# Tor Browser Launcher Changelog
+## 0.2.4
+
+* Fix signature verification bypass attack, reported by Jann Horn (CVE-2016-3180)
+
+## 0.2.3
+
+* Removed certificate pinning to https://www.torproject.org to avoid issues with upcoming certificate change, and hard-coded minimum Tor Browser version in the release
+* Fix issue with detecting language
+* Make Tor SOCKS5 proxy configurable, for users not running on 9050
+* Improved AppArmor profiles
+* Added translations
+* Switched from xpm icons to png icons
+* Changed "Exit" button to "Cancel" button
+* New package description
+
+## 0.2.2
+
+* Tor Browser Launcher no longer attempts to auto-update, now that Tor Browser has this feature
+* System Tor is now an optional dependency
+* Fix issue where downloads fail because of unicode URLs
+* Removed window management code that stopped working many releases ago, and removed wmctrl dependency
+* Removed test code that caused signature verification to happen at the wrong time
+
+## 0.2.1
+
+* Stop using RecommendedTBBVersions and start using more reliable "release" channel XML
+* Converted settings file from pickle format to JSON
+* Download tarball signatures to verify, rather than SHA256SUMS and signature
+* Implemented IPolicyForHTTPS to prevent twisted-related crashes in Debian
+* Some AppArmor fixes
+
## 0.2.0
* Fix critical bug with new location of start-tor-browser