diff --git a/CHANGELOG.md b/CHANGELOG.md index a9840ac..13e23ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 --- +## [1.1.5] - 2026-01-31 + +### 🛡️ Security Fixes +* OpenSSL Patch: Mitigated CVE-2025-15467 (CVSS 9.8 🚨) by upgrading openssl to version 3.5.5-r0 or later via the Alpine base image update. + +### ⚙️ Changed +* Base Image: Updated Alpine from 3.23.2 to 3.23.3 to incorporate latest security patches and library improvements. +* Build Tooling: Updated docker/dockerfile tag to v1.21. + +### 🐛 Fixed +* General Maintenance: Addressed various minor bug fixes and stability improvements. + +--- + ## [1.1.4] - 2025-12-21 ### 🏗️ Build Variants @@ -433,15 +447,16 @@ BREAKING CHANGES: None | Version | Status | Support Level | | --------- | --------------------- | ------------------------------------------- | -| **1.1.4** | 🟢 🛡️ **Active** | Full support (current stable) | -| **1.1.3** | 🟡 🔧 **Maintenance** | Security + critical fixes only | -| **1.1.2** | 🟠 ⚠️ **Legacy** | Security patches only – upgrade recommended | +| **1.1.5** | 🟢 🛡️ **Active** | Full support (current stable) | +| **1.1.4** | 🟡 🔧 **Maintenance** | Security + critical fixes only | +| **1.1.3** | 🟠 ⚠️ **Legacy** | Security patches only – upgrade recommended | | **< 1.1.2** | 🔴 ❌ **EOL** | No support – upgrade immediately | --- ## 🔗 Release Links +[1.1.5]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.5 [1.1.4]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.4 [1.1.3]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.3 [1.1.2]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.2 diff --git a/LICENSE.txt b/LICENSE.txt index 54e5244..73d48b3 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ -MIT License 📜 +MIT License SPDX-License-Identifier: MIT -Copyright (c) 2025 r3bo0tbx1 +Copyright (c) 2026 r3bo0tbx1 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index c3dcb12..b60dcd8 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ **A hardened, production-ready Tor relay with built-in diagnostics and monitoring** -[Quick Start](#quick-start) • [Features](#key-features) • [Documentation](#documentation) • [FAQ](docs/FAQ.md) • [Architecture](docs/ARCHITECTURE.md) • [Tools](#diagnostic-tools) • [Contributing](#contributing) +[Quick Start](#-quick-start) • [Features](#-key-features) • [Documentation](#-documentation) • [FAQ](docs/FAQ.md) • [Architecture](docs/ARCHITECTURE.md) • [Tools](#-diagnostic-tools) • [Contributing](#-contributing) @@ -43,7 +43,7 @@ ### Port Exposure Policy - **9001** ORPort, public -- **9030** DirPort, **Disabled (0)** by default in v1.1.4 +- **9030** DirPort, **Disabled (0)** by default - **9002** obfs4 for bridge mode ### Environment Variables @@ -147,7 +147,7 @@ We offer **two build variants** to match your risk tolerance and requirements: ### Stable Variant (Recommended) -**Base:** Alpine 3.23.2 | **Recommended for:** Production relays +**Base:** Alpine 3.23.3 | **Recommended for:** Production relays - ✅ Battle-tested Alpine stable release - ✅ Weekly automated rebuilds with latest security patches @@ -157,11 +157,11 @@ We offer **two build variants** to match your risk tolerance and requirements: ```bash # Pull from Docker Hub (easiest) docker pull r3bo0tbx1/onion-relay:latest -docker pull r3bo0tbx1/onion-relay:1.1.4 +docker pull r3bo0tbx1/onion-relay:1.1.5 # Pull from GHCR docker pull ghcr.io/r3bo0tbx1/onion-relay:latest -docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.4 +docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.5 ``` ### Edge Variant (Testing Only) @@ -180,7 +180,7 @@ docker pull r3bo0tbx1/onion-relay:edge # Pull from GHCR docker pull ghcr.io/r3bo0tbx1/onion-relay:edge -docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.4-edge +docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.5-edge ``` **When to use edge:** @@ -196,7 +196,7 @@ docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.4-edge | Production ready | ✅ Yes | ❌ No | | Breaking changes | ❌ Rare | ⚠️ Possible | | Security updates | Weekly | Every 3 days | -| Package versions | 3.23.2 | Bleeding edge | +| Package versions | 3.23.3 | Bleeding edge | | Docker Hub | ✅ Yes | ✅ Yes | | GHCR | ✅ Yes | ✅ Yes | @@ -752,15 +752,15 @@ Images are automatically rebuilt on separate schedules to include security patch **Stable Variant** (`:latest`) - **Schedule:** Every Sunday at 18:30 UTC -- **Includes:** Latest Tor + Alpine 3.23.2 updates -- **Strategy:** Overwrites last release version (e.g., `:1.1.4`) with updated packages -- **Tags Updated:** `:latest` and version tags (e.g., `:1.1.4`) +- **Includes:** Latest Tor + Alpine 3.23.3 updates +- **Strategy:** Overwrites last release version (e.g., `:1.1.5`) with updated packages +- **Tags Updated:** `:latest` and version tags (e.g., `:1.1.5`) **Edge Variant** (`:edge`) - **Schedule:** Every 3 days at 12:00 UTC (independent schedule) - **Includes:** Latest Tor + Alpine edge (bleeding-edge) updates -- **Strategy:** Overwrites last release version (e.g., `:1.1.4-edge`) with updated packages -- **Tags Updated:** `:edge` and version tags (e.g., `:1.1.4-edge`) +- **Strategy:** Overwrites last release version (e.g., `:1.1.5-edge`) with updated packages +- **Tags Updated:** `:edge` and version tags (e.g., `:1.1.5-edge`) - **Frequency:** ~2-3x more frequent updates than stable All images auto-published to Docker Hub and GitHub Container Registry @@ -795,7 +795,7 @@ All images auto-published to Docker Hub and GitHub Container Registry ![GitHub Repo stars](https://img.shields.io/github/stars/r3bo0tbx1/tor-guard-relay?style=for-the-badge) ![GitHub Issues](https://img.shields.io/github/issues/r3bo0tbx1/tor-guard-relay?style=for-the-badge) -**Current Version:** v1.1.4 • **Status:** Production Ready +**Current Version:** v1.1.5 • **Status:** Production Ready **Image Size:** 16.8 MB • **Retention:** Last 7 Releases **Registries:** Docker Hub • GHCR diff --git a/SECURITY.md b/SECURITY.md index f432d8e..0d16b2c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,9 +14,9 @@ We actively support the following versions with security updates: | Version | Status | Support Level | | --------- | --------------------- | ------------------------------------------- | -| **1.1.4** | 🟢 🛡️ **Active** | Full support (current stable) | -| **1.1.3** | 🟡 🔧 **Maintenance** | Security + critical fixes only | -| **1.1.2** | 🟠 ⚠️ **Legacy** | Security patches only – upgrade recommended | +| **1.1.5** | 🟢 🛡️ **Active** | Full support (current stable) | +| **1.1.4** | 🟡 🔧 **Maintenance** | Security + critical fixes only | +| **1.1.3** | 🟠 ⚠️ **Legacy** | Security patches only – upgrade recommended | | **< 1.1.1** | 🔴 ❌ **EOL** | No support – upgrade immediately | --- @@ -659,4 +659,4 @@ Security researchers who responsibly disclose vulnerabilities will be listed her --- -*Last Updated: 2025-12-21 | Version: 1.1.4* +*Last Updated: 2026-01-31 | Version: 1.1.5* diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3429a3a..504f3b8 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -50,7 +50,7 @@ cleanup_and_exit() { startup_banner() { log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - log "🧅 Tor Guard Relay v1.1.4 - Initialization" + log "🧅 Tor Guard Relay v1.1.5 - Initialization" log "https://github.com/r3bo0tbx1/tor-guard-relay" log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" log ""