Sys-Whonix Tor version obsolete

normaluser · December 21, 2025, 9:08pm

Hello,

Before I start, please remember that I am not an advanced user, and if you reply, please keep that in mind.

So, while running sys-whonix, I started nyx, where I saw that my Tor version is 0.4.8.14, which is obsolete.

I tried looking online for a simple answer as to what I should do, and if I should update and how, but all I found was links to long documentation from Kicksecure that isn’t at all straight-forward. I don’t even have any Kicksecure template installed on my machine!

My whonix gateway 17 and whonix workstation 17 templates are up to date using Qubes Update.

stonehedge · December 21, 2025, 10:44pm

@normaluser i dont know a ton but kicksecure is the software that your whonix templates run off of. i do know that. also i saw whonix released a whonix 18 i believe but we’ll have to wait on the qubes developers to implement that. Whonix said that it’ll be going into the new Qubes version 4.3 apparently. hope that helps some!

FranklyFlawless · December 22, 2025, 6:12am

zestytruffle · December 26, 2025, 3:37am

I’ll admit I am not an advanced user myself, either. Also not a complete noob.

That said, I noticed the same thing before I upgraded to v4.3.0. I had a whonix-17 template in v4.2.4, and noticed my instance of the whonix-gateway was running a super old version of Tor (0.4.8.14). I accepted this though because the Whonix documentation identified the upkeep on whonix-17 templates would be minimal at best, being end of life.

I put a fresh install of Qubes 4.3.0 up yesterday, so, replacing everything from scratch. I assumed that with a whonix-18 template, the whonix-gateway would incorporate Tor 0.4.8.21, or at the very least maybe the version prior. But it’s running v0.4.8.18, so, a handful of versions ago. I’ve scoured the available documentation via Whonix, Kicksecure, Qubes, Qubes forums, etc. - the closest I got was via Kicksecure’s documentation for how to upgrade the version of Tor, as it relates to my questions. What I want to understand are two things, 1) is running an obsolete version of Tor problematic from a security standpoint (or in the sense that running outdated software is typically not good practice), and 2) why is this version of Tor the one being utilized?

I never noticed an obsolete version of Tor in the past, in the years I’ve been using Qubes/Whonix. It would always say “recommended” if I remember correctly. My assumption is that this version of Tor is the current “stable” version for Kicksecure/Whonix, but again, I can’t confirm that anywhere.

Any insight would be helpful. Many thanks.

scallyob · December 29, 2025, 3:42am