+
+94) Add a config directive to let Privoxy prefer either IPv4 (or IPv6)
+ addresses, instead of trusting the libc to return them in an order
+ that makes sense. Like #93, this could be useful as a workaround
+ for misconfigured setups.
+
+95) Support a non-standard client header in CONNECT requests that
+ contains the URL of the requested resource, which is then treated
+ like the request URL.
+
+ This way the client could opt-in for path-based blocking of https
+ requests. Given that the headers from the CONNECT request aren't
+ forwarded to the destination server, an unencrypted URL should be
+ acceptable if the client and Privoxy are running on the same system
+ or in a trusted environment.
+
+96) Filters should be easier to look up. Currently get_filter() has to
+ go through all filters and skip the filter types the caller isn't
+ interested in.
+
+98) When showing action section on the CGI pages, properly escape
+ line breaks so they can be copy&pasted into action files without
+ adjustments.
+
+99) Figure out a mechanism through which a user can easily enable
+ site-specific action sections that are too aggressive to be
+ enabled by default. This could be similar to the presettings
+ in default.action, but could also be just another action file
+ that isn't used by default.
+
+100) Create a cross-platform Privoxy control program and retire
+ the win32 GUI. Integrate support for Privoxy-Regression-Test,
+ Privoxy-Log-Parser, Privoxy-Filter-Test, uagen and similar tools.
+
+102) Add an include directive to split the config file into several parts.
+
+103) Potential performance improvement for large action files:
+ when figuring out which actions apply, check the action bit mask
+ before pattern matching and skip section that wouldn't modify the
+ actions already set. To increase the impact the sections would have
+ to be applied in reverse.
+
+104) The code to modify global_toggle_state should be factored out into
+ a separate function. Currently we mess with it in three different
+ files, but only in w32log.c the tray icon is explicitly set.
+ The logging is inconsistent as well. For details see #3525694.
+
+105) Add support for socks authentication.
+
+106) actionlist.h should be embedded in a way that causes less text
+ segment bloat.
+
+107) Support more pcrs variables, for example $destination-ip-address
+ and $source-ip-address.
+
+108) Allow to use a somewhat random string instead of PRIVOXY-FORCE.
+
+109) Let log_error() support the format specifier %S which should
+ work like %s but escape new lines like %N. This would be useful
+ to log the result of header filters which may inject new lines.
+
+110) Add a global-buffer-limit directive that roughly limits how
+ much malloc'ed memory Privoxy will use and can potentially
+ be smaller than (buffer-limit * max-client-connections).
+
+111) Reject requests if hosts and ports in request line and Host
+ header don't match (before filters have been applied).
+
+112) If a header filter is used to inject another header by inserting
+ a \r\n (undocumented feature), detect it and split the headers so
+ following header actions do not treat them as a single string.
+ Alternatively add another header injection mechanism.
+
+113) Log statistics upon receiving a certain signal (SIGINFO or SIGUSR1).
+
+114) Properly deal with status code 100. The current "Continue hack"
+ can cause problems for gpg when uploading keys through Privoxy.
+
+115) Add ICAP (RFC 3507) support. FR #3615158.
+
+116) Due to the use of sscanf(), Privoxy currently will fail to properly
+ parse chunks whose size can't be represented with 32 bit. This is
+ unlikely to cause problems in the real world, but should eventually
+ be fixed anyway. See also:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=959100
+
+118) There should be "escaped" dynamic variables that are guaranteed
+ not to break filters.
+
+119) Evaluate using pcre's jit mode.
+
+120) Add an option to limit pcre's recursion limit below the default.
+ On some platforms the recursion limit doesn't prevent pcre from
+ running out of stack space, causing the kernel to kill Privoxy
+ ungracefully.
+
+121) Add HTTP/2 support. As a first step, incomming HTTP/1.x requests
+ should be translated to outgoing HTTP/2 requests where possible
+ (and if desired by the user).
+
+122) Allow customized log messages.
+
+123) Allow to decrypt encrypted traffic using the
+ voluntarly-disclose-session-keys option in Firefox.
+ Depends on #16.
+
+124) Add Capsicum support.