X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fannounce.txt;h=72687929f2284dd9df625ee615d19004dfe670db;hb=e1cb1adbdddac3bd536132926479436743fe46a0;hp=181113e41d16ca6fba85a04c1f004b758889090d;hpb=c8518a21590aa1456f4cea95fcc3a2d099a74ed0;p=privoxy.git diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 181113e4..72687929 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,15 +1,75 @@ - Announcing Privoxy v.3.0.20 beta + Announcing Privoxy 3.0.21 stable -------------------------------------------------------------------- -This is a beta release that introduces new features and fixes a -couple of bugs. One new feature (tolerate-pipelining) is enabled -in the default configuration, depending on the feedback it may be -disabled in the next release. +Privoxy 3.0.21 stable is a bug-fix release for Privoxy 3.0.20 beta. +It addresses two security issues that affect all previous Privoxy +versions. -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.20 Beta *** +*** Version 3.0.21 stable *** + +- Bug fixes: + - On POSIX-like platforms, network sockets with file descriptor + values above FD_SETSIZE are properly rejected. Previously they + could cause memory corruption in configurations that allowed + the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentially allows malicious sites to trick the user + into providing them with login information. + Reported by Chris John Riley. + - Compiles on OS/2 again now that unistd.h is only included + on platforms that have it. + +- General improvements: + - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. + - A couple of assert()s that could theoretically dereference + NULL pointers in debug builds have been relocated. + - Added an LSB info block to the generic start script. + Based on a patch from Natxo Asenjo. + - The max-client-connections default has been changed to 128 + which should be more than enough for most setups. + +- Action file improvements: + - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which + caused too man false positives. + Reported by u302320 in #360284, additional feedback from Adam Piggott. + - Unblock '.advrider.com/' and '/.*ADVrider'. + Anonymously reported in #3603636. + - Stop blocking '/js/slider\.js'. + Reported by Adam Piggott in #3606635 and _lvm in #2791160. + +- Filter file improvements: + - Added an iframes filter. + +- Documentation improvements: + - The whole GPLv2 text is included in the user manual now, + so Privoxy can serve it itself and the user can read it + without having to wade through GPLv3 ads first. + - Properly numbered and underlined a couple of section titles + in the config that where previously overlooked due to a flaw + in the conversion script. Reported by Ralf Jungblut. + - Improved the support instruction to hopefully make it harder to + unintentionally provide insufficient information when requesting + support. Previously it wasn't obvious that the information we need + in bug reports is usually also required in support requests. + - Removed documentation about packages that haven't been provided + in years. + +- Privoxy-Regression-Test: + - Only log the test number when not running in verbose mode + The position of the test is rarely relevant and it previously + wasn't exactly obvious which one of the numbers was useful to + repeat the test with --test-number. + +- GNUmakefile improvements: + - Factor generate-config-file out of config-file to make testing + more convenient. + - The clean target now also takes care of patch leftovers. + +*** Version 3.0.20 beta *** - Bug fixes: - Client sockets are now properly shutdown and drained before being @@ -68,7 +128,7 @@ ChangeLog for Privoxy intentions. When looking at the response headers alone, it previously wasn't obvious from the client's perspective that no additional responses should be expected. - - Stop considering client sockets tainted after receving a request with body. + - Stop considering client sockets tainted after receiving a request with body. It hasn't been necessary for a while now and unnecessarily causes test failures when using curl's test suite. - Allow HTTP/1.0 clients to signal interest in keep-alive through the @@ -87,7 +147,7 @@ ChangeLog for Privoxy Broken strptime() implementations have caused problems in the past and the most recent offender seems to be FreeBSD's libc (standards/173421). - When filtering is enabled, let Range headers pass if the range starts at - the beginning. This should work around (or at least reduce ) the video + the beginning. This should work around (or at least reduce) the video playback issues with various Apple clients as reported by Duc in #3426305. - Do not confuse a client hanging up with a connection time out. If a client closes its side of the connection without sending a request line, do not @@ -123,7 +183,7 @@ ChangeLog for Privoxy - Block '/openx/www/delivery/'. - Disable fast-redirects for '.googleapis.com/'. - Block 'imp.double.net/'. Reported by David Bo in #3070411. - - Block 'gm-link.com/' whis is used for email tracking. + - Block 'gm-link.com/' which is used for email tracking. Reported by David Bo in #1812733. - Verify that requests to "bwp." are blocked. URL taken from #1736879 submitted by Francois Marier. @@ -230,7 +290,7 @@ ChangeLog for Privoxy - Various data type corrections. - Change visibility of several code segments when compiling without FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity. - - In pcrs_get_delimiter(), do not use delimiters ouside the ASCII range. + - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range. Fixes a clang complaint. - Fix an error message in get_last_url() nobody is supposed to see. Reported by Matthew Fischer in #3507301. @@ -246,7 +306,7 @@ ChangeLog for Privoxy - Let enlist_unique_header() verify that the caller didn't pass a header containing either \r or \n. - Change the hashes used in load_config() to unsigned int. That's what - hash_string() actually returns and using a potentiallly larger type + hash_string() actually returns and using a potentially larger type is at best useless. - Use privoxy_tolower() instead of vanilla tolower() with manual casting of the argument.