three months working on our new UDP transport protocol "SSU2"
with a small number of volunteer testers.
This release completes the implementation, including relay and peer testing.
We are enabling it by default for Android and ARM platforms, and a small percentage of other routers at random.
This will allow us to do much more testing in the next three months, finish the connection migration feature,
and fix any remaining issues.
We plan to enable it for everyone in the next release scheduled for November.
No manual configuration is necessary.
</p><p>
Of course, there's the usual collection of bug fixes in this release as well.
We also added an automatic deadlock detector that has already found a rare deadlock that is now fixed.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:4c69e33a-6238-4b50-98ef-6ee00d2d8da7"
title="New Outproxy exit.stormycloud.i2p"
href="http://i2p-projekt.i2p/en/blog/post/2022/8/4/Enable-StormyCloud"
author="zzz"
published="2022-08-05T11:00:00Z"
updated="2022-08-05T11:00:00Z">
<details>
<summary>New Outproxy</summary>
</details>
<p>
I2P "outproxies" (exit nodes) may be used to access the internet through
your HTTP proxy tunnel.
As approved at our <a href="http://i2p-projekt.i2p/en/meetings/314">monthly meeting</a>,
<b>exit.stormycloud.i2p</b> is now our official, recommended outproxy, replacing the long-dead <b>false.i2p</b>.
For more information on the StormyCloud <a href="http://stormycloud.i2p/">organization</a>,
<a href="http://stormycloud.i2p/outproxy.html">outproxy</a>,
and <a href="http://stormycloud.i2p/tos.html">terms of service</a>,
see the <a href="http://stormycloud.i2p/">StormyCloud website</a>.
</p><p>
We suggest you change your <a href="/i2ptunnel/edit?tunnel=0">Hidden Services Manager configuration</a>
to specify <b>exit.stormycloud.i2p</b>
in two places: <b>Outproxies</b> and <b>SSL Outproxies</b>.
After editing, <b>scroll down and click Save</b>.
See our <a href="http://i2p-projekt.i2p/en/blog/post/2022/8/4/Enable-StormyCloud">blog post for a screenshot</a>.
For Android instructions and screenshots see <a href="http://notbob.i2p/cgi-bin/blog.cgi?page=116">notbob's blog</a>.
</p><p>
Router updates will not update your configuration, you must edit it manually.
Thanks to StormyCloud for their support, and please consider a <a href="http://stormycloud.i2p/donate.html">donation</a>.
</p>
</article>
<article
id="urn:uuid:ad7c438d-01c6-435b-b290-855190d73b73"
title="1.8.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2022/05/23/1.8.0-Release"
author="zzz"
published="2022-05-23T12:00:00Z"
updated="2022-05-23T12:00:00Z">
<details>
<summary>1.8.0 with bug fixes</summary>
</details>
<p>
This release includes bug fixes in i2psnark,
the router, I2CP, and UPnP.
Router fixes address bugs in soft restart, IPv6, SSU peer testing,
network database stores, and tunnel building.
Router family handling and Sybil classification have also been
significantly improved.
</p><p>
Together with i2pd, we are developing our new UDP transport, SSU2.
SSU2 will bring substantial performance and security improvements.
It will also allow us to finally replace our last usage of the very slow ElGamal encryption,
completing the full cryptography upgrade we started about 9 years ago.
This release contains a preliminary implementation which is disabled by default.
If you wish to participate in testing, please look for current information
on zzz.i2p.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:0b18adce-f766-45bf-bf12-dc0b32951a71"
title="Install essential Java/Jpackage updates"
href="http://i2p-projekt.i2p/en/blog/post/2022/4/21/Easy-Install-Updates"
author="idk"
published="2022-04-22T11:00:00Z"
updated="2022-04-22T11:00:00Z">
<details>
<summary></summary>
</details>
<p>
The recent Java "Psychic Signatues" vulnerability affects I2P. Current users of
I2P on Linux, or any users of I2P who are using a non-bundled JVM should update
their JVM or switch to a version which does not contain the vulnerability, below
Java 15.
</p>
<p>
New I2P Easy-Install bundles have been generated using the latest release of the
Java Virtual Machine. Further details have been published in the respective
bundle newsfeeds.
</p>
</article>
<article
id="urn:uuid:5136d7e2-5957-4310-a69a-8882d9c88228"
title="1.7.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2022/02/21/1.7.0-Release"
author="zzz"
published="2022-02-21T12:00:00Z"
updated="2022-02-21T12:00:00Z">
<details>
<summary>1.7.0 with reliability and performance improvements</summary>
</details>
<p>
The 1.7.0 release contains several performance and reliability improvements.
</p><p>
There are now popup messages in the system tray, for those platforms that support it.
i2psnark has a new torrent editor.
The NTCP2 transport now uses much less CPU.
</p><p>
The long-deprecated BOB interface is removed for new installs.
It will continue to work in existing installs, except for Debian packages.
Any remaining users of BOB applications should ask the developers to convert to the SAMv3 protocol.
</p><p>
We know that since our 1.6.1 release, network reliability has steadily deteriorated.
We were aware of the problem soon after the release, but it took us almost two months to find the cause.
We eventually identified it as a bug in i2pd 2.40.0,
and the fix will be in their 2.41.0 release coming out about the same time as this release.
Along the way, we've made several changes on the Java I2P side to improve the
robustness of network database lookups and stores, and avoid poorly-performing peers in tunnel peer selection.
This should help the network be more robust even in the presence of buggy or malicious routers.
Additionally, we're starting a joint program to test pre-release i2pd and Java I2P routers
together in an isolated test network, so we can find more problems before the releases, not after.
</p><p>
In other news, we continue to make great progress on the design of our new UDP transport "SSU2" (proposal 159)
and have started implementation.
SSU2 will bring substantial performance and security improvements.
It will also allow us to finally replace our last usage of the very slow ElGamal encryption,
completing a full cryptography upgrade that started about 9 years ago.
We expect to start joint testing with i2pd soon, and roll it out to the network later this year.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:edd3c726-6c3e-4840-9801-5d41627ec1cf"
title="1.6.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2021/11/29/1.6.0-Release"
author="zzz"
published="2021-11-29T12:00:00Z"
updated="2021-11-29T12:00:00Z">
<details>
<summary>1.6.0 enables new tunnel build messages</summary>
</details>
<p>
This release completes the rollout of two major protocol updates developed in 2021.
The transition to X25519 encryption for routers is accelerated, and we expect almost all routers to be rekeyed by the end of the year.
Short tunnel build messages are enabled for a significant bandwidth reduction.
</p><p>
We added a theme selection panel to the new install wizard.
We've improved SSU performance and fixed an issue with SSU peer test messages.
The tunnel build Bloom filter was adjusted to reduce memory usage.
We have enhanced support for non-Java plugins.
</p><p>
In other news, we are making excellent progress on the design of our new UDP transport SSU2 and expect to start implementation early next year.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:87e8a1b1-d683-4e8e-9f5a-b1ac746b3ae9"
title="1.5.0 Released"
href="http://i2p-projekt.i2p/en/blog/post/2021/08/23/1.5.0-Release"
author="zzz"
published="2021-08-23T12:00:00Z"
updated="2021-08-23T12:00:00Z">
<details>
<summary>1.5.0 with new tunnel build messages</summary>
</details>
<p>
Yes, that's right, after 9 years of 0.9.x releases, we are going straight from 0.9.50 to 1.5.0.
This does not signify a major API change, or a claim that development is now complete.
It is simply a recognition of almost 20 years of work to provide anonymity and security for our users.
</p><p>
This release finishes implementation of smaller tunnel build messages to reduce bandwidth.
We continue the transition of the network's routers to X25519 encryption.
Of course there are also numerous bug fixes and performance improvements.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:e7a0f375-817f-4c8f-a961-43a81467f560"
title="MuWire Desktop Vulnerability"
href="http://muwire.i2p/security.html"
author="zlatinb"
published="2021-07-09T15:00:00Z"
updated="2021-07-09T15:00:00Z">
<details>
<summary>Muwire Desktop Vulnerability</summary>
</details>
<p>
A security vulnerability has been discovered in the MuWire standalone desktop application.
It does not affect the console plugin, and is not related to the previously-announced plugin issue.
If you are running the MuWire desktop application you should <a href="http://muwire.i2p/">update to version 0.8.8</a> immediately.
</p><p>
Details of the issue will be published on <a href="http://muwire.i2p/security.html">muwire.i2p</a>
on July 15, 2021.
</p>
</article>
<article
id="urn:uuid:0de64d0d-8357-49cf-8eea-e1d889cd7387"
title="MuWire Plugin Vulnerability"
href="http://muwire.i2p/security.html"
author="zlatinb"
published="2021-07-07T11:00:00Z"
updated="2021-07-07T11:00:00Z">
<details>
<summary>Muwire Plugin Vulnerability</summary>
</details>
<p>
A security vulnerability has been discovered in the MuWire plugin.
It does not affect the standalone desktop client.
If you are running the MuWire plugin you should <a href="/configplugins">update to version 0.8.7-b1</a> immediately.
</p><p>
See <a href="http://muwire.i2p/security.html">muwire.i2p</a>
for more information about the vulnerability and updated security recommendations.
</p>
</article>
<article
id="urn:uuid:9a6591a3-e663-4758-95d1-9fa4e0526d48"
title="0.9.50 Released"
href="http://i2p-projekt.i2p/en/blog/post/2021/05/17/0.9.50-Release"
author="zzz"
published="2021-05-17T12:00:00Z"
updated="2021-05-17T12:00:00Z">
<details>
<summary>0.9.50 with IPv6 fixes</summary>
</details>
<p>
0.9.50 continues the transition to ECIES-X25519 for router encryption keys.
We have enabled DNS over HTTPS for reseeding to protect users from passive DNS snooping.
There are numerous fixes and improvements for IPv6 addresses, including new UPnP support.
</p><p>
We have finally fixed some longstanding SusiMail corruption bugs.
Changes to the bandwidth limiter should improve network tunnel performance.
There are several improvements in our Docker containers.
We have improved our defenses for possible malicious and buggy routers in the network.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:f3629d00-d989-4082-9185-302139c1c9c3"
title="0.9.49 Released"
href="http://i2p-projekt.i2p/en/blog/post/2021/02/17/0.9.49-Release"
author="zzz"
published="2021-02-17T12:00:00Z"
updated="2021-02-17T12:00:00Z">
<details>
<summary>0.9.49 with SSU fixes and faster crypto</summary>
</details>
<p>
0.9.49 continues the work to make I2P faster and more secure.
We have several improvements and fixes for the SSU (UDP) transport that should result in faster speeds.
This release also starts the migration to new, faster ECIES-X25519 encryption for routers.
(Destinations have been using this encryption for a few releases now)
We've been working on the specifications and protocols for new encryption for several years,
and we are getting close to the end of it! The migration will take several releases to complete.
</p><p>
For this release, to minimize disruption, only new installs and a very small percentage of existing installs
(randomly selected at restart) will be using the new encryption.
If your router does "rekey" to use the new encryption, it may have lower traffic or less reliability than usual for several days after you restart.
This is normal, because your router has generated a new identity.
Your performance should recover after a while.
</p><p>
We have "rekeyed" the network twice before, when changing the default signature type,
but this is the first time we've changed the default encryption type.
Hopefully it will all go smoothly, but we're starting slowly to be sure.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:2f702241-c585-4151-a364-76c561621989"
title="0.9.48 Released"
href="http://i2p-projekt.i2p/en/blog/post/2020/11/30/0.9.48-Release"
author="zzz"
published="2020-12-01T12:00:00Z"
updated="2020-12-01T12:00:00Z">
<details>
<summary>0.9.48 with performance enhancements</summary>
</details>
<p>
0.9.48 enables our new end-to-end encryption protocol (proposal 144) for most services.
We have added preliminary support for new tunnel build message encryption (proposal 152).
There are significant performance improvements throughout the router.
</p><p>
Packages for Ubuntu Xenial (16.04 LTS) are no longer supported.
Users on that platform should upgrade so you may continue to receive I2P updates.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:12c0f414-175a-401e-a35c-47307627a050"
title="0.9.47 Released"
href="http://i2p-projekt.i2p/en/blog/post/2020/08/24/0.9.47-Release"
author="zzz"
published="2020-08-24T12:00:00Z"
updated="2020-08-24T12:00:00Z">
<details>
<summary>0.9.47 enables new encryption</summary>
</details>
<p>
0.9.47 enables our new end-to-end encryption protocol (proposal 144) by default for some services.
The Sybil analysis and blocking tool is now enabled by default.
</p><p>
Java 8 or higher is now required.
Debian packages for Wheezy and Stretch, and for Ubuntu Trusty and Precise, are no longer supported.
Users on those platforms should upgrade so you may continue to receive I2P updates.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:c9389925-50cd-47fe-abb2-20708f9d52b9"
title="0.9.46 Released"
href="http://i2p-projekt.i2p/en/blog/post/2020/05/25/0.9.46-Release"
author="zzz"
published="2020-05-25T12:00:00Z"
updated="2020-05-25T12:00:00Z">
<details>
<summary>0.9.46 with bug fixes</summary>
</details>
<p>
0.9.46 contains significant performance improvements in the streaming library.
We have completed development of ECIES encryption (proposal 144) and there is now an option to enable it for testing.
</p><p>
Windows users only:
This release fixes a local privilege escalation vulnerability
which could be exploited by a local user.
Please apply the update as soon as possible.
Thanks to Blaze Infosec for responsible disclosure of the issue.
</p><p>
This is the last release to support Java 7, Debian packages Wheezy and Stretch, and Ubuntu packages Precise and Trusty.
Users on those platforms must upgrade to receive future I2P updates.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:b35dd505-4fd2-451d-91c5-d148bc095869"
title="0.9.45 Released"
href="http://i2p-projekt.i2p/en/blog/post/2020/02/25/0.9.45-Release"
author="zzz"
published="2020-02-25T12:00:00Z"
updated="2020-02-25T12:00:00Z">
<details>
<summary>0.9.45 with bug fixes</summary>
</details>
<p>
0.9.45 contains important fixes for hidden mode and the bandwidth tester.
There's an update to the console dark theme.
We continue work on improving performance and the development of new end-to-end encryption (proposal 144).
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:322cb1a3-e169-4879-a053-b99371ed85d5"
title="0.9.44 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/12/01/0.9.44-Release"
author="zzz"
published="2019-12-01T12:00:00Z"
updated="2019-12-01T12:00:00Z">
<details>
<summary>0.9.44 with bug fixes</summary>
</details>
<p>
0.9.44 contains an important fix for a denial of service issue in hidden services handling of new encryption types.
All users should update as soon as possible.
</p><p>
The release includes initial support for new end-to-end encryption (proposal 144).
Work continues on this project, and it is not yet ready for use.
There are changes to the console home page, and new embedded HTML5 media players in i2psnark.
Additional fixes for firewalled IPv6 networks are included.
Tunnel build fixes should result in faster startup for some users.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:18696206-3dc9-439c-9eab-b2d6bada1e7b"
title="0.9.43 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/10/22/0.9.43-Release"
author="zzz"
published="2019-10-22T12:00:00Z"
updated="2019-10-22T12:00:00Z">
<details>
<summary>0.9.43 with bug fixes</summary>
</details>
<p>
In the 0.9.43 release, we continue work on stronger security and privacy features and performance improvements.
Our implementation of the new leaseset specification (LS2) is now complete.
We are beginning our implementation of stronger and faster end-to-end encryption (proposal 144) for a future release.
Several IPv6 address detection issues have been fixed, and there of course are several other bug fixes.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:b49344e5-2eff-4fb4-a52b-e8e5756e6319"
title="0.9.42 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/08/27/0.9.42-Release"
author="zzz"
published="2019-08-27T12:00:00Z"
updated="2019-08-27T12:00:00Z">
<details>
<summary>0.9.42 with bug fixes</summary>
</details>
<p>
0.9.42 continues the work to make I2P faster and more reliable.
It includes several changes to speed up our UDP transport.
We have split up the configuration files to enable future work for more modular packaging.
We continue work to implement new proposals for faster and more secure encryption.
There are, of course, a lot of bug fixes also.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:f5c9ec1d-7a95-4a17-8be4-c41664125e2f"
title="0.9.41 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/07/02/0.9.41-Release"
author="zzz"
published="2019-07-02T12:00:00Z"
updated="2019-07-02T12:00:00Z">
<details>
<summary>0.9.41 with bug fixes</summary>
</details>
<p>
0.9.41 continues the work to implement new features for proposal 123,
including per-client authentication for encrypted leasesets.
The console has an updated I2P logo and several new icons.
We've updated the Linux installer.
</p><p>
Startup should be faster on platforms such as Raspberry Pi.
We've fixed several bugs, including some serious ones affecting low-level network messages.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:6ed561d0-0f78-49e3-ab95-c6a10167155f"
title="0.9.40 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/05/07/0.9.40-Release"
author="zzz"
published="2019-05-07T12:00:00Z"
updated="2019-05-07T12:00:00Z">
<details>
<summary>0.9.40 with new icons</summary>
</details>
<p>
0.9.40 includes support for the new encrypted leaseset format.
We disabled the old NTCP 1 transport protocol.
There's a new SusiDNS import feature, and a new scripted filtering mechanism for incoming connections.
</p><p>
We've made a lot of improvements to the OSX native installer, and we've updated the IzPack installer as well.
The work continues on refreshing the console with new icons.
As usual, we've fixed lots of bugs also!
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:e34fc8d5-02fc-40cd-af83-a699ca56282e"
title="0.9.39 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/03/21/0.9.39-Release"
author="zzz"
published="2019-03-21T12:00:00Z"
updated="2019-03-21T12:00:00Z">
<details>
<summary>0.9.39 with performance improvements</summary>
</details>
<p>
0.9.39 includes extensive changes for the new network database types (proposal 123).
We've bundled the i2pcontrol plugin as a webapp to support development of RPC applications.
There are numerous performance improvements and bug fixes.
</p><p>
We've removed the midnight and classic themes to reduce the maintenance burden;
previous users of those themes will now see the dark or light theme.
There's also new home page icons, a first step in updating the console.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:6c580177-a55b-400b-bb61-dc8a14d40219"
title="0.9.38 Released"
href="http://i2p-projekt.i2p/en/blog/post/2019/01/22/0.9.38-Release"
author="zzz"
published="2019-01-22T12:00:00Z"
updated="2019-01-22T12:00:00Z">
<details>
<summary>0.9.38 with new setup wizard</summary>
</details>
<p>
0.9.38 includes a new first-install wizard with a bandwidth tester.
We've added support for the latest GeoIP database format.
There's a new Firefox profile installer and a new, native Mac OSX installer on our website.
Work continues on supporting the new "LS2" netdb format.
</p><p>
This release also contains plenty of bug fixes, including several issues with susimail attachments, and a fix for IPv6-only routers.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:dfeb655e-d305-42ba-88d4-0579550e5f8a"
title="35C3 Trip Report"
href="http://i2p-projekt.i2p/en/get-involved/roadmap"
author="sadie"
published="2019-01-21T12:00:00Z"
updated="2019-01-21T12:00:00Z">
<details>
<summary>I2P at 35C3</summary>
</details>
<p>
The I2P team was mostly all in attendance at 35C3 in Leipzig.
Daily meetings were held to review the past year and cover our development and design goals for 2019.
</p><p>
The Project Vision and new Roadmap can be <a href="http://i2p-projekt.i2p/en/get-involved/roadmap">reviewed here</a>.
</p><p>
Work will continue on LS2, the Testnet, and usability improvements to our website and console.
A plan is in place to be in Tails, Debian and Ubuntu Disco. We still need people to work on Android and I2P_Bote fixes.
</p>
</article>
<article
id="urn:uuid:b02623a0-5936-4fb6-aaa8-2a3d81c2f01e"
title="0.9.37 Released"
href="http://i2p-projekt.i2p/en/blog/post/2018/10/04/0.9.37-Release"
author="zzz"
published="2018-10-04T12:00:00Z"
updated="2018-10-04T12:00:00Z">
<details>
<summary>0.9.37 with NTCP2 enabled</summary>
</details>
<p>
0.9.37 enables a faster, more secure transport protocol called NTCP2.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:678f9d11-a129-40ea-b68a-0b3d4c433774"
title="0.9.36 Released"
href="http://i2p-projekt.i2p/en/blog/post/2018/08/23/0.9.36-Release"
author="zzz"
published="2018-08-23T12:00:00Z"
updated="2018-08-23T12:00:00Z">
<details>
<summary>0.9.36 with NTCP2 and bug fixes</summary>
</details>
<p>
0.9.36 contains a new, more secure transport protocol called NTCP2.
It is disabled by default, but you may enable it for testing by adding the <a href="/configadvanced">advanced configuration</a> <tt>i2np.ntcp2.enable=true</tt> and restarting.
NTCP2 will be enabled in the next release.
</p><p>
This release also contains several performance improvements and bug fixes.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:32750025-4fc9-4858-a6bb-4ad9c28657c4"
title="0.9.35 Released"
href="http://i2p-projekt.i2p/en/blog/post/2018/06/26/0.9.35-Release"
author="zzz"
published="2018-06-26T12:00:00Z"
updated="2018-06-26T12:00:00Z">
<details>
<summary>0.9.35 with SusiMail folders and SSL Wizard</summary>
</details>
<p>
0.9.35 adds support for folders in SusiMail, and a new SSL Wizard for setting up HTTPS on your Hidden Service website.
We also have the usual collection of bug fixes, especially in SusiMail.
</p><p>
We're hard at work on several things for 0.9.36, including a new OSX installer and a faster, more secure transport protocol called NTCP2.
</p><p>
I2P will be at HOPE in New York City, July 20-22. Find us and say hello!
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:40eaa552-2afb-4485-ab68-426f3f2aa17a"
title="0.9.34 Released"
href="http://i2p-projekt.i2p/en/blog/post/2018/04/10/0.9.34-Release"
author="zzz"
published="2018-04-10T12:00:00Z"
updated="2018-04-10T12:00:00Z">
<details>
<summary>0.9.34 with bug fixes</summary>
</details>
<p>
0.9.34 contains a lot of bug fixes!
It also has improvements in SusiMail, IPv6 handling, and tunnel peer selection.
We add support for IGD2 schemas in UPnP.
There's also preparation for more improvements you will see in future releases.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:344db535-fa7b-429a-8e7e-417c2772270c"
title="0.9.33 Released"
href="http://i2p-projekt.i2p/en/blog/post/2018/01/30/0.9.33-Release"
author="zzz"
published="2018-01-30T12:00:00Z"
updated="2018-01-30T12:00:00Z">
<details>
<summary>0.9.33 with bug fixes</summary>
</details>
<p>
0.9.33 contains a large number of bug fixes, including i2psnark, i2ptunnel, streaming, and SusiMail.
For those who cannot access the reseed sites directly, we now support several types of proxies for reseeding.
We now set rate limits by default in the hidden services manager.
For those that run high-traffic servers, please review and adjust the limits as necessary.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:dc95b7d9-0c55-472e-8cd9-cf485a495c2c"
title="KAISER, Meltdown and Spectre"
href="https://gruss.cc/files/kaiser.pdf"
author="echelon"
published="2018-01-04T12:00:00Z"
updated="2018-01-04T12:00:00Z">
<details>
<summary>Security issues found in nearly every system</summary>
</details>
<p>
A very serious issue has been found in modern CPUs which are found in nearly all sold computers worldwide, including mobiles. Those security issues are named "Kaiser", "Meltdown", and "Spectre".
</p><p>
The whitepaper for KAISER/KPTI can be found under <a href="https://gruss.cc/files/kaiser.pdf" target="_blank">KAISER.pdf</a>, Meltdown under <a href="https://meltdownattack.com/meltdown.pdf" target="_blank">Meltdown.pdf</a>, and SPECTRE under <a href="https://spectreattack.com/spectre.pdf" target="_blank">Spectre.pdf</a>. Intels first response is listed under <a href="https://newsroom.intel.com/news/intel-responds-to-security-research-findings/" target="_blank">Intels response</a>.
</p><p>
It is important for our I2P users to update your system, as long as updates are available. Windows 10 patches are availble from now on, Windows 7 and 8 will follow soon. MacOS patches are already available, to. Lots of Linux systems have a newer Kernel with a included fix available, too. Same applies to Android, which security fix of 2nd Jan 2018 includes a patch for this issues.
Please update your systems as soon as available and possible.
</p>
</article>
<article
id="urn:uuid:a6fc490b-2877-4cbf-afa8-d6e7d4637440"
title="Happy new year! - 34C3"
href="http://zzz.i2p/topics/2437-meetings-dec-27-30-at-34c3"
author="echelon"
published="2018-01-04T12:00:00Z"
updated="2018-01-04T12:00:00Z">
<details>
<summary>New year and I2P at 34C3</summary>
</details>
<p>Happy new year from the I2P team to everyone!
</p><p>
No less than 7 I2P team members did meet at the 34C3 in Leipzig from 27th til 30th december 2017. Beside the <a href="http://zzz.i2p/topics/2437-meetings-dec-27-30-at-34c3" target="_blank">meetings</a> at our table we did meet lots of friends of I2P all over the place.
Results of the meetings are posted on <a href="http://zzz.i2p" target="_blank">zzz.i2p</a> already.
</p><p>Also we did hand out lots of stickers and gave information about our project to anyone asking.
Our annual I2P dinner was a full success as a thank you to all attendees for ongoing support of I2P.
</p>
</article>
<article
id="urn:uuid:062c316b-2148-4aae-a0d3-81faeb715345"
title="0.9.32 Released"
href="http://i2p-projekt.i2p/en/blog/post/2017/11/07/0.9.32-Release"
author="zzz"
published="2017-11-07T12:00:00Z"
updated="2017-11-07T12:00:00Z">
<details>
<summary>0.9.32 with console updates</summary>
</details>
<p>
0.9.32 contains a number of fixes in the router console and associated webapps (addressbook, i2psnark, and susimail).
We have also changed the way we handle configured hostnames for published router infos, to eliminate some network enumeration attacks via DNS.
We have added some checks in the console to resist rebinding attacks.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:48298a7a-e365-4719-a6ac-cb335cf0a4ce"
title="0.9.31 Released"
href="http://i2p-projekt.i2p/en/blog/post/2017/08/07/0.9.31-Release"
author="zzz"
published="2017-08-07T12:00:00Z"
updated="2017-08-07T12:00:00Z">
<details>
<summary>0.9.31 with console updates</summary>
</details>
<p>
The changes in this release are much more noticeable than usual!
We have refreshed the router console to make it easier to understand,
improved accessibility and cross-browser support,
and generally tidied things up.
This is the first step in a longer-term plan to make the router console more user-friendly.
We have also added torrent ratings and comments support to i2psnark.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:2ce9a846-4d7e-11e7-b788-00163e5e6c1b"
title="Call for Translators"
href="https://www.transifex.com/otf/I2P/announcements/7243/"
author="str4d"
published="2017-06-10T12:00:00Z"
updated="2017-06-10T12:00:00Z">
<details>
<summary>The upcoming 0.9.31 release has more untranslated strings than usual</summary>
</details>
<p>
In preparation for the 0.9.31 release, which brings with it significant updates
to the user interface, we have a larger than normal collection of untranslated
strings that need attention. If you're a translator, we would greatly appreciate
it if you could set aside a little more time than usual during this release cycle
in order to bring the translations up to speed. We have pushed the strings early
to give you three weeks to work on them.
</p><p>
If you're not currently an I2P translator, now would be a great time to get
involved! Please see the
<a href="http://i2p-projekt.i2p/en/get-involved/guides/new-translators" target="_blank">New Translator's Guide</a>
for information on how to get started.
</p>
</article>
<article
id="urn:uuid:3b9b01cf-23ec-4aeb-ab20-2f79e8396c4f"
title="0.9.30 Released"
href="http://i2p-projekt.i2p/en/blog/post/2017/05/03/0.9.30-Release"
author="zzz"
published="2017-05-03T12:00:00Z"
updated="2017-05-03T12:00:00Z">
<details>
<summary>0.9.30 updates to Jetty 9</summary>
</details>
<p>
0.9.30 contains an upgrade to Jetty 9 and Tomcat 8.
The previous versions are no longer supported, and are not available in the upcoming Debian Stretch and Ubuntu Zesty releases.
The router will migrate the jetty.xml configuration file for each Jetty website to the new Jetty 9 setup.
This should work for recent, unmodified configurations but may not work for modified or very old setups.
Verify that your Jetty website works after upgrading, and contact us on IRC if you need assistance.
</p><p>
Several plugins are not compatible with Jetty 9 and must be updated.
The following plugins have been updated to work with 0.9.30, and your router should update them after restart:
i2pbote 0.4.6; zzzot 0.15.0.
The following plugins (with current versions listed) will not work with 0.9.30.
Contact the appropriate plugin developer for the status of new versions:
BwSchedule 0.0.36; i2pcontrol 0.11.
</p><p>
This release also supports migration of old (2014 and earlier) DSA-SHA1 hidden services to the more-secure EdDSA signature type.
See <a href="http://zzz.i2p/topics/2271">zzz.i2p</a> for further information, including a guide and FAQ.
</p><p>
Note: On non-Android ARM platforms such as the Raspberry Pi, the blockfile database will upgrade on restart, which may take several minutes.
Please be patient.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:5f5166f0-a1c3-4ca9-9db0-32a157eb6ca7"
title="0.9.29 Released"
href="http://i2p-projekt.i2p/en/blog/post/2017/02/27/0.9.29-Release"
author="zzz"
published="2017-02-27T12:00:00Z"
updated="2017-02-27T12:00:00Z">
<details>
<summary>0.9.29 contains bug fixes</summary>
</details>
<p>
0.9.29 contains fixes for numerous Trac tickets, including workarounds for corrupt compressed messages.
We now support NTP over IPv6.
We've added preliminary Docker support.
We now have translated man pages.
We now pass same-origin Referer headers through the HTTP proxy.
There are more fixes for Java 9, although we do not yet recommend Java 9 for general use.
</p><p>
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:cb742cac-df38-11e6-aed3-00163e5e6c1b"
title="I2P-Bote Security Vulnerability"
href="http://bote.i2p/news/0.4.5/"
author="str4d"
published="2017-01-20T12:00:00Z"
updated="2017-01-20T12:00:00Z">
<details>
<summary>I2P-Bote Security Vulnerability</summary>
</details>
<p>
I2P-Bote 0.4.5 fixes a security vulnerability present in all earlier versions of the
I2P-Bote plugin. The Android app was not affected.
</p><p>
When showing emails to the user, most fields were being escaped. However, the filenames
of attachments were not escaped, and could be used to execute malicious code in a browser
with JavaScript enabled. These are now escaped, and additionally a Content Security Policy
has been implemented for all pages.
</p><p>
All I2P-Bote users will be upgraded automatically the first time they restart their router
after I2P 0.9.29 is released in mid-February. However, for safety we recommend that you
<a href="http://bote.i2p/install/">follow the instructions on the installation page</a> to
upgrade manually if you plan on using I2P or I2P-Bote in the intervening time.
</p>
</article>
<article
id="urn:uuid:91ad7d6c-a1e1-4e3c-b9bc-0b3b2742153c"
title="0.9.28 Released"
href="http://i2p-projekt.i2p/en/blog/post/2016/12/12/0.9.28-Release"
author="zzz"
published="2016-12-12T12:00:00Z"
updated="2016-12-12T12:00:00Z">
<details>
<summary>0.9.28 contains bug fixes</summary>
</details>
<p>
0.9.28 contains fixes for over 25 Trac tickets, and updates for a number of bundled software packages including Jetty.
There are fixes for the IPv6 peer testing feature introduced last release.
We continue improvements to detect and block peers that are potentially malicious.
There are preliminary fixes for Java 9, although we do not yet recommend Java 9 for general use.
</p><p>
I2P will be at 33C3, please stop by our table and give us your ideas on how to improve the network.
We will review our 2017 roadmap and priorities 2017 at the Congress.
</p><p>
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:00015ff6-b556-11e6-adb4-00163e5e6c1a"
title="I2P-Bote Security Vulnerability"
href="http://bote.i2p/news/0.4.4/"
author="str4d"
published="2016-11-28T12:00:00Z"
updated="2016-11-28T12:00:00Z">
<details>
<summary>I2P-Bote Security Vulnerability</summary>
</details>
<p>
I2P-Bote 0.4.4 fixes a security vulnerability present in all earlier versions of the
I2P-Bote plugin. The Android app was not affected.
</p><p>
A lack of CSRF protection meant that if a user was running I2P-Bote and then loaded a
malicious site in a browser with JavaScript enabled, the adversary could trigger actions
in I2P-Bote on behalf of the user, such as sending messages. This might also have enabled
extraction of private keys for I2P-Bote addresses, however no proof-of-exploit was tested
for this.
</p><p>
All I2P-Bote users will be upgraded automatically the first time they restart their router
after I2P 0.9.28 is released in mid-December. However, for safety we recommend that you
<a href="http://bote.i2p/install/">follow the instructions on the installation page</a> to
upgrade manually if you plan on using I2P or I2P-Bote in the intervening time. You should
also consider generating new I2P-Bote addresses if you regularly browse sites with
JavaScript enabled while running I2P-Bote.
</p>
</article>
<article
id="urn:uuid:c1d01ac3-81e7-4acd-bacd-d9178089e8c3"
title="0.9.27 Released"
href="http://i2p-projekt.i2p/en/blog/post/2016/10/17/0.9.27-Release"
author="zzz"
published="2016-10-17T12:00:00Z"
updated="2016-10-17T12:00:00Z">
<details>
<summary>0.9.27 contains bug fixes</summary>
</details>
<p>
0.9.27 contains a number of bug fixes.
The updated GMP library for crypto acceleration, which was bundled in the 0.9.26 release for new installs and Debian builds only, is now included in the in-network update for 0.9.27.
There are improvements in IPv6 transports, SSU peer testing, and hidden mode.
</p><p>
We updated a number of plugins during <a href="http://i2p-projekt.i2p/en/blog/post/2016/06/01/I2P-Summer-Dev">I2P Summer</a> and your router will automatically update them after restart.
</p><p>
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:7e818120-88f8-401a-88fe-8db4ba20ad4d"
title="I2P Stack Exchange proposal"
href="https://area51.stackexchange.com/proposals/99297/i2p"
author="zzz"
published="2016-06-07T13:00:00Z"
updated="2016-06-07T13:00:00Z">
<details>
<summary>I2P is now a proposed site on Stack Exchange!</summary>
</details>
<p>
I2P is now a proposed site on Stack Exchange!
Please <a href="https://area51.stackexchange.com/proposals/99297/i2p">commit to using it</a> so the beta phase can begin.
</p>
</article>
<article
id="urn:uuid:5b1ccc70-2160-44cd-ad1e-2f0be6beb621"
title="0.9.26 Released"
href="http://i2p-projekt.i2p/en/blog/post/2016/06/07/0.9.26-Release"
author="zzz"
published="2016-06-07T12:00:00Z"
updated="2016-06-07T12:00:00Z">
<details>
<summary>0.9.26 contains crypto updates, Debian packaging improvements, and bug fixes</summary>
</details>
<p>
0.9.26 contains a major upgrade to our native crypto library,
a new addressbook subscription protocol with signatures,
and major improvements to the Debian/Ubuntu packaging.
</p><p>
For crypto, we have upgraded to GMP 6.0.0, and added support for newer processors,
which will speed up crypto operations considerably.
Also, we are now using constant-time GMP functions to prevent side-channel attacks.
For caution, the GMP changes are enabled for new installs and Debian/Ubuntu builds only;
we will include them for in-net updates in the 0.9.27 release.
</p><p>
For Debian/Ubuntu builds, we have added dependencies on several packages,
including Jetty 8 and geoip, and removed the equivalent bundled code.
</p><p>
There's a collection of bug fixes also, including a fix for a timer bug
that caused instability and performance degradations over time.
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:c6f7228d-3330-4422-a651-ef9d8ca3484b"
title="0.9.25 Released"
href="http://i2p-projekt.i2p/en/blog/post/2016/03/22/0.9.25-Release"
author="zzz"
published="2016-03-22T12:00:00Z"
updated="2016-03-22T12:00:00Z">
<details>
<summary>0.9.25 contains SAM 3.3, QR codes, and bug fixes</summary>
</details>
<p>
0.9.25 contains a major new version of SAM, v3.3, to support sophisticated multiprotocol applications.
It adds QR codes for sharing hidden service addresses with others,
and "identicon" images for visually distinguishing addresses.
</p><p>
We've added a new "router family" configuration page in the console,
to make it easier to declare that your group of routers is run by a single person.
There are several changes to increase the capacity of the network and hopefully improve tunnel build success.
</p><p>
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:8390114d-8e50-45fd-8b4d-3e613bdd034e"
title="0.9.24 Released"
href="http://i2p-projekt.i2p/en/blog/post/2016/01/27/0.9.24-Release"
author="zzz"
published="2016-01-27T18:00:00Z"
updated="2016-01-27T18:00:00Z">
<details>
<summary>0.9.24 contains several bug fixes and speedups</summary>
</details>
<p>
0.9.24 contains a new version of SAM (v3.2) and numerous bug fixes and efficiency improvements.
Note that this release is the first to require Java 7.
Please update to Java 7 or 8 as soon as possible.
Your router will not automatically update if you are using Java 6.
</p><p>
To prevent the problems caused by the ancient commons-logging library, we have removed it.
This will cause very old I2P-Bote plugins (0.2.10 and below, signed by HungryHobo) to crash if they have IMAP enabled.
The recommended fix is to replace your old I2P-Bote plugin with the current one signed by str4d.
For more details, see <a href="http://bote.i2p/news/0.4.3">this post</a>.
</p><p>
We had a great <a href="http://i2p-projekt.i2p/en/blog/post/2016/01/23/32C3">32C3 Congress</a> and are making good progress on our 2016 project plans.
Echelon gave a talk on I2P's history and current status, and his slides are <a href="http://whnxvjwjhzsske5yevyokhskllvtisv5ueokw6yvh6t7zqrpra2q.b32.i2p/media/ccc/2015/I2P_Still_alive.pdf">here</a> (pdf).
Str4d attended <a href="http://www.realworldcrypto.com/rwc2016/program">Real World Crypto</a> and gave a talk on our crypto migration,
his slides are <a href="http://whnxvjwjhzsske5yevyokhskllvtisv5ueokw6yvh6t7zqrpra2q.b32.i2p/media/rwc/2016/rwc2016-str4d-slides.pdf">here</a> (pdf).
</p><p>
As usual, we recommend that all users update to this release.
The best way to help the network and stay secure is to run the latest release.
</p>
</article>
<article
id="urn:uuid:91d19b26-0d7c-4e4a-aa7b-c22d4f400668"
title="0.9.23 Released"
href="http://i2p-projekt.i2p/en/blog/post/2015/11/19/0.9.23-Release"
author="str4d"
published="2015-11-19T18:00:00Z"
updated="2015-11-19T18:00:00Z">
<details>
<summary>0.9.23 contains a variety of bug fixes, and some minor improvements in I2PSnark</summary>
</details>
<p>
Hello I2P! This is the first release signed by me (str4d), after 49 releases
signed by zzz. This is an important test of our redundancy for all things,
including people.
</p>
<p><b>Housekeeping</b></p>
<p>
My signing key has been in router updates for over two years (since 0.9.9), so
if you are on a recent version of I2P this update should be just as easy as
every other update. However, if you are running an older version than 0.9.9, you
will first need to manually update to a recent version. Update files for recent
versions can be downloaded
<a href="http://whnxvjwjhzsske5yevyokhskllvtisv5ueokw6yvh6t7zqrpra2q.b32.i2p/releases/">here</a>,
and instructions on how to manually update are provided
<a href="http://i2p-projekt.i2p/en/download#update">here</a>. Once you have manually
updated, your router will then find and download the 0.9.23 update as usual.
</p><p>
If you installed I2P via a package manager, you are not affected by the change,
and can update as usual.
</p>
<p><b>Update details</b></p>
<p>
The migration of RouterInfos to new, stronger Ed25519 signatures is going well,
with at least half of the network already estimated to have rekeyed. This
release accelerates the rekeying process. To reduce network churn, your router
will have a small probability of converting to Ed25519 at each restart. When it
does rekey, expect to see lower bandwidth usage for a couple of days as it
reintegrates into the network with its new identity.
</p><p>
Note that this will be the last release to support Java 6. Please update to
Java 7 or 8 as soon as possible. We are already working to make I2P compatible
with the upcoming Java 9, and some of that work is in this release.
</p><p>
We have also made some minor improvements in I2PSnark, and added a new page in
the routerconsole for viewing older news items.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:fe93e501-255c-4558-af7e-1cd433939b43"
title="0.9.22 Released"
href="http://i2p-projekt.i2p/en/blog/post/2015/09/12/0.9.22-Release"
author="zzz"
published="2015-09-12T18:00:00Z"
updated="2015-09-12T18:00:00Z">
<details>
<summary>0.9.22 with bug fixes and starts Ed25519 migration</summary>
</details>
<p>
0.9.22 contains fixes for i2psnark getting stuck before completion, and begins the migration of router infos to new, stronger Ed25519 signatures.
To reduce network churn, your router will have only a small probability of converting to Ed25519 at each restart.
When it does rekey, expect to see lower bandwidth usage for a couple of days as it reintegrates into the network with its new identity.
If all goes well, we will accelerate the rekeying process in the next release.
</p><p>
I2PCon Toronto was a big success!
All the presentations and videos are listed on the <a href="http://i2p-projekt.i2p/en/about/i2pcon/2015">I2PCon page</a>.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:49713025-cfb8-4ebb-aaaa-7805333efa6a"
title="0.9.21 Released"
href="http://i2p-projekt.i2p/en/blog/post/2015/07/31/0.9.21-Release"
author="zzz"
published="2015-07-31T18:00:00Z"
updated="2015-07-31T18:00:00Z">
<details>
<summary>0.9.21 released with performance improvements and bug fixes.</summary>
</details>
<p>
0.9.21 contains several changes to add capacity to the network, increase the efficiency of the floodfills,
and use bandwidth more effectively.
We have migrated the shared clients tunnels to ECDSA signatures and added a DSA fallback
using the new "multisession" capability for those sites that don't support ECDSA.
</p><p>
The speakers and the schedule of the I2PCon in Toronto 2015 have been announced.
Have a look on the <a href="http://i2p-projekt.i2p/en/blog/post/2015/07/16/I2PCon">I2PCon page</a> for details.
Reserve your seat on <a href="http://www.eventbrite.ca/e/i2p-meetup-tickets-17773984466">Eventbrite I2PCon</a>.
</p><p>
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
</p>
</article>
<article
id="urn:uuid:53ba215d-6cf2-489c-8135-10248e06a141"
title="I2PCon Toronto speakers and schedule announced"
href="http://i2p-projekt.i2p/en/blog/post/2015/07/16/I2PCon"
author="echelon"
published="2015-07-19T18:00:00Z"
updated="2015-07-22T12:00:00Z">
<details>
<summary>I2PCon Toronto 2015 speakers and schedule announced</summary>
</details>
<p>
The speakers and the schedule of the I2PCon in Toronto 2015 have been announced.
Have a look on the <a href="http://i2p-projekt.i2p/en/blog/post/2015/07/16/I2PCon">I2PCon page</a> for details.
Reserve your seat on <a href="http://www.eventbrite.ca/e/i2p-meetup-tickets-17773984466">Eventbrite I2PCon</a>.
</p>
</article>
</div>
Reference in New Issue View Git Blame Copy Permalink