What's new in OnionShare 2.6.2
Mar 22, 2024
- Security fix: Removes newlines from History item path
- Security fix: Set a maximum length of 524288 characters for text messages in Receive mode
- Security fix: Allows only specific ASCII characters for usernames and removes control characters
- Security fix: Forcefully disconnect user from chat on disconnect event
- Security fix: Handle username validation excpeptions to prevent silent joining
New in OnionShare 2.6.1 (Mar 22, 2024)
- Release updates: Automate builds with CI, make just 64-bit Windows release, make a single universal2 release for both Intel and Apple Silicon macOS
- Upgrade dependencies, including Tor, meek, and snowflake
- Bug fix: Restore the primary_action mode settings in a tab after OnionShare reconnects to Tor
- Bug fix: Fix issue with auto-connecting to Tor with persistent tabs open
- Bug fix: Fix packaging issue where Windows version of OnionShare conflicts with Windows version of Dangerzone
- Bug fix: Fix 'Use a bridge' checkbox state change
- Bug fix: Raise error from waitress if not shutdown
New in OnionShare 2.6 (Oct 10, 2022)
- Major feature: a new 'Quickstart' screen, which enables toggling on or off an animated automatic connection to Tor. This allows configuring network settings prior to automatic connection.
- Major feature: Censorship circumvention. Use new features in the upstream Tor API to try to automatically obtain bridges depending on the user's location.
- New feature: automatically fetch the built-in bridges from the upstream Tor API rather than hardcode them in each release of OnionShare.
- New feature: keyboard shortcuts to access various modes and menus, and accessibility hints
- Bug fix: Temporary Directory for serving the OnionShare web pages was broken on Windows
- Packaging: Packaging is more automated, and Linux Snapcraft releases are available for amd64, arm64, and armhf
- Miscellaneous: Many dependency updates and web page theming improvements
New in OnionShare 2.6 Dev 1 (Jun 20, 2022)
- Early release to test CI builds.
New in OnionShare 2.5 (Jan 18, 2022)
- Security fix: Sanitize the path parameter in History item widget to be plain text
- Security fix: Use microseconds in Receive mode directory creation to avoid potential DoS
- Security fix: Several hardening improvements for session and username management in Chat mode, to prevent impersonation and other issues
- Major feature: Obtain bridges from Moat / BridgeDB (over a domain-fronted Meek client)
- Major feature: Snowflake bridge support
- New feature: Tor connection settings, as well as general settings, are now Tabs rather than dialogs
- New feature: User can customize the Content-Security-Policy header in Website mode
- New feature: Built-in bridges are automatically updated from Tor's API when the user has chosen to use them
- Switch to using our stem fork called cepa, which is now published on PyPi so we can build it in releases
- Various bug fixes
New in OnionShare 2.4 (Sep 29, 2021)
- Major feature: Private keys (v3 onion client authentication) replaces passwords and HTTP basic auth
- Updated Tor to 0.4.6.7 on all platforms
- Various bug fixes
New in OnionShare 2.3.3 (Aug 23, 2021)
- New feature: Setting for light or dark theme
- Updated Tor to 0.4.6.7 for Linux, 0.4.5.10 for Windows and macOS
- Various bug fixes
New in OnionShare 2.3.2 (Aug 23, 2021)
- New feature: Custom titles can be set for OnionShare's various modes
- New feature: Receive mode supports notification webhooks
- New feature: Receive mode supports submitting messages as well as files
- New feature: New ASCII art banner and prettier verbose output
- New feature: Partial support for range requests (pausing and resuming in HTTP)
- Updated Tor to 0.4.5.7
- Updated built-in obfs4 bridges
- Various bug fixes
New in OnionShare 2.3.1 (Feb 23, 2021)
- Bugfix: Fix chat mode
- Bugfix: Fix --persistent in onionshare-cli
- Bugfix: Fix checking for updates in Windows and macOS
New in OnionShare 2.3 (Feb 23, 2021)
- Major new feature: Multiple tabs, including better support for persistent services, faster Tor connections
- New feature: Chat anonymously mode
- New feature: All new design
- New feature: Ability to display QR codes of OnionShare addresses
- New feature: Web apps have responsive design and look better on mobile
- New feature: Flatpak and Snapcraft packaging for Linux
- Several bug fixes
New in OnionShare 2.2 (Sep 21, 2020)
- New feature: Website mode, which allows publishing a static HTML website as an onion service
- Allow individual files to be viewed or downloaded in Share mode, including the ability to browse into subdirectories and use breadcrumbs to navigate back
- Show a counter when individual files or pages are viewed
- Better History items including colors and status codes to differentiate between successful and failed requests
- Swap out the random /slug suffix for HTTP basic authentication (when in non-public mode)
- Hide the Tor connection settings if the ONIONSHARE_HIDE_TOR_SETTINGS environment variable is set (Tails compatibility)
- Remove the NoScript XSS warning in Receive Mode now that the NoScript/Tor Browser bug is fixed. The ajax upload method still exists when javascript is enabled.
- Better support for DragonFly BSD
- Updated various dependencies, including Flask, Werkzeug, urllib3, requests, and PyQt5
- Updated Tor to 0.4.1.5
- Other minor bug fixes
- New translations:
- Arabic (العربية)
- Dutch (Nederlands)
- Persian (فارسی)
- Romanian (Română)
- Serbian latin (Srpska (latinica))
- Removed translations with fewer than 90% of strings translated:
- Finnish (Suomi)
New in OnionShare 2.1 (May 8, 2019)
- New feature: Auto-start timer, which allows scheduling when the server starts
- Renamed CLI argument --debug to --verbose
- Make Tor connection timeout configurable as a CLI argument
- Updated various dependencies, including to fix third-party security issues in urllib3, jinja2, and jQuery
- Update Tor to 0.3.5.8
- New translations:
- Traditional Chinese (正體中文 (繁體)),
- Simplified Chinese (中文 (简体))
- Finnish (Suomi)
- German (Deutsch)
- Icelandic (Íslenska)
- Irish (Gaeilge)
- Norwegian Bokmål (Norsk Bokmål)
- Polish (Polski)
- Portuguese Portugal (Português (Portugal))
- Telugu (తెలుగు)
- Turkish (Türkçe)
- Ukrainian (Українська)
- Removed translations because less than 90% of the strings were translated:
- Bengali (বাংলা)
- Persian (فارسی)
New in OnionShare 2.0 (Feb 21, 2019)
- New feature: Receiver mode allows you to receive files with OnionShare, instead of only sending files
- New feature: Support for next generation onion services
- New feature: macOS sandbox is enabled
- New feature: Public mode feature, for public uses of OnionShare, which when enabled turns off slugs in the URL and removes the limit on how many 404 requests can be made
- New feature: If you're sharing a single file, don't zip it up
- New feature: Full support for meek_lite (Azure) bridges
- New feature: Allow selecting your language from a dropdown
- New translations: Bengali (বাংলা), Catalan (Català), Danish (Dansk), French (Français), Greek (Ελληνικά), Italian (Italiano), Japanese (日本語), Persian (فارسی), Portuguese Brazil (Português Brasil), Russian (Русский), Spanish (Español), Swedish (Svenska)
- Several bugfixes
- Invisible to users, but this version includes some major refactoring of the codebase, and a robust set of unit tests which makes OnionShare easier to maintain going forward
New in OnionShare 1.3.1 (Jun 19, 2018)
- Updated Tor to 0.2.3.10
- Windows and Mac binaries are now distributed with licenses for tor and obfs4
New in OnionShare 1.3 (Feb 27, 2018)
- Major UI redesign, introducing many UX improvements
- Client-side web interface redesigned
- New feature: Support for meek_lite pluggable transports (Amazon and Azure) - not yet ready for Windows or Mac, sorry
- New feature: Support for custom obfs4 and meek_lite bridges (again, meek_lite not available on Windows/Mac yet)
- New feature: ability to cancel share before it starts
- Bug fix: the UpdateChecker no longer blocks the UI when checking
- Bug fix: simultaneous downloads (broken in 1.2)
- Update Tor to 0.2.3.9
- Improved support for BSD
- Updated French and Danish translations
- Minor build script and build documentation fixes
- Add flake8 tests
New in OnionShare 1.2 (Jan 19, 2018)
- New feature: Support for Tor bridges, including obfs4proxy
- New feature: Ability to use a persistent URL
- New feature: Auto-stop timer, to stop OnionShare at a specified time
- New feature: Get notification when Tor connection dies
- Updated versions of python, Qt, tor, and other dependencies that are bundled
- Added ability to supply a custom settings file as a command line arg
- Added support for FreeBSD
- Fixed small user interface issues
- Fixed minor bugs
- New translations for Dutch
New in OnionShare 1.1 (May 31, 2017)
- OnionShare connects to Tor itself now, so opening Tor Browser in the background isn't required
- In Windows and macOS, OnionShare alerts users about updates
- Removed the menu bar, and added a Settings button
- Added desktop notifications, and a system tray icon
- Ability to add multiple files and folders with a single "Add" button
- Ability to delete multiple files and folders at once with the "Delete" button
- Hardened some response headers sent from the web server
- Minor clarity improvements to the contents of the share's web page
- Alert the user rather than share an empty archive if a file was unreadable
- Prettier progress bars
New in OnionShare 1.1 Dev 2 (May 24, 2017)
- OnionShare connects to Tor itself now, so opening Tor Browser in the background isn't required
- In Windows and macOS, OnionShare alerts users about updates
- Removed the menu bar, and adding a Settings button
- Added desktop notifications
New in OnionShare 1.1 Dev 1 (May 18, 2017)
- OnionShare connects to Tor itself now, so opening Tor Browser in the background isn't required
- In Windows and macOS, OnionShare alerts users about updates
- Removed the menu bar, and adding a Settings button
New in OnionShare 1.0 (Feb 24, 2017)
- Fixed long-standing macOS X bug that caused OnionShare to crash on older Macs (!)
- Added settings dialog to configure connecting to Tor, including support for system Tor
- Added support for stealth onion services (advanced option)
- Added support for Whonix
- Improved AppArmor profiles
- Added progress bar for zipping up files
- Improved the look of download progress bars
- Allows developers to launch OnionShare from source tree, without building a package
- Deleted legacy code, and made OnionShare purely use ephemeral Tor onion services
- Switched to EFF's diceware wordlist for slugs
New in OnionShare 0.9.1 (Sep 7, 2016)
- Added Nautilus extension, so you can right-click on a file and choose "Share via OnionShare", thanks to Subgraph developers
- Switch to using the term "onion service" rather than "hidden service"
- Fix CVE-2016-5026, minor security issue related to use of /tmp directory
- Switch from PyInstaller to cx_Freeze for Windows and OSX packaging
- Support CLI in Windows and OSX
New in OnionShare 0.9 (Apr 13, 2016)
- Slugs are now shorter and human-readable, with rate limiting to prevent URL guessing
- Uses a new slug each time the server restarts
- "Stop sharing automatically" enforces only one download
- Users get asked if they're sure they want to close OnionShare while server is running
- Added estimated time remaining progress indicator
- Fixed frozen window while waiting for hidden service to start
- Displays version number in both GUI and CLI
- Closing window causes downloads to stop immediately
- Web server listens in ports 17600-17650, for future Tails support
- Updated translations
- Ported from Python 2 to Python 3 and from Qt4 to Qt5
- Ported from py2app and py2exe to PyInstaller
New in OnionShare 0.8.1 (Dec 8, 2015)
New in OnionShare 0.8 (Dec 8, 2015)
- Add support for ephemeral hidden services
- Stopped leaking sender's locale on download page
- Add support for Tor Messenger as provider of Tor service
- Minor bugfixes, code cleanup, and refactoring
New in OnionShare 0.7.1 (Nov 23, 2015)
- Fixed critical bug in OS X binaries that caused crashes on some computers
- Added Security Design document
- Minor bug fix with Windows code signing timestamp server
- Linux version uses HS dir that is allowed by Tor Browser Launcher's AppArmor profiles