X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=ChangeLog;h=a1b7ecf10593a7972607a8543c56376614485d98;hb=ad29721b46a89b051958bf8272dfcd5626742d01;hp=5c89b084c69002bd570dea233631d2d91d656a5f;hpb=0937125fc3744f897ffd81a26a89df662f75d1f1;p=privoxy.git

diff --git a/ChangeLog b/ChangeLog
index 5c89b084..a1b7ecf1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,10 +4,25 @@ ChangeLog for Privoxy
 *** Since 3.0.8 ***
 
 - Added SOCKS5 support. Patch provided by Eric M. Hopper.
+- The "blocked" CGI pages include a block reason that was
+  provided as argument to the last-applying block action.
 - If enable-edit-actions is disabled (the default since 3.0.7 beta)
   the show-status page hides the edit buttons and explains why.
   Previously the user would get the "this feature has been disabled"
   message after using the edit button.
+- Forbidden CONNECT requests are treated like blocks by default.
+  The now-pointless treat-forbidden-connects-like-blocks action
+  has been removed.
+- Not enabling limit-connect now allows CONNECT requests to all ports.
+  In previous versions it would only allow CONNECT requests to port 443.
+  Use +limit-connect{443} if you think you need the old default behaviour.
+- The CGI editor gets turned off after three edit requests with invalid
+  file modification timestamps. This makes life harder for attackers
+  who can leverage browser bugs to send fake Referers and intend to
+  brute-force edit URLs.
+- The CGI editor supports the "disable all filters of this type"
+  directives "-client-header-filter", "-server-header-filter",
+  "-client-header-tagger" and "-server-header-tagger".
 - Fixed false-positives with the link-by-url filter and URLs that
   contain the pattern "/jump/".
 - The less-download-windows filter no longer messes