1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
5 <title>What's New in this Release</title>
6 <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
7 <link rel="HOME" title="Privoxy 3.0.33 User Manual" href="index.html">
8 <link rel="PREVIOUS" title="Installation" href="installation.html">
9 <link rel="NEXT" title="Quickstart to Using Privoxy" href="quickstart.html">
10 <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
11 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
12 <link rel="STYLESHEET" type="text/css" href="p_doc.css">
14 <body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink="#840084" alink="#0000FF">
15 <div class="NAVHEADER">
16 <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
18 <th colspan="3" align="center">Privoxy 3.0.33 User Manual</th>
21 <td width="10%" align="left" valign="bottom"><a href="installation.html" accesskey="P">Prev</a></td>
22 <td width="80%" align="center" valign="bottom"></td>
23 <td width="10%" align="right" valign="bottom"><a href="quickstart.html" accesskey="N">Next</a></td>
26 <hr align="left" width="100%">
29 <h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this Release</a></h1>
30 <p><span class="APPLICATION">Privoxy 3.0.33</span> fixes an XSS issue and multiple DoS issues and a couple of other
31 bugs. The issues also affect earlier Privoxy releases. <span class="APPLICATION">Privoxy 3.0.33</span> also comes
32 with a couple of general improvements an new features.</p>
33 <p>Changes in <span class="APPLICATION">Privoxy 3.0.33</span> stable:</p>
39 <p>handle_established_connection(): Skip the poll()/select() calls if TLS data is pending on the server
40 socket. The TLS library may have already consumed all the data from the server response in which case
41 poll() and select() will not detect that data is available to be read. Fixes SF bug #926 reported by Wen
45 <p>continue_https_chat(): Update csp->server_connection.request_sent after sending the request to make
46 sure the latency is calculated correctly. Previously https connections were not reused after timeout
47 seconds after the first request made on the connection.</p>
50 <p>free_pattern_spec(): Don't try to free an invalid pointer when unloading an action file with a TAG
51 pattern while Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS. Closes: SF patch request #147.
52 Patch by Maxim Antonov.</p>
55 <p>Establish the TLS connection with the client earlier and decide how to route the request afterwards.
56 This allows to change the forwarding settings based on information from the https-inspected request, for
60 <p>Adjust build_request_line() to create a CONNECT request line when https-inspecting and forwarding to a
61 HTTP proxy. Fixes SF bug #925 reported by Wen Yue.</p>
64 <p>load_config(): Add a space that was missing in a log message.</p>
69 <p>General improvements:</p>
72 <p>serve(): Close the client socket as well if the server socket for an inspected connection has been
73 closed. Privoxy currently can't establish a new server connection when the client socket is reused and
74 would drop the connection in continue_https_chat() anyway.</p>
77 <p>Don't disable redirect checkers in redirect_url() Disable them in handle_established_connection()
78 instead. Doing it in redirect_url() prevented the +redirect{} and +fast-redirects{} actions from being
79 logged with LOG_LEVEL_ACTIONS.</p>
82 <p>handle_established_connection(): Slightly improve a comment</p>
85 <p>handle_established_connection(): Fix a comment</p>
88 <p>socks5_connect(): Fix indentation.</p>
91 <p>handle_established_connection(): Improve an error message</p>
94 <p>create_pattern_spec(): Fix ifdef indentation</p>
97 <p>Fix comment typos</p>
100 <p>Add a CGI handler for /wpad.dat that returns a Proxy Auto-Configuration (PAC) file. Among other things,
101 it can be used to instruct clients through DHCP to use Privoxy as proxy. For example with the dnsmasq
102 option: dhcp-option=252,http://config.privoxy.org/wpad.dat Initial patch by Richard Schneidt.</p>
105 <p>listen_loop(): When shutting down gracefully, close listening ports before waiting for the threads to
106 exit. Allows to start a second Privoxy with the same config file while the first Privoxy is still
110 <p>Allow to edit the add-header action through the CGI editor by generalizing the code that got added with
111 the suppress-tag action. Closes SF patch request #146. Patch by Maxim Antonov.</p>
114 <p>process_encrypted_request(): Improve a log message The function only processes request headers and there
115 may still be unread request body data left to process.</p>
118 <p>read_http_request_body(): Fix two error messages that used an incorrect variable.</p>
121 <p>chat(): Log the applied actions before deciding how to forward the request.</p>
124 <p>parse_time_header(): Silence a coverity complaint when building without assertions.</p>
127 <p>receive_encrypted_request_headers(): Improve a log message</p>
130 <p>mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy(). Previously the terminating
131 NUL wasn't copied which resulted in a compiler warning. This didn't cause actual problems as the target
132 buffer was initialized by zalloc_or_die() so the last byte of the target buffer was NUL already. Actually
133 copying the terminating NUL seems clearer, though.</p>
136 <p>Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." doesn't return but apparently the compiler
137 doesn't know that. Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]"
141 <p>If the the response is chunk-encoded, ignore the Content-Length header sent by the server. Allows to
142 load https://redmine.lighttpd.net/ with filtering enabled.</p>
145 <p>Store the PEM certificate in a dynamically allocated buffer when https-inspecting. Should prevent errors
146 like: 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383
147 As a bonus it should slightly reduce the memory usage as most certificates are smaller than the previously
148 used fixed buffer. Reported by: Wen Yue</p>
151 <p>Don't log the applied actions in process_encrypted_request() Log them in continue_https_chat() instead
152 to mirror chat(). Prevents the applied actions from getting logged twice for the first request on an
153 https-inspected connection.</p>
156 <p>OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name Org and Org Unit if the real
157 host name is too long to get accepted by OpenSSL. Clients should only care about the Subject Alternative
158 Name anyway and we can continue to use the real host name for it. Reported by Miles Wen on
162 <p>OpenSSL generate_host_certificate(): Fix two error messsages.</p>
165 <p>Improve description of handle_established_connection()</p>
168 <p>OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string.</p>
171 <p>OpenSSL ssl_store_cert(): Remove pointless variable initialization.</p>
174 <p>OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0.</p>
179 <p>Action file improvements:</p>
182 <p>Disable fast-redirects for .microsoftonline.com/.</p>
185 <p>Disable fast-redirects for idp.springer.com/.</p>
188 <p>Disable fast-redirects for .zeit.de/zustimmung</p>
191 <p>Unblock adv-archiv.dfn-cert.de/</p>
194 <p>Block requests to eu-tlp01.kameleoon.eu/</p>
197 <p>Block requests to fpa-events.arstechnica.com/</p>
200 <p>Unblock nlnet.nl/.</p>
203 <p>Unblock adguard.com/.</p>
208 <p>Privoxy-Log-Parser:</p>
211 <p>Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36'</p>
214 <p>Improve documentation for inactivity-detection mode</p>
217 <p>Detect date changes when looking for inactivity</p>
220 <p>Add a --passed-request-statistics-threshold option That can be set to get statistics for requests that
224 <p>Add a "inactivity detection" mode Which can be useful for debugging purposes.</p>
227 <p>Bump version to 0.9.4</p>
230 <p>Only run print_intro() and print_outro() when syntax highlighting</p>
233 <p>Rephrase a sentence in the documentation</p>
236 <p>Highlight 'Client socket 7 is no longer usable. The server socket has been closed.'</p>
239 <p>Clarify --statistics output by explicitly mentioning that the status codes sent by the server may differ
240 from the ones in "debug 512" messages.</p>
243 <p>Fix typo in the --statistics output</p>
246 <p>Remove an unused variable</p>
249 <p>Highlight 'The peer notified us that the connection on socket 11 is going to be closed'</p>
254 <p>Privoxy-Regression-Test:</p>
257 <p>Remove duplicated word in a comment.</p>
262 <p>regression-tests.action:</p>
265 <p>Add fetch test for http://p.p/wpad.dat.</p>
268 <p>Bump for-privoxy-version to 3.0.33 which introduced the wpad.dat support.</p>
271 <p>Add more tests for the '/send-banner' code.</p>
274 <p>Add test for OVE-20210203-0001.</p>
277 <p>Add a test for CVE-2021-20217.</p>
285 <p>Bump generated Firefox version to 91 (ESR)</p>
288 <p>Bump version to 1.2.3</p>
291 <p>Bump copyright</p>
299 <p>configure: Bump SOURCE_DATE_EPOCH.</p>
302 <p>GNUmakefile.in: Fix typo.</p>
305 <p>configure: Add another warning in case --disable-pthread is used while POSIX threads are available.
306 Various features don't even compile when not using threads.</p>
309 <p>Add configure option to enable MemorySanitizer.</p>
312 <p>Add configure option to enable UndefinedBehaviorSanitizer.</p>
315 <p>Add configure option to enable AddressSanitizer.</p>
318 <p>Bump copyright</p>
321 <p>Add a configure option to disable pcre JIT compilation. While JIT compilation makes filtering faster it
322 can cause false-positive valgrind complaints. As reported by Gwyn Ciesla in SF bug 924 it also can cause
323 problems when the SELinux policy does not grant Privoxy "execmem" privileges.</p>
326 <p>configure: Remove obsolete RPM_BASE check</p>
331 <p>Windows build system:</p>
334 <p>Update the build script to use mbed tls version 2.6.11.</p>
337 <p>Update build script to use the final 8.45 pcre library.</p>
340 <p>Put all the '--enable-xxx' options in the configure call together.</p>
345 <p>Documentation:</p>
348 <p>contacting: Remove obsolete reference to announce.sgml.</p>
351 <p>contacting: Request that the browser cache is cleared before producing a log file for submission.</p>
354 <p>Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set.</p>
357 <p>newfeatures: Clarify that https inspection also allows to filter https responses.</p>
360 <p>developer-manual: Mention that announce.txt should be updated when doing a release.</p>
363 <p>config: Explicitly mention that the CGI pages disclosing the ca-password can be blocked and upgrade the
364 disclosure paragraphs to a warning.</p>
367 <p>Put all the requested debug options in the config file. Section 11.1 of the Privoxy user manual lists
368 all the debug options that should be enabled when reporting problems or requesting support. Make it easier
369 for users to do the right thing by having all those options present in the config.</p>
372 <p>Update TODO list item #184 to note that WolfSSL support will (hopefully) appear after the 3.0.34
376 <p>Update max-client-connections's description. On modern systems other than Windows Privoxy should use
377 poll() in which case the FD_SETSIZE value isn't releveant.</p>
380 <p>Add a warning that the socket-timeout does not apply to operations done by TLS libraries</p>
383 <p>Make documentation slightly less "offensive" for some people by avoiding the word "hell".</p>
389 <h2 class="SECT2"><a name="UPGRADERSNOTE" id="UPGRADERSNOTE">3.1. Note to Upgraders</a></h2>
390 <p>A quick list of things to be aware of before upgrading from earlier versions of <span class=
391 "APPLICATION">Privoxy</span>:</p>
394 <p>The recommended way to upgrade <span class="APPLICATION">Privoxy</span> is to backup your old
395 configuration files, install the new ones, verify that <span class="APPLICATION">Privoxy</span> is working
396 correctly and finally merge back your changes using <span class="APPLICATION">diff</span> and maybe
397 <span class="APPLICATION">patch</span>.</p>
398 <p>There are a number of new features in each <span class="APPLICATION">Privoxy</span> release and most of
399 them have to be explicitly enabled in the configuration files. Old configuration files obviously don't do
400 that and due to syntax changes using old configuration files with a new <span class=
401 "APPLICATION">Privoxy</span> isn't always possible anyway.</p>
404 <p>Note that some installers remove earlier versions completely, including configuration files, therefore you
405 should really save any important configuration files!</p>
408 <p>On the other hand, other installers don't overwrite existing configuration files, thinking you will want
409 to do that yourself.</p>
412 <p>In the default configuration only fatal errors are logged now. You can change that in the <a href=
413 "config.html#DEBUG">debug section</a> of the configuration file. You may also want to enable more verbose
414 logging until you verified that the new <span class="APPLICATION">Privoxy</span> version is working as
418 <p>Three other config file settings are now off by default: <a href=
419 "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a>, <a href=
420 "config.html#ENABLE-REMOTE-HTTP-TOGGLE">enable-remote-http-toggle</a>, and <a href=
421 "config.html#ENABLE-EDIT-ACTIONS">enable-edit-actions</a>. If you use or want these, you will need to
422 explicitly enable them, and be aware of the security issues involved.</p>
427 <div class="NAVFOOTER">
428 <hr align="left" width="100%">
429 <table summary="Footer navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
431 <td width="33%" align="left" valign="top"><a href="installation.html" accesskey="P">Prev</a></td>
432 <td width="34%" align="center" valign="top"><a href="index.html" accesskey="H">Home</a></td>
433 <td width="33%" align="right" valign="top"><a href="quickstart.html" accesskey="N">Next</a></td>
436 <td width="33%" align="left" valign="top">Installation</td>
437 <td width="34%" align="center" valign="top"> </td>
438 <td width="33%" align="right" valign="top">Quickstart to Using Privoxy</td>
projects / privoxy.git / blob