*** Since 3.0.8 ***
- Added SOCKS5 support. Patch provided by Eric M. Hopper.
+- The "blocked" CGI pages include a block reason that was
+ provided as argument to the last-applying block action.
- If enable-edit-actions is disabled (the default since 3.0.7 beta)
the show-status page hides the edit buttons and explains why.
Previously the user would get the "this feature has been disabled"
message after using the edit button.
+- Forbidden CONNECT requests are treated like blocks by default.
+ The now-pointless treat-forbidden-connects-like-blocks action
+ has been removed.
+- Not enabling limit-connect now allows CONNECT requests to all ports.
+ In previous versions it would only allow CONNECT requests to port 443.
+ Use +limit-connect{443} if you think you need the old default behaviour.
+- The CGI editor gets turned off after three edit requests with invalid
+ file modification timestamps. This makes life harder for attackers
+ who can leverage browser bugs to send fake Referers and intend to
+ brute-force edit URLs.
+- The CGI editor supports the "disable all filters of this type"
+ directives "-client-header-filter", "-server-header-filter",
+ "-client-header-tagger" and "-server-header-tagger".
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes