According to tor project the above version is stable release which is signed by one of the subkeys of the Tor Browser Developers signing key from now on, too. You can find its fingerprint on the Signing Keys page. It is:
pub 4096R/0x4E2C6E8793298290 2014-12-15Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features some important security updates for Mozilla Firefox. Secondally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL.
Key fingerprint = EF6E 286D DA85 EA2A 4BA7
DE68 4E2C 6E87 9329 8290
Here is the changelog since 4.0.3:
All Platforms
- Update Firefox to 31.5.0esr
- Update OpenSSL to 1.0.1l
- Update NoScript to 2.6.9.15
- Update HTTPS-Everywhere to 4.0.3
- Bug 14203: Prevent meek from displaying an extra update notification
- Bug 14849: Remove new NoScript menu option to make permissions permanent
- Bug 14851: Set NoScript pref to disable permanent permissions
On the other hand AVG and Panda antivirus engines are however flagging the new version as malware and if you are running any of the two virus scanners on your PC, you will not be able to install the new Tor. To install Tor, you have to DISABLE the antivirus prior to installation.
Once installed you can enable the anitvirus again and continue normally. It is awkward that AVG and Panda are flagging Tor as malware because apparently, Microsoft’s own antivirus and malware detector, the Microsoft Security Essentials, finds no issues with new Tor.
You can help Tor community by reporting the flagged issues as ‘false positives’ to both AVG and Panda so that they can make changes in features of their AV products.
The Tor seems to have some bugs related to exit nodes. An anonymous commented said that the Tor crashed when he tried to set ExitNodes {AU}. He also noted that he was not able to reopen the crashed Tor so he reinstalled it. This issue has not been raised by any other user/addressed by the Tor community.
You can get the signing keys by visiting here.