I agree that we should update to 0.2.9.12 as a best practice.
There is one security fix in 0.2.9.11 and one in 0.2.9.12. Both only affect users running onion / hidden services.
0.2.9.11 fixes TROVE-2017-005: “a bug that would allow an attacker to remotely crash a hidden service with an assertion failure.”[1]
0.2.9.12 fixes TROVE-2017-008: “a security bug that affects onion services running with the SafeLogging option disabled.”[2] (SafeLogging is enabled by default.)
[1] Tor 0.3.0.8 is released, with a fix for hidden services! (Also As are 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and 0.2.9.11) | The Tor Project
[2] New Tor stable releases (0.2.8.15, 0.2.9.12, 0.3.0.11) with fix for onion service security issue | The Tor Project
Advanced users have several options:
-
Update to 0.2.9.12 by building from source here. Instructions.
-
Update to latest stable version (currently 0.3.0.11 0.3.1.7) by installing
anon-shared-build-apt-sources-tpo[3] or by manually adding torproject repos. Compatibility with Whonix not guaranteed.
[3] Testers Wanted! Tor - Stable Upgrades - #5 by Patrick
It’s not “his” product. It’s ours. And you’re welcome to support its continued existence by making suggestions like you did at any time. You may also submit pull requests, suggest new tickets, or donate 
so others can work on development. How to contribute.