CHANGES.txt

Onion Browser Version History (since 1.2.2)

FUTURE:

===== 2.0 - Under Development =====
Est. Release: February 2015
Features subject to change.

* New "flat" icon for the iOS 7+ era.

* Tabbed browsing.

* Data encryption with an app-level password. Supplements current
  encryption done by the iOS operating system, improving protection
  against forensic tools.

===== 1.5.12 - Under Development =====
Est. Release: March 2015
Features subject to change.

* Allow pasting in the bridges.torproject.org text blob to set
  bridges, like the Tor Browser launcher. #55

* Allow scanning QR code from bridges.torproject.org to set
  bridges. #56

* On first run, allow user to configure bridges before trying to
  launch Tor. Once Pluggable Transports are working, this will be
  useful for users where Tor traffic looks suspicious. #57


CURRENT VERSION:

===== 1.5.11 - Pending App Store Approval =====
Mar 10 2015 - Submit Date

* Fix issue where bridges with 5-digit port numbers were not allowed
  in the bridge configuration. Issue reported by Andrew Auerbach.

* Improve connection error handling and alert user if Tor client has
  stopped working.

* Tor updated to 0.2.6.4-rc.
  https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.4-rc

* OpenSSL updated to 1.0.2.
  https://openssl.org/news/openssl-1.0.2-notes.html

* Libevent updated to 2.0.22-stable.
  https://raw.githubusercontent.com/libevent/libevent/release-2.0.22-stable/ChangeLog

===== 1.5.10 - In App Store =====
Nov 11 2014 - Submit Date
Nov 11 2014 - App Store Availability

* Add padlock icon to denote whether the page was delivered entirely
  over TLS or if there was some insecure content sent along with the HTTPS
  page. (#42)

* Fix crashing if a user entered anything other than an ip_address:port
  as a bridge. Now notifies user that the choice was invalid before trying
  to use it in Tor.

* Fix display of the progress bar in iOS 8.

* Attempt to fix issue where Forward/Back/"Open Home Page" buttons
  would simply stop the browser and not load the desired page.

* Streamlined error handling so that web pages that abruptly stop
  should provide useful error messages or error codes to users, who
  can then report the issue.


PREVIOUS VERSIONS:

===== 1.5.9  =====
Nov 09 2014 - Submit Date
Nov 10 2014 - App Store Availability

* Fixed crash when allowing Onion Browser to bypass unverified SSL
  certificates. Affected use of DuckDuckGo .onion site over SSL. Issue
  reported by Alex Ristich.

* SSLv3 connections to websites are now disabled by default, to avoid the
  POODLE attack. Option added to set the minimum required SSL/TLS version,
  set to TLSv1.0 by default.

* Tor updated to 0.2.5.10, the first stable release in the 0.2.5.X series.
  https://blog.torproject.org/blog/tor-02510-released-and-tor-023x-deprecated
  https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes

* OpenSSL updated to 1.0.1j, fixing four vulnerabilities including the
  POODLE attack.
  https://www.openssl.org/news/secadv_20141015.txt

* Fixed a display issue on the settings page.


===== 1.5.8 =====
Sep 26 2014 - Submit Date
Oct 08 2014 - App Store Availability

1.5.6 was submitted, but replaced before App Store release.
1.5.7 version number was skipped due to an issue with iTunes Connect.

* Fix major issue where "Browser Settings" button did not open settings
  page on iPad.

* App now uses the native device resolution on iPhone 6 and iPhone 6 Plus,
  instead of going into "stretch mode".

* Fix "screen blanking" behavior when switching away from Onion Browser.

* Change app name on home screen back to "Onion Browser" since it seems that
  the ellipsis-causing change in iOS 7 was possibly fixed in iOS 7.1 or 8.

* User-agent spoofing strings updated to the latest iOS 8 Safari and Mac OS
  X Mavericks Safari (7.1).

* Tor updated to 0.2.5.8-rc, the second release candidate in the
  0.2.5.X series. The switch to 0.2.5.X should somewhat improve connection
  stability, as well as improve overall security. 0.2.5.8 in particular
  improves connections to hidden services.
  https://blog.torproject.org/blog/tor-0257-rc-out
  https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.5;f=ReleaseNotes


===== 1.5.5 =====
Sep 13 2014 - Submit Date
Sep 18 2014 - App Store Availability

* Rebuilt with iOS 8 SDK to hopefully mitigate any issues on newly
  released iPhones.

* Minimum required iOS version is now iOS 6.1 (was iOS 6.0). This should
  enforce the fix for CVE-2014-1266 on the oldest supported devices. iOS
  6.X support will be dropped later this year.


===== 1.5.4 =====
Aug 11 2014 - Submit Date
Aug 13 2014 - App Store Availability

* Tor updated to 0.2.4.23, containing several security fixes, incl
  some mitigation of the RELAY_EARLY traffic confirmation attack.
  https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.4;f=ReleaseNotes

* OpenSSL updated to 1.0.1i, with some security fixes (mostly
  affecting ways to crash apps which use OpenSSL).
  http://www.openssl.org/news/secadv_20140806.txt

* Entering a unicode IDN (internationalized domain name) such as
  http://·.ws/ properly gets converted to the punycode
  representation and the browser properly navigates to the correct
  place (i.e. http://xn--uba.ws/ ). Previously the browser would
  do nothing with this input. Issue reported by Barend Rijn.


===== 1.5.3 =====
June 30 2014 - Submit Date
July 02 2014 - App Store Availability

* A bug in the default "Block XHR/Media/WebSocket" active content
  blocking mode caused iOS to allow video tags while blocking scripts.
  An example of this was shown in the http://xordern.net/ipcheck
  vulnerability disclosure.

* In some cases, the address bar could display a forged URL when
  a page causes certain types of errors. Reported by Łukasz Pilorz.
  Test case: https://ios.browsr-tests.com/alt/native.abs.php


===== 1.5.2 =====
June 16 2014 - Submit Date
June 19 2014 - App Store Availability

* Active Content Blocking now attempts to disable WebWorkers.
  JavaScript using "Worker()" to call other scripts could previously
  access WebSockets and other "blocked" functionality, which could
  bypass Tor.

* File encryption tweaked to attempt to fix issue where Onion Browser
  app would disappear from home screne. In some cases, if the app
  crashed, the app executable could be encrypted such that the OS
  could no longer access the app.

* OpenSSL updated to 1.0.1h, fixing the "Early CCS" vulnerability.


===== 1.5.1 =====
May 20 2014 - Submit Date
May 22 2014 - App Store Availability

* Onion Browser erroneously did not use 'gzip' compression to
  communicate with web servers. This has been corrected, which
  should greatly improve pageload performance.

* New "normalized" user agents have been added. Users who left
  Onion Browser on the 'No Spoofing' setting are now defaulted to
  the appropriate "normalized" setting for their device.

* User Agent spoofing now attempts to spoof the javascript
  "navigator.userAgent" variable that sites could previously use
  to detect an attempted UA spoof. (Previously, this variable still
  contained the browser's real identification.)

* Fixed rendering issue on iPads, where the browser section would
  overlap the bottom toolbar.

* Active Content Blocking now attempts to disable using WebSockets
  and other dangerous activity by modifying incoming content.

* Some settings text made more explicit. The "Pipelining" setting
  has been removed and is now always enabled.

* Tor updated to 0.2.4.22, which blacklists Tor directory keys that
  were susceptible to Heartbleed. Also improves TLS ciphersuite
  selection for Tor.


===== 1.5.0 =====
May 11 2014 - Submit Date
May 14 2014 - App Store Availability

Onion Browser has received a security audit and pentest by Cure53.de,
funded by the Open Technology Fund at Radio Free Asia. Security issues
corrected due to this audit are marked with the vulnerability ID
(i.e. "OB-01-XX").

See https://mike.tig.as/onionbrowser/security/ for details and more
up-to-date security information.

FIXED VULNERABILITIES

* OB-01-005: "Third-Party Cookie" blocking was not working as
  expected. The "Block Third Party" cookie option simply allowed all
  cookies. Fixed in e70e2fcbca.

* OB-01-006: Due to improper handling of itms: and itms-app: URIs, an
  attacker could cause the iTunes app to auto-open from Onion Browser,
  causing iTunes to open too quickly for the Tor tunnel would close
  properly. If Onion Browser was in the middle of loading resources
  from the attacker's page, partial SSL traffic would be sent to the
  attacker's website outside of Tor, exposing the user's real IP
  address. Fixed in 89121d3271.

* OB-01-009: Domain names containing ".onion" anywhere originally
  bypassed all SSL certificate checks. Fixed in 271b2b22df.

* OB-01-010: WebSockets were discovered to bypass Tor entirely and no
  easy avenue for intercepting these requests (to pass into Tor or to
  block) has been discovered yet. Active Content Blocking now blocks
  these connections by default; unfortunately, this also blocks all
  AJAX/XHR requests as well. A (dangerous) option to re-enable all
  Javascript-based requests has been added. Fixed in 983687ed67.

* OB-01-013: The "click here to force-quit the app" function inside
  the help page has been replaced with instructions on how to quit
  the app manually. The "onionbrowser:forcequit" URL was previously
  susceptible to an app-crasher attack (i.e. by inclusion in a tag
  such as <img src="onionbrowser:forcequit">) and has been removed.
  Behavior changed in c5cfb15a99.

* OB-01-014: Browser cache, HTML5 "local storage", and HTML5 database
  functionality is now always blocked. Websites previously could take
  advantage of these features to create "evercookie" scenarios that
  could bypass the "Block Cookies" feature in Onion Browser. Changed
  in 4d3ef413bd.

* OB-01-016: HTML content loaded via "data:" URIs would bypass the
  "Block Active Content" setting. If a user navigates to a specially
  crafted "data:text/html..." URI (via redirect or "meta refresh"),
  the page could load a video tag, exposing the user's IP address.
  "data:" URIs that are not image files are now blocked from being
  loaded in the address bar or via redirect. Fixed in 546a5434b1.

* OB-01-017: Onion Browser previously loaded "onionbrowser://" URLs
  without prompting the user. This could create a case where an
  attack site opened in another browser would redirect a user to
  "onionbrowser://example.com/?ip=xxx.xxx.xxx.xxx", revealing at the
  user at the given IP address is an Onion Browser user and then
  identify the Onion Browser session to that particular user. Onion
  Browser now prompts a user on incoming links, displaying the link
  before the browser proceeds. Behavior changed in d7d1941d3d.

OTHER FIXED ISSUES

* OB-01-001: Onion Browser now masks the current activity from
  appearing in the "app picker" thumbnail image when the app goes to
  background. Fixed in 535fc0c130.

* OB-01-002/OB-01-003/OB-01-007: Use of iOS' built-in file encryption
  has been overhauled such that all files in the app's sandbox (app,
  settings, cachces, cookies, etc) are all protected when the device
  goes into a lock state. Fixed in 7ec879611b, see [AppDelegate
  -updateFileEncryption] for more details.

* OB-01-012 note: When built for debugging or the iOS Simulator, Onion
  Browser is not compiled with ASLR (Address Space Layout
  Randomization), which could leave the app vulnerable to memory bugs.
  However, the app, when compiled for "Release" is ASLR/PIE compiled.
  You may test this by executing the following command on the output
  of the "Build" command (or against an already-compiled ".app" copy
  that you have): `otool -hv </path/to/OnionBrowser.app>/OnionBrowser`
  (i.e., `otool -hv ~/Downloads/OnionBrowser.app/OnionBrowser`)
  The output should contain the "PIE" flag.

* OB-01-015: Autocomplete and autocorrect have been disabled on all
  app-controlled text fields. (This includes settings, bookmarks,
  address bar. Fields on web pages are unfortunately not subject to
  this restriction.) Autocorrect results in user-typed data being
  logged in the system's keyboard cache, which could leak private
  information out of the app. Updated in a5a409876d.

OTHER UPDATES

* The homepage has been changed, as the official check.torproject.org
  domain now performs useragent checking and was confusing users. The
  new homepage resides on a Tor hidden service, ensuring Tor
  connectivity and does provide a link over to the original
  check.torproject.org site.

* User-agent strings have been updated. "Windows" spoof updated to
  Windows 7 Firefox 24.0, same as Tor Browser Bundle. "Mac Safari"
  updated to OS X 10.9.2 Safari 7.0.3, most up-to-date version.


===== 1.4.1 =====
Apr 21 2014 - Submit Date
Apr 23 2014 - App store availability

* OpenSSL updated to 1.0.1g, fixing the Heartbleed bug. Note that in
  Onion Browser, Heartbleed only affects the connection between your
  the device and a Tor entry guard or bridge. Browser traffic is not
  vulnerable (but speaking to affected websites is still insecure
  regardless of which browser you use).

* Tor updated to 0.2.4.21.

* Compiled for iOS SDK 7.1 (XCode 5.1).

* Onion Browser now encrypts locally-stored data, including browser
  settings, bookmarks, and Tor bridges (if enabled).

* Fix issue where Onion Browser was not allowing third-party apps to
  open. When encountering a URI scheme that can open in another app,
  Onion Browser will now ask the user if they want to open the app.
  (Example: clicking on a "tel:" link can now open the phone app
  rather than simply fail.)

* Tweaks to content-security-policy so that even with "active content
  blocking" enabled, some safe activity is still allowed, such as
  using the target attribute on a link inside a frame. Fixes issues
  with websites using frames (including default home page). Contributed
  by Łukasz Pilorz.


===== 1.4 =====
Feb 01 2014 - Submit Date
Feb 05 2014 - App store availability

* App is now being compiled with 64-bit CPU optimization (for iPhone 5S
  and new iPads), which may improve cryptographic performance and battery
  life. (Older devices are still supported, as long as they are using a
  compatible version of iOS.)

  COMPATIBILITY NOTE: App now requires iOS 6.0 or greater.

* A progress bar / loading bar, similar to one used in Safari, has been
  added to the app. Uses NJKWebViewProgress, by Satoshi Asano.
  https://github.com/ninjinkun/NJKWebViewProgress

* A copy of the help site has been embedded into the app, for offline
  viewing. This should help users having trouble when encountering the
  "Tor stops working after idle" bug.

* Fix awkward navbar / address bar spacing in iOS 7.


===== 1.3.14  =====
Jan 26 2014 - Submit date
Jan 30 2014 - App store availability

* MAJOR SECURITY IMPROVEMENT: Add experimental ability to turn off
  JavaScript and other active content. See onionbrowser.com for more
  details. Patch based on contribution by Łukasz Pilorz.

  (COMPATIBILITY NOTE: Active content blocking is only partially supported
  in iOS 5.1. Users are advised to upgrade their devices to a newer version
  of iOS.)

* Ability to set a custom home page. Revamped settings so that future
  customizations will be easier to implement.

* Add ability for other apps to open links in Onion Browser. Other apps
  can use the "onionbrowser://" (HTTP) or "onionbrowsers://" (HTTPS) URI
  protocols to launch Onion Browser. See README.

* Tweak "Connecting..." info page, based on input from Wong Choon Jie.

* Update default home page.

* OpenSSL updated to 1.0.1f.

* Tor updated to 0.2.4.20.


===== 1.3.13  =====
Nov 17, 2013 - Submit date
Nov 20, 2013 - App store availability

* More fixes to iPad "black bar" issue on iOS 7.0.

* Tor updated to 0.2.4.18-rc, which enables TLS 1.1 and 1.2 for improved
  security.


===== 1.3.12  =====
Oct 18, 2013 - Submit date
Oct 23, 2013 - App store availability

* Fix issue when opening app on iPad when in Landscape mode. ("Black bar"
  problem.)

* Fix some possible instances of random crashing introduced in previous
  version.

* Fix issue where bottom of webpage was covered by toolbar at bottom of
  screen.


===== (No version 1.3.11) =====


===== 1.3.10  =====
Oct 11, 2013 - Submit date
Oct 16, 2013 - App store availability

* MAJOR PRIVACY ISSUE FIXED: App previously did not successfully wipe
  HTML5 "application storage" (aka "local storage" or "app cache"), even
  when force-quitting or selecting "New Identity". This could be seen by
  testing a Google Search and noticing previous searches in a dropdown
  (due to Google's use of this cache). (Issue 26)
  https://github.com/mtigas/iOS-OnionBrowser/commit/dffce7070856927a8bb9f92a8fa67523d0e9eb10
  https://github.com/mtigas/iOS-OnionBrowser/commit/7ae6bcb5aa33538159c423a3b6c9987725e46d9a

* Add check.torproject.org frame to homepage, to ensure that user has
  successfully connected to Tor. (See Issue 28)
  https://github.com/mtigas/iOS-OnionBrowser/commit/18590148ee9e527c07dc82cb85143bc085f29c1e

* Fix issue with "New Identity" button on iPad when device is rotated
  in landscape mode. (Issue 32)
  https://github.com/mtigas/iOS-OnionBrowser/commit/df1c98b96e05db6e1c2f86125396e10cb8bb48a6

* Force using "ntor" connection handshake, which is faster and is now
  the default for 0.2.4.X and newer versions of Tor. This is preferred
  by 0.2.4.X relays (and is forced on in 0.2.5.X). This is a countermeasure
  against the botnet congestion that was introduced in September 2013
  and helps reduce load on the overall Tor network.
  https://github.com/mtigas/iOS-OnionBrowser/commit/68deb93eab4e99527f959297be571514f4ea6911


===== 1.3.9 =====
Oct 06, 2013 - Submit date
Oct 10, 2013 - App store availability

* Quick fix to support iOS 5.1+. Previous update accidentally required
  iOS 7.0.

* OPTIMIZATION NOTE: iPhone 5s (64-bit) CPU optimization -- introduced in
  the previous version -- has been removed. Apps compiled with these CPU
  optimziations are only compatible with iOS 6.0 and greater.

  This only affects minor portions of the encryption/decryption code. Much
  of the CPU load related to Onion Browser is caused by browser rendering,
  rather than encryption, so the speedups were negligible in the first place.

  When compiling your own copy of Onion Browser from this source tree, you
  can re-enable the CPU optimizations by going to [OnionBrowser project ->
  Build Settings -> Architectures] and then selecting "Standard architectures
  (including 64-bit)". This will require you to change Deployment Target
  to 6.0 or greater.

===== 1.3.8 =====

* COMPATIBILITY NOTE: An issue with the way this release was processed
  causes it to require iOS 7.0. An update has been submitted that will return
  support for iOS versions earlier than 7.0.

* Native iOS 7 support and iPhone 5s (64-bit) performance optimizations.

* Tor updated to 0.2.4.17-rc.

===== 1.3.7 =====
Jun 29, 2013 - Submit date
Jul 03, 2013 - App store availability

* COMPATIBILITY NOTE: App now requires iOS 5.1 and greater. This change should
  only affect an extreme minority of users who remain on iOS 5.0.

* Add links to StartPage/IxQuick and DuckDuckGo (non-onion) since the DDG
  .onion service occasionally has issues. (Based on user-reported issue.)

* Update user-agent spoof to match latest Tor Browser Bundle (for "Windows 7"
  spoof) and Mac OS X Safari (for "OS X" spoof). (Based on user-reported
  issue.)

* Fix minor code typo (thanks to user-submitted patch).

* Update Reachability library to allow ARC for increased stability.

* Update tor to 0.2.4.14-alpha (Jun 18, 2013) [1]

  [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.14-alpha:/ChangeLog

===== 1.3.6 =====
Jun 18, 2013 - Submit date
Jun 21, 2013 - App store availability

* Fixes support for streamed HTTP requests. This fixes "long" requests, such
  as uploading images or other media, i.e. on Twitter. (Issue #29; fix
  contributed by brantyoung)

* Update tor to 0.2.4.13-alpha (Jun 14, 2013). Provides important fix to
  crash-related vulnerability, and other security updates and minor fixes.[1]

  [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.13-alpha:/ChangeLog

===== 1.3.5 =====
May 18, 2013 - Submit date
May 22, 2013 - App store availability

* Update tor to 0.2.4.12-alpha (Apr 18, 2013). Provides several security
  updates and minor fixes.[1]

  [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.12-alpha:/ChangeLog

===== 1.3.4 - In App Store =====
Mar 17, 2013 - Build/submit date
Mar 21, 2013 - App store availability

* Update tor to 0.2.4.11-alpha (Mar 11, 2013). Moved back to alpha
  releases since 0.2.4.X introduces several security & performance
  improvements. Also eases future investigation of integrating obfs2 or
  other pluggable transports in the future. (This would allow Onion Browser
  to operate in areas where Tor is blocked due to deep packet
  inspection techniques.)

  The new "ntor" circuit-building handshake protocol[1] (with improved
  security and performance) is compiled into this version but will not
  be used until it Tor directory servers recommend[2] it.

  [1]: https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.11-alpha:/ChangeLog#l315
  [2]: http://archives.seul.org/tor/cvs/Jan-2013/msg00121.html

* Update openssl to 1.0.1e (Feb 11 2013).

  Changes 1.0.1c -> 1.0.1d: https://www.openssl.org/news/news.html
  Changes 1.0.1d -> 1.0.1e: https://www.openssl.org/news/announce.html

* Update compile settings to build against iOS SDK 6.1. App remains
  compatible for devices running iOS 5.0+.

===== 1.3.3 =====
Dec 07, 2012 - Build date
Dec 13, 2012 - App Store accept date

* Update tor to 0.2.3.25 (Nov 19, 2012). This is a stable release.

* Update libevent to 2.0.21-stable (Nov 18, 2012)


===== 1.3.2 =====
Nov 04, 2012 - Build/submit date
Nov 12, 2012 - App Store accept date

* Update tor to 0.2.3.24-rc (Oct 25, 2012). Fixes several security
  and connectivity-related issues.


===== 1.3.1 =====
Sep 12, 2012 - Build/submit date
Sep 18, 2012 - App Store accept date

* Support iPhone 5 (taller 4" Retina screen). Also compile openssl,
  libevent, and Tor for "armv7s" CPU target, which represents the new
  A6 processor. May improve performance on the iPhone 5 versus
  more generically compiled versions of those libraries.

* Bookmarking feature. Moved most of the "quick links" from startup
  page into "preset" bookmarks.

* Ability to configure Tor bridges. This is primarily geared toward
  advanced users that are using networks that attempt to block Tor via
  a "master list" of Tor nodes. See http://onionbrowser.com/help/
  for instructions.

* Major changes to underlying Tor wrapper code. May solve issues
  related to connection dying after the app has been open for some
  time and if the app was open while the device went into idle sleep.
  (Issue #2, Issue #3)

* Fixes CSS/JS on sites like meine-startseite.de, where statically gzipped
  resources are served (i.e. "foo.gz.css") automatically. HTTP code in
  Onion Browser now automatically handles these cases. (Issue #21)

* Fix issue where devices running iOS 5.1+ would work. Onion Browser
  should now work properly in all devices that have iOS 5.0 or higher.

* Update tor to 0.2.3.22-rc (Sep 11, 2012).


===== 1.3.0 =====
* Note: 1.3.0 was not released due to a bug discovered after original
  submission. 1.3.1 (above) contains and supersedes all changes that were
  originally slatedfor that version. All changes since 1.2.6 are listed above.


===== 1.2.6 =====
Sep 05, 2012 - Build/submit date
Sep 11, 2012 - App Store accept date

* Add warning message when clicking "New Identity" because of possible
  history leak: ":visited" CSS style still triggers on visited URLs
  despite clearing UIWebView history. (Issue #20 reported by sintime.)

* Closing the app while doing "initial connection" no longer causes
  connection to hang. App properly cancels connections/exits so that
  initialization retries properly on next app open.

* HTTP Pipelining can now be disabled. Can fix issues with some
  websites. (Based on issue reported by Jose C. M.)

* User-Agent spoof strings updated to Windows 7 Firefox 10 (matching
  TorButton) and Safari 6 Mountain Lion.

* Updated libevent to 2.0.20-stable (Aug 23, 2012)


===== 1.2.5 =====
Aug 23, 2012 - Build/submit date
Aug 30, 2012 - App Store accept date

* Fix rare IP address leak demonstrated on "ip-check.info": web pages
  with resources defined in non-HTTP/HTTPS URLs (i.e. "ftp://...")
  would leak IP address. (Hat-tip to Graham R.)

* Update tor to 0.2.3.20-rc (Aug 05, 2012).


===== 1.2.4 =====
Jul 20, 2012 - Build/submit date
Jul 31, 2012 - App Store accept date

* Add searchbox for DuckDuckGo Tor on start pageto make searching
  slightly easier.

* Update tor to 0.2.3.19-rc (Jul 06, 2012).


===== 1.2.3 =====
Jun 25, 2012 - Build/submit date
Jul 05, 2012 - App Store accept date

* Fixed checkbox behavior for Cookies in the options menu.

* Added help text to “Connecting…” stage.

* Update tor to 0.2.3.17-beta (Jun 15, 2012).


===== 1.2.2 =====
Jun 13, 2012 - Build/submit date
Jun 20, 2012 - App Store accept date

* Update tor to 0.2.3.16-alpha (Jun 05, 2012).