+
+100) Create a cross-platform Privoxy control program and retire
+ the win32 GUI. Integrate support for Privoxy-Regression-Test,
+ Privoxy-Log-Parser, Privoxy-Filter-Test, uagen and similar tools.
+
+102) Add an include directive to split the config file into several parts.
+
+103) Potential performance improvement for large action files:
+ when figuring out which actions apply, check the action bit mask
+ before pattern matching and skip section that wouldn't modify the
+ actions already set. To increase the impact the sections would have
+ to be applied in reverse.
+
+104) The code to modify global_toggle_state should be factored out into
+ a separate function. Currently we mess with it in three different
+ files, but only in w32log.c the tray icon is explicitly set.
+ The logging is inconsistent as well. For details see #3525694.
+
+105) Add support for socks authentication.
+
+106) actionlist.h should be embedded in a way that causes less text
+ segment bloat.
+
+107) Support more pcrs variables, for example $destination-ip-address
+ and $source-ip-address.
+
+108) Allow to use a somewhat random string instead of PRIVOXY-FORCE.
+
+109) Let log_error() support the format specifier %S which should
+ work like %s but escape new lines like %N. This would be useful
+ to log the result of header filters which may inject new lines.
+
+110) Add a global-buffer-limit directive that roughly limits how
+ much malloc'ed memory Privoxy will use and can potentially
+ be smaller than (buffer-limit * max-client-connections).
+
+111) Reject requests if hosts and ports in request line and Host
+ header don't match (before filters have been applied).
+
+112) If a header filter is used to inject another header by inserting
+ a \r\n (undocumented feature), detect it and split the headers so
+ following header actions do not treat them as a single string.
+ Alternatively add another header injection mechanism.
+
+113) Log statistics upon receiving a certain signal (SIGINFO or SIGUSR1).
+
+114) Properly deal with status code 100. The current "Continue hack"
+ can cause problems for gpg when uploading keys through Privoxy.
+
+115) Add ICAP (RFC 3507) support. FR #3615158.
+
+116) Due to the use of sscanf(), Privoxy currently will fail to properly
+ parse chunks whose size can't be represented with 32 bit. This is
+ unlikely to cause problems in the real world, but should eventually
+ be fixed anyway. See also:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=959100
+
+117) Dynamic variables are documented poorly.
+
+118) There should be "escaped" dynamic variables that are guaranteed
+ not to break filters.
+
+119) Evaluate using pcre's jit mode.
+
+120) Add an option to limit pcre's recursion limit below the default.
+ On some platforms the recursion limit doesn't prevent pcre from
+ running out of stack space, causing the kernel to kill Privoxy
+ ungracefully.
+
+121) Add HTTP/2 support. As a first step, incomming HTTP/1.x requests
+ should be translated to outgoing HTTP/2 requests where possible
+ (and if desired by the user).
+
+122) Allow customized log messages.