# ๐Ÿ“œ Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). --- ## [Unreleased] ### ๐ŸŽฏ Planned Features * ๐Ÿ“Š Additional monitoring integrations (Datadog, New Relic) * ๐Ÿ”„ Automatic relay configuration updates * ๐Ÿงช Enhanced integration testing suite --- ## [1.1.7] - 2026-03-02 ### ๐ŸŽ‰ Happy Family Support (Tor 0.4.9+) This release introduces full support for Tor's new **Happy Family** system (`FamilyId`), which replaces the legacy `MyFamily` fingerprint-exchange workflow. Relay operators can now link all their relays into a family using a single cryptographic key instead of manually listing every fingerprint on every relay. ### โœจ Features - **New Tool: `gen-family`**: Generate or view Tor Happy Family keys inside the container. Supports `gen-family ` (generate), `gen-family --show` (view existing), `gen-family --force` (overwrite without backup), and `gen-family --help`. - **`FamilyId` ENV Support**: New `TOR_FAMILY_ID` environment variable to set the `FamilyId` directive in generated torrc (guard/middle/exit modes). - **`MyFamily` ENV Support**: New `TOR_MY_FAMILY` environment variable (comma-separated fingerprints) for backward compatibility with the legacy `MyFamily` directive. - **Family Key Detection**: Phase 2 of the entrypoint now scans `/var/lib/tor/keys/*.secret_family_key` and logs detected keys at startup. - **Import Workflow**: Operators can import existing family keys from bare-metal Tor installations via `docker cp` + ownership fix (`chown 100:101`). ### โš™๏ธ Changed - **Entrypoint** (`docker-entrypoint.sh`): Phase 2 now detects family keys; config generation for guard/middle and exit modes appends `FamilyId` and `MyFamily` lines when the corresponding ENV vars are set. - **Dockerfiles** (`Dockerfile`, `Dockerfile.edge`): Added `COPY` and `chmod +x` for the new `gen-family` tool. - **`status` Tool** (`tools/status`): Now displays family key count and Happy Family configuration status after the fingerprint section. - **Tool Count**: Increased from 5 to **6** diagnostic tools (status, health, fingerprint, bridge-line, gen-auth, **gen-family**). ### ๐Ÿ“š Documentation - **README.md**: Added comprehensive "Happy Family (Tor 0.4.9+)" section with Option A (generate new key) and Option B (import existing key), persistence safety table, updated tools table (6 tools), updated features list, added gen-family to flowchart diagram, and added troubleshooting entries. - **docs/ARCHITECTURE.md**: Updated all mermaid diagrams - container lifecycle, Phase 2, config generation (guard + exit), diagnostic tools subgraph, directory structure. Updated tool characteristics table, references table, and bumped doc version to 1.1.0. - **docs/TOOLS.md**: Added full `gen-family` documentation section with usage, output examples, exit codes, and "Set Up Happy Family" workflow. Updated count from 5 โ†’ 6 tools and FAQ. - **docs/DEPLOYMENT.md**: Updated diagnostic tool count references (5 โ†’ 6) across 3 locations. - **docs/MIGRATION.md**: Added `gen-family --show` to post-migration diagnostic checklist. - **docs/MIGRATION-V1.1.X.md**: Added `gen-family` to diagnostic tool verification checklist. - **Example Configs**: Added commented `FamilyId` and `MyFamily` placeholders to `relay-guard.conf`, `relay-exit.conf`, and `relay-bridge.conf`. - **Docker Compose Templates**: Added `TOR_FAMILY_ID` and `TOR_MY_FAMILY` env vars to guard, exit, and multi-relay templates with setup instructions (Option A/B). - **Directory Authority Voting**: Added explanation of how Tor's 9 directory authorities vote on relay flags (Guard, Stable, Fast, HSDir) and that at least 5 of 9 must agree in consensus, across README, FAQ, DEPLOYMENT, and MULTI-MODE docs. - **CIISS v2 ContactInfo**: Added documentation for the [ContactInfo Information Sharing Specification v2](https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/) with field reference table, generator link, and `proof:uri-rsa` verification explanation. Updated all `TOR_CONTACT_INFO` examples to use CIISS v2 format. ### ๐Ÿ” CI/CD - **validate.yml**: Added `gen-family` to shell lint, ShellCheck, tool extension verification (threshold 5 โ†’ 6), integration tool checks, help-flags test, file-permissions test, and tool-executability test. Updated build summary. - **scripts/utilities/security-validation-tests.sh**: Added `gen-family` to tool security checks and syntax validation loops. - **scripts/utilities/quick-test.sh**: Added Test 4.5 for `gen-family --help` executability. Updated summary line. ### ๐Ÿ›ก๏ธ Security - **SECURITY.md**: Updated supported versions table (1.1.7 active, 1.1.6 maintenance). Added `gen-family` to diagnostic tools list. > **BREAKING CHANGES:** None. The `TOR_FAMILY_ID` and `TOR_MY_FAMILY` environment variables are entirely optional. Existing deployments continue to work without changes. --- ## [1.1.6] - 2026-02-08 ### ๐Ÿ› Fixed * **Bind Mount Ownership:** Added startup detection for bind-mounted data/keys directories with incorrect ownership. The entrypoint now warns users with actionable `chown` commands when volumes are not writable by the `tor` user (UID 100, GID 101). * **DEBUG Flag:** Made the `DEBUG` environment variable case-insensitive - now accepts `true`, `TRUE`, `1`, `yes`, `YES`. * **Documentation Typo:** Fixed incorrect `chown 1000:1000` โ†’ `chown 100:101` in bridge migration troubleshooting guide. ### ๐Ÿ›ก๏ธ Security * **Version Deprecation:** Deprecated and removed all versions prior to v1.1.5 from registries due to CVE-2025-15467 (OpenSSL, CVSS 9.8). Added deprecation notice to README and SECURITY.md. ### ๐Ÿ“š Documentation * Added bind mount ownership troubleshooting section to README. * Updated all version references across 20+ files to v1.1.6. * Rewrote PR template as a clean reusable form. * Updated CHANGELOG and SECURITY lifecycle tables. ### โš™๏ธ Changed * Updated all Cosmos Cloud and Docker Compose template versions to 1.1.6. --- ## [1.1.5] - 2026-01-31 ### ๐Ÿ›ก๏ธ Security Fixes * OpenSSL Patch: Mitigated CVE-2025-15467 (CVSS 9.8 ๐Ÿšจ) by upgrading openssl to version 3.5.5-r0 or later via the Alpine base image update. ### โš™๏ธ Changed * Base Image: Updated Alpine from 3.23.2 to 3.23.3 to incorporate latest security patches and library improvements. * Build Tooling: Updated docker/dockerfile tag to v1.21. ### ๐Ÿ› Fixed * General Maintenance: Addressed various minor bug fixes and stability improvements. --- ## [1.1.4] - 2025-12-21 ### ๐Ÿ—๏ธ Build Variants | Variant | Base Image | Tags | Registries | Notes | | :--- | :--- | :--- | :--- | :--- | | **๐ŸŸข Stable** | Alpine 3.23.2 | `:latest`, `:1.1.4` | Docker Hub, GHCR | **Recommended** for production. | | **โš ๏ธ Edge** | Alpine Edge | `:edge`, `:1.1.4-edge` | GHCR Only | Testing only; not for production. | ### โš™๏ธ Changed (Refactor) * **Tor Configuration:** Modernized relay templates and hardened security defaults. * **Networking:** Disabled `DirPort` (set to `0`) across all relay types and compose templates. * **Metadata:** Updated `ContactInfo` to follow the `ciissversion:2` format. * **Policy Refinement:** Enhanced exit policies and security for Exit, Guard, and Bridge roles. * **Synchronization:** Unified configurations across `cosmos-compose` and `docker-compose`. ### โž• Added * **Monitoring:** Integrated `nyx.config` for enhanced relay visualization. * **Performance:** Added support for **IPv6** and hardware acceleration. ### ๐Ÿ—‘๏ธ Removed * **Maintenance:** Updated retention policy to keep the last **7 releases** (14 tags) and purge legacy build artifacts. > **BREAKING CHANGES:** None. --- ## [1.1.3] - 2025-12-05 ### โšก Optimization & Tooling Update Focused on refining deployment templates, enhancing security defaults in Compose configurations, and updating core dependencies to the latest stable releases. ### โœจ Features - **New Tool**: Introduced `gen-auth` utility to easily generate hashed passwords for Tor Control Port authentication. - **Healthchecks**: Added native Docker healthcheck definitions to all Compose templates for improved orchestration reliability. - **Dependencies**: Updated base images to **Alpine 3.23.0** and **Golang 1.25.5** for latest security patches and performance. ### ๐Ÿณ Docker Compose Refactoring - **Standardization**: Unified security options and capabilities (dropping unnecessary privileges) across all templates. - **Cleanup**: Removed excessive comments and legacy instructions from Compose files for a cleaner, production-ready format. - **Volumes**: Enhanced volume management configurations to ensure robust data persistence across container recreations. - **Consistency**: Standardized environment variable definitions across Guard, Exit, and Bridge templates. --- ## [1.1.2] - 2025-11-18 Add Alpine edge variant with dual-track build strategy ๐Ÿ—๏ธโœ… - ๐ŸŸข/โš ๏ธ ### โœจ Features - Add Dockerfile.edge for bleeding-edge Alpine builds - Implement dual-track CI/CD strategy (stable + edge variants) - Configure GHCR-only deployment for edge variant (prevents production use) - Add separate SBOM generation for both variants - Skip Docker Hub login for edge builds to optimize workflow ### ๐Ÿ“š Documentation - Enhance comprehensive testing scripts documentation - Document quick-test.sh for ENV compatibility validation - Add test-build-v1.1.2.sh for local registry testing - Document security-validation-tests.sh usage - Add project screenshots (bootstrapping, bridge-line, relay-status, Cosmos dashboard) - Add project logo (src/logo.png) - Update FAQ.md with edge variant information - Refine PR template with security considerations - Update workflows documentation for dual-track strategy ### ๐Ÿ” CI/CD Improvements - Extend release.yml with matrix strategy for stable/edge builds - Add variant-specific tagging (:edge, :1.1.2-edge) - Remove dependabot.yml (manual dependency management preferred) - Enhance validate.yml with Trivy SARIF upload ### ๐Ÿ—๏ธ Build Variants ๐ŸŸข Stable (Production): - Base: Alpine 3.22.2 - Tags: :latest, :stable, :1.1.2 - Registries: Docker Hub + GHCR - Recommended for production relays โš ๏ธ Edge (Testing): - Base: Alpine edge (bleeding edge) - Tags: :edge, :1.1.2-edge - Registries: GHCR only - Latest Tor/obfs4 packages, NOT recommended for production BREAKING CHANGES: None --- ## [1.1.1] - 2025-11-14 ### ๐Ÿš€ Major Release: Ultra-Optimized Build + Security Hardening + Configuration Enhancement **This is a major architectural release** migrating from a dual-build structure (45MB) to a single ultra-optimized 16.8 MB build with busybox-only dependencies, comprehensive security hardening, simplified multi-mode operation, and enhanced configuration documentation. ### โœจ Core Features * ๐Ÿง… **Multi-mode relay support** - Single container for guard/exit/bridge via `TOR_RELAY_MODE` environment variable * ๐ŸŒ‰ **Bridge relay with obfs4** - Integrated lyrebird for pluggable transport (drop-in replacement for `thetorproject/obfs4-bridge`) * ๐Ÿ”ง **ENV-based configuration** - Full relay setup via environment variables (TOR_*, official bridge naming compatible) * ๐Ÿ“Š **Smart diagnostics** - 4 busybox-only tools: `status`, `health`, `fingerprint`, `bridge-line` * ๐Ÿ“‰ **Image size** - Reduced from ~45MB to ~17.1 MB (busybox-only, no bash/python/jq) * ๐Ÿฉบ **Smart healthcheck** - New `healthcheck.sh` works with both mounted configs and ENV variables * ๐Ÿ”„ **Weekly rebuilds** - Automated Sunday 18:30 UTC rebuilds with latest Alpine/Tor patches (same version tag, fresh packages) ### ๐Ÿ“– Configuration & Documentation Enhancements (Latest) * ๐Ÿ”ง **OBFS4V_* Variable Parsing (CRITICAL FIX)** - Fixed busybox regex incompatibility causing rejection of values with spaces - Issue: `OBFS4V_MaxMemInQueues="1024 MB"` was rejected with "dangerous characters" error - Solution: Rewrote validation (docker-entrypoint.sh:309-321) with busybox-compatible commands (`wc -l`, `tr -d`) - Impact: Bridge operators can now use advanced memory/CPU settings without errors * ๐ŸŒ‰ **PT_PORT Support & Official Bridge Naming** - Added `PT_PORT` environment variable for drop-in compatibility with `thetorproject/obfs4-bridge` - PT_PORT automatically detects and enables bridge mode (no `TOR_RELAY_MODE` needed) - Full compatibility with official bridge ENV naming: `OR_PORT`, `PT_PORT`, `EMAIL`, `NICKNAME` - Bridge templates now reference both TOR_* and official naming conventions * ๐Ÿ“Š **Bandwidth Configuration Clarification** - Documented `TOR_BANDWIDTH_RATE/BURST` โ†’ `RelayBandwidthRate/Burst` translation - Added Option 1 vs Option 2 explanations in all example configs: - `RelayBandwidthRate/Burst` (relay-specific traffic only, recommended) - `BandwidthRate/Burst` (all Tor traffic including directory requests) - Updated all templates with inline bandwidth option comments * ๐Ÿ“š **Template & Example Updates** - **examples/relay-bridge.conf**: Added Method 2 with PT_PORT (official naming) - **examples/relay-exit.conf**: Added BandwidthRate/Burst as Option 2 with explanations - **examples/relay-guard.conf**: Added BandwidthRate/Burst as Option 2 for consistency - **cosmos-compose-bridge.json**: Added note about OR_PORT/PT_PORT alternative - **cosmos-compose-guard.json**: Documented bandwidth options (RelayBandwidth vs Bandwidth) - **cosmos-compose-exit.json**: Documented bandwidth options with recommendations - **docker-compose-bridge.yml**: Added official naming alternative info - **docker-compose-guard-env.yml**: Added bandwidth comment explaining options - **docker-compose-exit.yml**: Added bandwidth comment explaining options * ๐Ÿ“ **Documentation Updates** - **CLAUDE.md**: Enhanced "Key Differences" section with bandwidth options - **templates/README.md**: Cross-references to bandwidth configuration methods - All templates now include comprehensive mounted config vs ENV comparison ### ๐Ÿ”’ Security Fixes * ๐Ÿ” **Fixed 32 vulnerabilities** across 4 severity levels: - **6 CRITICAL**: Command injection (OBFS4V_*), health check failures, privilege escalation, validation gaps, workflow permissions, temp file races - **8 HIGH**: JSON injection, bash-specific features, permission handling - **10 MEDIUM**: Various validation and error handling improvements - **8 LOW**: Code quality and best practices * ๐Ÿ›ก๏ธ **Minimal attack surface** - No exposed monitoring ports, all diagnostics via `docker exec` only * ๐Ÿ”‘ **Input validation** - Comprehensive ENV variable validation with whitespace trimming and OBFS4V_* whitelist * ๐Ÿ“‹ **Security audit** - Complete vulnerability analysis documented in `SECURITY-AUDIT-REPORT.md` ### ๐Ÿ“š Templates & Documentation * **Templates (13 files updated)**: - All Docker Compose templates now use smart `healthcheck.sh` script - Cosmos templates use `:latest` tag instead of hardcoded versions - Fixed image names (tor-guard-relay โ†’ onion-relay) and broken migration doc references - Added official bridge templates with `thetorproject/obfs4-bridge` ENV compatibility * **Documentation consolidation**: - Removed outdated monitoring infrastructure references (metrics ports, HTTP endpoints, old ENV vars) - Clarified `jq` usage (must be on HOST machine, not in container) - Documented weekly build strategy (overwrites version tags with fresh packages) - Consolidated 7 migration docs into 2 canonical guides - Complete rewrite of TOOLS.md and MONITORING.md for v1.1.1 architecture ### โš™๏ธ Configuration & Compatibility * ๐Ÿ”„ **Tor bootstrap logs** - Real-time progress (0-100%) now visible in `docker logs` for all relay types * ๐ŸŽจ **Enhanced emoji logging** - Clear visual feedback throughout (๐Ÿ”–, ๐Ÿ’š, ๐Ÿ›‘, ๐Ÿ—‚๏ธ, ๐Ÿ”, ๐Ÿ”ง, ๐Ÿ”Ž, ๐Ÿ“Š, ๐Ÿงฉ) * ๐Ÿ”„ **Official bridge ENV compatibility** - 100% compatible with `OR_PORT`, `PT_PORT`, `EMAIL`, `NICKNAME`, `OBFS4V_*` variables * ๐Ÿงน **Simplified bridge config** - Removed redundant `ExitPolicy reject *:*` (BridgeRelay 1 is sufficient) * ๐Ÿ“ฆ **Build metadata** - `/build-info.txt` with version, build date, and architecture ### ๐Ÿ”ง Dependency Management * **Renovate** - Removed pinned package version tracking (only tracks Alpine base image), added OSV vulnerability scanning * **Dependabot** - Added security labels, major version blocks, clarified unpinned package strategy * **Hadolint** - Added trusted registries whitelist, comprehensive security check documentation ### ๐Ÿ—‘๏ธ Removed (Simplification) * โŒ **Monitoring ENV vars** - ENABLE_METRICS, ENABLE_HEALTH_CHECK, ENABLE_NET_CHECK, METRICS_PORT (use external monitoring) * โŒ **Deprecated tools** - metrics, dashboard, net-check, view-logs, setup, metrics-http (consolidated to 4 core tools) * โŒ **Built-in monitoring stack** - Prometheus/Grafana/Alertmanager (use external solutions) * โŒ **Dual-build structure** - Single optimized build only ### ๐Ÿ› Bug Fixes * **CRITICAL**: Fixed TOR_CONTACT_INFO validation crash loops (whitespace handling, line count check) * **CRITICAL**: Fixed missing Tor bootstrap logs in container output (added `Log notice stdout`) * Fixed healthcheck failures on ENV-based deployments * Fixed version references across all scripts and documentation * Corrected image size documentation (~35MB โ†’ ~16.8 MB) ### ๐Ÿ”„ Migration Path **Breaking Changes:** - ENV vars `ENABLE_METRICS`, `ENABLE_HEALTH_CHECK`, `ENABLE_NET_CHECK`, `METRICS_PORT` no longer supported - Tools `metrics`, `dashboard`, `net-check`, `view-logs`, `setup`, `metrics-http` removed **Upgrade Steps:** 1. Remove old monitoring ENV vars from your deployment configs 2. Update to use `TOR_RELAY_MODE` environment variable (guard/exit/bridge) 3. Use external monitoring with `docker exec health` for JSON health data 4. **Guard/Middle relays**: Seamless upgrade with mounted configs 5. **Bridges from official image**: Requires UID ownership fix (`chown -R 100:101`) **See**: `docs/MIGRATION-V1.1.X.md` for complete step-by-step migration instructions. --- ## [1.1.0] - 2025-11-08 ### โœจ Added * ๐Ÿงฉ Input sanitization helpers to ensure safe numeric evaluation in all status checks * ๐Ÿงฑ Integrated integer guard function (`is_integer`) to prevent bad-number shell errors * ๐Ÿ•’ Unified UTC timestamp formatting for consistent output across commands ### ๐Ÿงฐ Improvements * ๐Ÿ“œ `view-logs`: Compact single-line statistics (`๐Ÿ“Š Stats: total | errors | warnings`) for cleaner display * ๐Ÿ“Š The dashboard script now requires API token authentication for secure access and features a new notification UI for better visibility. * ๐Ÿ”‘ The fingerprint script has been overhauled for cleaner output, better input validation, and a more helpful guide. * ๐Ÿงฐ General shell cleanup and quoting improvements for portability across BusyBox, Alpine, and Debian-based images ### ๐Ÿ› Fixed * ๐Ÿงน Removed recurring `sh: 0: bad number` warnings in `status` output * ๐Ÿงฉ Fixed multi-line log stats formatting issue in `view-logs` * ๐Ÿ”ง Corrected potential false negatives in `BOOTSTRAP_PERCENT` extraction * ๐Ÿง  Resolved misinterpretation of empty variables during numeric comparisons * ๐Ÿฅฌ Configuration, health checks, and monitoring have been refined for better reliability and integration. ### ๐Ÿ”’ Security * ๐Ÿงฉ Verified `set -e` safety to prevent unintended script exits on minor grep/curl failures * ๐Ÿณ Docker Compose now includes enhanced security configurations and persistent volume support to prevent data loss. * ๐Ÿ“‹ Cosmos templates have been updated with more secure and sensible default environment variables. --- ## [1.0.9] - 2025-11-07 ๐Ÿง  **Maintenance and polish release** improving shell reliability, output consistency, and readability across status and log utilities. ๐ŸŽจ Streamlined log viewer formatting, sanitized numeric parsing, and removed noisy shell error messages for cleaner execution. ### โœจ Added * ๐Ÿงฉ Input sanitization helpers to ensure safe numeric evaluation in all status checks * ๐Ÿงฑ Integrated integer guard function (`is_integer`) to prevent bad-number shell errors * ๐Ÿ•’ Unified UTC timestamp formatting for consistent output across commands ### ๐Ÿงฐ Improvements * ๐Ÿ“œ `view-logs`: Compact single-line statistics (`๐Ÿ“Š Stats: total | errors | warnings`) for cleaner display * ๐Ÿง… `status`: Sanitized bootstrap parsing and error-free numeric comparison * โš™๏ธ Hardened `set -e` handling with fallback defaults for missing values * ๐Ÿงฉ Refined whitespace and CRLF handling in log parsing for improved compatibility * ๐Ÿงฐ General shell cleanup and quoting improvements for portability across BusyBox, Alpine, and Debian-based images ### ๐Ÿ› Fixed * ๐Ÿงน Removed recurring `sh: 0: bad number` warnings in `status` output * ๐Ÿงฉ Fixed multi-line log stats formatting issue in `view-logs` * ๐Ÿ”ง Corrected potential false negatives in `BOOTSTRAP_PERCENT` extraction * ๐Ÿง  Resolved misinterpretation of empty variables during numeric comparisons ### ๐Ÿ”’ Security * ๐Ÿงฉ Verified `set -e` safety to prevent unintended script exits on minor grep/curl failures * ๐Ÿ›ก๏ธ Strengthened input filtering to prevent malformed log content injection into shell context --- ### ๐Ÿง  Developer Notes * โœ… Both `status` and `view-logs` scripts tested under Alpine BusyBox and Debian Dash shells * ๐Ÿงฉ Scripts now fully pass shellcheck (`shfmt` + POSIX mode) validation * ๐Ÿ’ก Compatible with Docker health checks and CI/CD validation hooks --- **๐Ÿงฑ Summary:** > *Tor Guard Relay v1.0.9 delivers a clean, error-free shell experience, better numeric safety, and a polished command-line output for monitoring and log viewing.* --- ## [1.0.8] - 2025-11-07 ๐Ÿง  **Polish and refinement release** focused on versioning automation, tag safety, and improved metadata accuracy. โš™๏ธ Streamlined validation logic, consistent changelog generation, and safer build workflows. ### โœจ Added * ๐Ÿงฉ Auto-generated `Unreleased` compare link in workflows for dynamic changelog updates * โš™๏ธ Added commit and tag automation helpers for PowerShell (version bump, tagging, release) * ๐Ÿ“ฆ Improved changelog consistency between main branch and GitHub Releases * ๐Ÿ•’ Timezone logic refined for full `Asia/Tokyo` synchronization across workflows ### ๐Ÿงฐ Improvements * ๐Ÿงฑ Improved workflow dependency order to prevent tag-push race conditions * ๐Ÿ”„ Cleaned up redundant trigger filters and unified workflow paths * ๐Ÿงฉ Optimized `dependabot.yml` and `renovate.json` to coordinate update frequency * โšก Enhanced readability and validation of Docker builds via better cache strategy * ๐Ÿ“œ Simplified changelog entry structure for maintainability ### ๐Ÿ› Fixed * ๐Ÿงฉ Fixed missing newline warning in `.github/dependabot.yml` * ๐Ÿ”ง Resolved edge cases where both validation and release workflows triggered simultaneously * ๐Ÿงน Cleaned outdated references to removed workflows in comments and docs * ๐Ÿงฑ Corrected version links and metadata for previous releases ### ๐Ÿ”’ Security * ๐Ÿ›ก๏ธ Verified hardened build permissions for `trivy-action` uploads * ๐Ÿงฉ Ensured consistent use of `security-events: write` for all scan jobs * ๐Ÿ” Confirmed package pin integrity in Renovate configuration --- ### ๐Ÿง  Developer Notes * โœ… Push main first, tag only after successful validation * ๐Ÿงฉ Tag creation now automatically updates release notes * ๐Ÿช„ PowerShell automation script simplifies version bumping and tagging * ๐Ÿ•’ All recurring jobs (Dependabot, Renovate, Weekly Build) aligned to `Asia/Tokyo` --- **๐Ÿงฑ Summary:** > *Tor Guard Relay v1.0.8 improves workflow safety, version traceability, and automation clarity while tightening CI/CD control and metadata consistency.* --- ## [1.0.7] - 2025-11-07 ๐Ÿง  Stability and automation refinement release focused on smarter dependency management and workflow consistency. โš™๏ธ Enhanced multi-architecture build validation and coordinated dependency automation. *(See prior section for full 1.0.7 details.)* --- ## [1.0.6] - 2025-11-06 ๐Ÿง  Stability improvements, enhanced IPv6 diagnostics, and dashboard optimizations. ๐Ÿณ Migrated base image **back to Alpine 3.22.2** for improved compatibility and reproducible builds. --- ## [1.0.5] - 2025-11-06 ๐Ÿณ Downgrade base image from Alpine 3.22.2 to 3.21.5 --- ## [1.0.4] - 2025-11-06 *(Unchanged from prior release, retained for version history)* --- ## [1.0.3] - 2025-11-06 *(Unchanged from prior release, retained for version history)* --- ## [1.0.2] - 2025-11-05 *(Unchanged from prior release, retained for version history)* --- ## [1.0.1] - 2025-11-05 *(Unchanged from prior release, retained for version history)* --- ## [1.0.0] - 2025-11-01 *(Unchanged from prior release, retained for version history)* --- ## ๐Ÿ“Š Release Information * **๐ŸŽ‰ First Release:** v1.0.0 (November 1, 2025) * **๐Ÿ“ฆ Current Stable:** v1.1.7 (March 2, 2026) * **๐Ÿ”— Latest Release:** [GitHub Releases](https://github.com/r3bo0tbx1/tor-guard-relay/releases/latest) * **๐Ÿณ Docker Images:** * [GHCR Package](https://github.com/r3bo0tbx1/tor-guard-relay/pkgs/container/onion-relay) * [Docker Hub](https://hub.docker.com/r/r3bo0tbx1/onion-relay) --- ## ๐Ÿ”– Version Support | Version | Status | Support Level | | --------- | --------------------- | ------------------------------------------- | | **1.1.7** | ๐ŸŸข ๐Ÿ›ก๏ธ **Active** | Full support (current stable) | | **1.1.6** | ๐ŸŸก ๐Ÿ”ง **Maintenance** | Security + critical fixes only | | **< 1.1.5** | ๐Ÿ”ด โŒ **Deprecated** | Removed - contains CVE-2025-15467 (OpenSSL CVSS 9.8). Upgrade immediately. | --- ## ๐Ÿ”— Release Links [1.1.7]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.7 [1.1.6]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.6 [1.1.5]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.5 [1.1.4]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.4 [1.1.3]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.3 [1.1.2]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.2 [1.1.1]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.1 [1.1.0]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.0 [1.0.9]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.9 [1.0.8]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.8 [1.0.7]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.7 [1.0.6]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.6 [1.0.5]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.5 [1.0.4]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.4 [1.0.3]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.3 [1.0.2]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.2 [1.0.1]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.0.1 [Unreleased]: https://github.com/r3bo0tbx1/tor-guard-relay/compare/v1.0.1...HEAD --- ## ๐Ÿ™ Contributors Thank you to all contributors who have helped make this project better! --- ## ๐Ÿ“ Changelog Guidelines This changelog follows these principles: * โœ… **Semantic Versioning** (MAJOR.MINOR.PATCH) * ๐Ÿ“… **Chronological Order** (newest first) * ๐ŸŽฏ **User-Focused**: what changed, not how * ๐Ÿ”— **Linked Releases**: direct GitHub release links * ๐Ÿท๏ธ **Categorized Changes**: Added, Fixed, Security, etc. * ๐Ÿ“ **Keep a Changelog** format compliance --- **๐Ÿ“– For upgrade instructions, see [MIGRATION.md](docs/MIGRATION.md)** **๐Ÿ”’ For security-related changes, see [SECURITY.md](SECURITY.md)**