Only the current release, the latest tag, and the current stable Tor version (e.g., 0.4.8.11) are supported. See README.md for a list of currently supported tags. All other tags will not receive updates.
If you have found a vulnerability in Tor, please email security@torproject.org. See Tor’s bug-reporting guidelines for details.
If you discover a potential vulnerability in this Docker image, please submit it privately via the security report form.
See the GitHub documentation for details.
Report vulnerabilities in third-party modules to the person or team maintaining the module.
The issue will be published as a security advisory.
Security is a priority. I will update the supported tags as soon as a new Tor or Alpine release is available. Please give me three days to perform and test the update. I will also periodically rebuild the image to include updated Alpine packages with important security fixes.
To keep the docker image secure, several automated systems are in place:
- Dependabot: Configured to automatically update dependencies (dependabot.yml).
- GitHub Actions: A suite of workflows monitors for updates and performs checks:
- Anchore Grype Scanning for vulnerability detection.
- Rebuild on APK Updates to automatically rebuild Docker images when APK security updates are available.
- Update Tor Version to automatically check for and update to the latest Tor release.
- Codacy Integration for code quality analysis.
- CodeQL to identify vulnerabilities and errors in GitHub Actions workflows.