- Announcing Privoxy 3.0.30 stable
+ Announcing Privoxy 3.0.31 stable
--------------------------------------------------------------------
-Privoxy 3.0.30 stable fixes a couple of bugs and introduces
-a few new features.
+Privoxy 3.0.31 fixes two security issues that were discovered while
+preparing the 3.0.30 release. The issues also affect earlier Privoxy
+releases.
+
+--------------------------------------------------------------------
+ChangeLog for Privoxy 3.0.31
+--------------------------------------------------------------------
+- Security/Reliability:
+ - Prevent an assertion from getting triggered by a crafted CGI request.
+ Commit 5bba5b89193fa. OVE-20210130-0001.
+ Reported by: Joshua Rogers (Opera)
+ - Fixed a memory leak when decompression fails "unexpectedly".
+ Commit f431d61740cc0. OVE-20210128-0001.
+
+- Bug fixes:
+ - Fixed detection of insufficient data for decompression.
+ Previously Privoxy could try to decompress a partly
+ uninitialized buffer.
--------------------------------------------------------------------
ChangeLog for Privoxy 3.0.30
the TLS backend resources are free'd later on and only if no active
connections are left. Prevents crashes when exiting "gracefully" at the
wrong time.
+ - Let the uninstall target remove the config file even if DESTDIR
+ is set and properly announce the deletion of the configuration files.
- General improvements:
- Allow to rewrite the request destination for https-inspected
- Add a link to Privoxy-Regression-Test to regression-tests.action
in case it isn't packaged.
- Add regression tests for pcre host patterns.
+ - Fixed a regression test that is executed when
+ FEATURE_GRACEFUL_TERMINATION is enabled.
- Privoxy infrastructure:
- Import a Privoxy logo for the website.
projects / privoxy.git / blobdiff