X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Fwhatsnew.html;h=954b9e589b553edbc83d38d601a1a7c72ab380df;hb=3b9bf106047d2b580f7406652b27035c865a274d;hp=c8799f0d801719c0ad07158688e92718efb86917;hpb=3eabce711503c99e93ad129326b4183e99dd254d;p=privoxy.git diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html index c8799f0d..954b9e58 100644 --- a/doc/webserver/user-manual/whatsnew.html +++ b/doc/webserver/user-manual/whatsnew.html @@ -1,485 +1,329 @@ - -
There are many improvements and new features since Privoxy 3.0.6, the last stable release:
Two new actions server-header-tagger - and client-header-tagger - that can be used to create arbitrary "tags" - based on client and server headers. - These "tags" can then subsequently be used - to control the other actions used for the current request, - greatly increasing Privoxy's flexibility and selectivity. See tag patterns for more information on tags. -
Header filtering is done with dedicated header filters now. As a result - the actions "filter-client-headers" and "filter-server-headers" - that were introduced with Privoxy 3.0.5 to apply - content filters to the headers have been removed. - See the new actions server-header-filter - and client-header-filter for details. -
There are four new options for the main config file: -
allow-cgi-request-crunching - which allows requests for Privoxy's internal CGI pages to be - blocked, redirected or (un)trusted like ordinary requests. -
split-large-forms - that will work around a browser bug that caused IE6 and IE7 to - ignore the Submit button on the Privoxy's edit-actions-for-url CGI - page. -
accept-intercepted-requests - which allows to combine Privoxy with any packet filter to create an - intercepting proxy for HTTP/1.1 requests (and for HTTP/1.0 requests - with Host header set). This means clients can be forced to use - Privoxy even if their proxy settings are configured differently. -
templdir - to designate an alternate location for Privoxy's - locally customized CGI templates so that - these are not overwritten during upgrades. -
A new command line option --pre-chroot-nslookup hostname to - initialize the resolver library before chroot'ing. On some systems this - reduces the number of files that must be copied into the chroot tree. - (Patch provided by Stephen Gildea) -
The forward-override action - allows changing of the forwarding settings through the actions files. - Combined with tags, this allows to choose the forwarder based on - client headers like the User-Agent, or the request origin. -
The redirect action can now use regular - expression substitutions against the original URL. -
zlib support is now available as a compile - time option to filter compressed content. Patch provided by Wil Mahan. -
Improve various filters, and add new ones. -
Include support for RFC 3253 so that Subversion works - with Privoxy. Patch provided by Petr Kadlec. -
Logging can be completely turned off by not specifying a logfile directive. -
A number of improvements to Privoxy's internal CGI pages, including the - use of favicons for error and control pages. -
Many bugfixes, memory leaks addressed, code improvements, and logging - improvements. -
For a more detailed list of changes please have a look at the ChangeLog.
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action now only includes the enabled actions. - Not all actions as before. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
The "filter-client-headers" and - "filter-server-headers" actions that were introduced with - Privoxy 3.0.5 to apply content filters to - the headers have been removed and replaced with new actions. - See the What's New section above. -
Privoxy 3.0.34 fixes a few minor bugs and comes with a couple of general + improvements and new features.
+Changes in Privoxy 3.0.34 stable:
+Bug fixes:
+Improve the handling of chunk-encoded responses by buffering the data even if filters are disabled and + properly keeping track of where the various chunks are supposed to start and end. Previously Privoxy would + merely check the last bytes received to see if they looked like the last-chunk. This failed to work if the + last-chunk wasn't received in one read and could also result in actual data being misdetected as + last-chunk. Should fix: SF support request #1739. Reported by: withoutname.
+remove_chunked_transfer_coding(): Refuse to de-chunk invalid data Previously the data could get + corrupted even further. Now we simply pass the unmodified data to the client.
+gif_deanimate(): Tolerate multiple image extensions in a row. This allows to deanimate all the gifs on: + https://commons.wikimedia.org/wiki/Category:Animated_smilies Fixes SF bug #795 reported by Celejar.
+OpenSSL generate_host_certificate(): Use X509_get_subject_name() instead of X509_get_issuer_name() to + get the issuer for generated website certificates so there are no warnings in the browser when using an + intermediate CA certificate instead of a self-signed root certificate. Problem reported and patch submitted + by Chakib Benziane.
+can_filter_request_body(): Fix a log message that contained a spurious u.
+handle_established_connection(): Check for pending TLS data from the client before checking if data is + available on the connection. The TLS library may have already consumed all the data from the client + response in which case poll() and select() will not detect that data is available to be read. Sponsored by: + Robert Klemme.
+ssl_send_certificate_error(): Don't crash if there's no certificate information available. This is only + relevant when Privoxy is built with wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL + versions or the other TLS backends don't seem to trigger the crash.
+socks5_connect(): Add support for target hosts specified as IPv4 address Previously the IP address was + sent as domain.
+General improvements:
+Add a client-body-tagger action which creates tags based on the content of the request body. Sponsored + by: Robert Klemme.
+When client-body filters are enabled, buffer the whole request before opening a connection to the + server. Makes it less likely that the server connection times out and we don't open a connection if the + buffering fails anyway. Sponsored by: Robert Klemme.
+Add periods to a couple of log messages.
+accept_connection(): Add missing space to a log message.
+Initialize ca-related defaults with strdup_or_die() so errors aren't silently ignored.
+make_path: Use malloc_or_die() in cases where allocation errors were already fatal anyway.
+handle_established_connection(): Improve an error message slightly.
+receive_client_request(): Reject https URLs without CONNECT request.
+Include all requests in the statistics if mutexes are available. Previously in case of reused + connections only the last request got counted. The statistics still aren't perfect but it's an + improvement.
+Add read_socks_reply() and start using it in socks5_connect() to apply the socket timeout more + consistently.
+socks5_connect(): Deal with domain names in the socks reply
+Add a filter for bundeswehr.de that hides the cookie and privacy info banner.
+Action file improvements:
+Disable filter{banners-by-size} for .freiheitsfoo.de/.
+Disable filter{banners-by-size} for freebsdfoundation.org/.
+Disable fast-redirects for consent.youtube.com/.
+Block requests to ups.xplosion.de/.
+Block requests for elsa.memoinsights.com/t.
+Fix a typo in a test.
+Disable fast-redirects for launchpad.net/.
+Unblock .eff.org/.
+Stop unblocking .org/.*(image|banner) which appears to be too generous The example URL + http://www.gnu.org/graphics/gnu-head-banner.png is already unblocked due to .gnu.org being unblocked.
+Unblock adfd.org/.
+Disable filter{banners-by-link} for .eff.org/.
+Block requests to odb.outbrain.com/.
+Disable fast-redirects for .gandi.net/.
+Disable fast-redirects{} for .onion/.*/status/.
+Disable fast-redirects{} for twitter.com/.*/status/.
+Unblock pinkstinks.de/.
+Disable fast-redirects for .hagalil.com/.
+Privoxy-Log-Parser:
+Bump version to 0.9.5.
+Highlight more log messages.
+Highlight the Crunch reason only once. Previously the "crunch reason" could also be highlighted when the + URL contained a matching string. The real crunch reason only occurs once per line, so there's no need to + continue looking for it after it has been found once. While at it, add a comment with an example log + line.
+uagen:
+Bump version to 1.2.4.
+Update BROWSER_VERSION and BROWSER_REVISION to 102.0 to match the User-Agent of the current Firefox + ESR.
+Explicitly document that changing the 'Gecko token' is suspicious.
+Consistently use a lower-case 'c' as copyright symbol.
+Bump copyright.
+Add 'aarch64' as Linux architecture.
+Add OpenBSD architecture 'arm64'.
+Stop using sparc64 as FreeBSD architecture. It hasn't been supported for a while now.
+Build system:
+Makefile: Add a 'dok' target that depends on the 'error' target to show the "You are not using GNU make + or did nor run configure" message.
+configure: Fix --with-msan option. Also (probably) reported by Andrew Savchenko.
+macOS build system:
+Enable HTTPS inspection when building the macOS binary (using OpenSSL as TLS library).
+Documentation:
+Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license in which case the + linked Privoxy binary has to be distributed under the GPLv3 or later.
+config: Fix the documented ca-directory default value. Reported by avoidr.
+Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
+Update developer manual with new macOS packaging instructions.
+Note that the FreeBSD installation instructions work for ElectroBSD as well.
+Note that FreeBSD/ElectroBSD users can try to install Privoxy as binary package using 'pkg'.
+A quick list of things to be aware of before upgrading from earlier versions of Privoxy:
+The recommended way to upgrade Privoxy is to backup your old + configuration files, install the new ones, verify that Privoxy is working + correctly and finally merge back your changes using diff and maybe + patch.
+There are a number of new features in each Privoxy release and most of + them have to be explicitly enabled in the configuration files. Old configuration files obviously don't do + that and due to syntax changes using old configuration files with a new Privoxy isn't always possible anyway.
+Note that some installers remove earlier versions completely, including configuration files, therefore you + should really save any important configuration files!
+On the other hand, other installers don't overwrite existing configuration files, thinking you will want + to do that yourself.
+In the default configuration only fatal errors are logged now. You can change that in the debug section of the configuration file. You may also want to enable more verbose + logging until you verified that the new Privoxy version is working as + expected.
+Three other config file settings are now off by default: enable-remote-toggle, enable-remote-http-toggle, and enable-edit-actions. If you use or want these, you will need to + explicitly enable them, and be aware of the security issues involved.
+