Release Notes: 0.7.10 closes some recently-discovered vulnerabilities related to the way routers communicate with floodfill peers. Network database stores and verifies are moved from exploratory to client tunnels, and are encrypted. Also, to improve anonymity, a router's fast peer set is now limited to a maximum of 30. This release also fixes a bug which caused Windows installations to fail when the install or user path contained a "\r" or a "\n".
Release Notes: This unscheduled release disables the RouterInfo verification messages that were used in the attack published in the UCSB paper, which should make correlating a LeaseSet and a Router much more difficult. It also includes a limited number of other fixes listed below.
Release Notes: Class 'N' routers (those with a minimum of 128 KBytes/sec of shared bandwidth) will automatically become floodfill (previously it was only 'O' routers with 256 KBps). This will increase the floodfill population for additional resistance to certain attacks (see below). Floodfill routers don't consume much additional bandwidth, but they do tend to use additional memory and concurrent connections. This release fixes a major streaming timer bug that contributed to frequent IRC disconnects. This release contains additional mitigations for the "practical attacks" paper.
Release Notes: This release includes bugfixes and an update from Jetty 6.1.26 (2010-11-10) to Jetty 7.6.10 (2013-03-12). The Jetty 7 series is actively maintained, and the plan is to stay current with it in future I2P releases.
Release Notes: This release includes bugfixes and defenses for some issues and vulnerabilities that are being investigated by researchers at UCSB.
Release Notes: 0.9.4 includes a fix for a network capacity bug, introduced in 0.9.2, which was reducing network performance and reliability. It also includes major changes in the in-network update system, and adds the capability to update via in-network torrents. It fixes several bugs in the i2psnark DHT implementation which was introduced in the last release. For those of you using console or HTTP proxy passwords, it converts to the more-secure digest method and improves the security for console forms.