<h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this
Release</a></h1>
- <p><span class="APPLICATION">Privoxy 3.0.21</span> is UNRELEASED. The
- changes since 3.0.20 beta are:</p>
+ <p><span class="APPLICATION">Privoxy 3.0.21</span> stable is a bug-fix
+ release for Privoxy 3.0.20 beta. It also addresses two security issues
+ that affect all previous Privoxy versions. The changes since 3.0.20 beta
+ are:</p>
<ul>
<li>
<p>Bug fixes:</p>
<ul>
+ <li>
+ <p>On POSIX-like platforms, network sockets with file descriptor
+ values above FD_SETSIZE are properly rejected. Previously they
+ could cause memory corruption in configurations that allowed the
+ limit to be reached.</p>
+ </li>
+
+ <li>
+ <p>Proxy authentication headers are removed unless the new
+ directive enable-proxy-authentication-forwarding is used.
+ Forwarding the headers potentionally allows malicious sites to
+ trick the user into providing it with login information. Reported
+ by Chris John Riley.</p>
+ </li>
+
<li>
<p>Compiles on OS/2 again now that unistd.h is only included on
platforms that have it.</p>
<p>Added an LSB info block to the generic start script. Based on
a patch from Natxo Asenjo.</p>
</li>
+
+ <li>
+ <p>The max-client-connections default has been changed to 128
+ which should be more than enough for most setups.</p>
+ </li>
</ul>
</li>
<p>Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously
reported in #3603636.</p>
</li>
+
+ <li>
+ <p>Stop blocking '/js/slider\.js'. Reported by Adam Piggott in
+ #3606635 and _lvm in #2791160.</p>
+ </li>
</ul>
</li>