- Not enabling limit-connect now allows CONNECT requests to all ports.
In previous versions it would only allow CONNECT requests to port 443.
Use +limit-connect{443} if you think you need the old default behaviour.
+- The CGI editor gets turned off after three edit requests with invalid
+ file modification timestamps. This makes life harder for attackers
+ who can leverage browser bugs to send fake Referers and intend to
+ brute-force edit URLs.
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes