+ <p>Added experimental https inspection support which allows to filter https traffic. To enable it, install
+ MbedTLS and configure with --with-mbedtls, or install OpenSSL or LibreSSL and configure with
+ --with-openssl. Afterwards configure the directives in section 7 of the config file and enable the
+ +https-inspection action. Initial MbedTLS-based code contributed by Vaclav Svec, initial OpenSSL support
+ contributed by Maxim Antonov. With help from Nedzad Hrnjica and Ho+ Ho+ Ho+. Integration and improvements
+ sponsored by Robert Klemme.</p>
+ </li>
+ <li>
+ <p>pcrs: Request JIT compilation if it's supported and the filter isn't dynamic. This can speed up
+ filtering.</p>
+ </li>
+ <li>
+ <p>Added support for Brotli decompression. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Added FEATURE_EXTENDED_STATISTICS to gather statistics for block reasons and filter executions. To
+ enable it, configure with --enable-extended-statistics and visit http://config.privoxy.org/show-status.
+ Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Use the IP_FREEBIND socket option, if defined. This allows Privoxy to bind to not-yet assigned IP
+ addresses which is useful in failover environments. Patch by Sam Varshavchik.</p>
+ </li>
+ <li>
+ <p>Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended
+ host patterns with "PCRE-HOST-PATTERN:". To enable this, configure with --enable-pcre-host-patterns.
+ Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Added "Cross-origin resource sharing" (CORS) support. This allows to access Privoxy's CGI interface via
+ JavaScript from another domain (white-listed with the new cors-allowed-origin directive). Based on a patch
+ by Nedzad Hrnjica. Sponsored by: Robert Klemme.</p>
+ </li>
+ <li>
+ <p>Add SOCKS5 username/password support. Based on a patch by Sam, improved by Ivan Romanov. Closes
+ Patch#141 and solves TODO#105.</p>
+ </li>
+ <li>
+ <p>Bump the maximum number of action and filter files to 100 each. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fixed handling of filters with "split-large-forms 1" when using the CGI editor. Reported by withoutname
+ in #921.</p>
+ </li>
+ <li>
+ <p>Better detect a mismatch of connection details when figuring out whether or not a connection can be
+ reused.</p>
+ </li>
+ <li>
+ <p>Don't send a "Connection failure" message instead of the "DNS failure" message. Sponsored by: Robert
+ Klemme</p>
+ </li>
+ <li>
+ <p>Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted requests were only logged with
+ LOG_LEVEL_REQUEST when they weren't crunched (in which case they were logged with LOG_LEVEL_CRUNCH). This
+ was documented behaviour, but logging all requests seems more useful.</p>
+ </li>
+ <li>
+ <p>Fixed locking around localtime() and gmtime().</p>
+ </li>
+ <li>
+ <p>Removed OS/2 support. We haven't provided OS/2 packages in years, it complicated the code and it
+ depended on a fallback snprintf() implementation which is GPLv2 only.</p>
+ </li>
+ <li>
+ <p>Remove the fallback snprintf() implementation Now that OS/2 support is gone we no longer need it.</p>
+ </li>
+ <li>
+ <p>Fixed a bunch of format specifiers log messages.</p>
+ </li>
+ <li>
+ <p>Added a missing apostrophe in the 'More Privoxy' menu.</p>
+ </li>
+ <li>
+ <p>Explicitly prevent use of FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE. It makes no
+ sense and does not compile anyway. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fix build without FEATURE_CONNECTION_KEEP_ALIVE. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Downgrade the 'Graceful termination requested' message to LOG_LEVEL_INFO as it isn't an error. Sponsored
+ by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER While at it, fix a typo in a
+ comment. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fixed a couple of cppcheck warnings.</p>
+ </li>
+ <li>
+ <p>Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST. Only the shadow knows what "GPC" is supposed to stand
+ for.</p>
+ </li>
+ <li>
+ <p>Remove SourceForge references in copyright headers.</p>
+ </li>
+ <li>
+ <p>Upgrade a bunch of links to the homepage to https://.</p>
+ </li>
+ <li>
+ <p>Add 'no-brotli-accepted' filter which prevents the use of Brotli compression.</p>
+ </li>
+ <li>
+ <p>Changed license for pcrs to GPLv2+ after getting the permission from Andreas. This allows to
+ redistribute Privoxy under the GPLv3 which is required when linking to future mbedTLS versions which are
+ expected to be licensed under the Apache 2.0 license only.</p>
+ </li>
+ <li>
+ <p>Updated a bunch of tests that have to expect status code 403 now after r1.168/070e904afa5.</p>
+ </li>
+ <li>
+ <p>Lowercase the host name in the request line.</p>
+ </li>
+ <li>
+ <p>Only set SOURCE_DATE_EPOCH if it's not already set so distributions can overwrite it through the
+ environment.</p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>Documentation changes:</p>
+ <ul>
+ <li>
+ <p>Explain that Privoxy has to be distributed under the GPLv3 (or later) when linked with an MbedTLS
+ version that is licensed under the Apache 2.0 license.</p>
+ </li>
+ <li>
+ <p>Import the GNU GPLv3 and include it the user manual.</p>
+ </li>
+ <li>
+ <p>Clarify FEATURE_FORCE_LOAD's description. It allows to bypass blocking not filtering and only does it if
+ blocks aren't enforced. Reported by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors As of 2021 they no longer handle
+ donations for foreign organisations due to lack of resources.</p>
+ </li>
+ <li>
+ <p>FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.</p>
+ </li>
+ <li>
+ <p>FAQ: Add a link to the TODO list.</p>
+ </li>
+ <li>
+ <p>FAQ: Change the sponsor amounts to USD slightly rounding the converted amounts up to get simple numbers.
+ Receiving USD is apparently easier for SPI and SPI is preferred by sponsors as they can send invoices.</p>
+ </li>
+ <li>
+ <p>Advertise the client-tags CGI page in the user manual.</p>
+ </li>
+ <li>
+ <p>Stop advertising the show-version CGI page which no longer exists.</p>
+ </li>
+ <li>
+ <p>Add yet another reason why +prevent-compression may cause problems.</p>
+ </li>
+ <li>
+ <p>Don't claim that contributors need ssh. It's only needed for committers.</p>
+ </li>
+ <li>
+ <p>Replace obsolete CVS instructions with Git instructions.</p>
+ </li>
+ <li>
+ <p>Remove an obsolete comment</p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>Config file changes:</p>
+ <ul>
+ <li>
+ <p>Change the suggested default-server-timeout to 5 to match the suggested keep-alive-timeout. Otherwise
+ using the defaults would result in Privoxy reducing the default-server-timeout and logging an error
+ message. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Update the 'debug 1' description.</p>
+ </li>
+ <li>
+ <p>Add a missing 'client-specific-tag' directive.</p>