<title>What's New in this Release</title>
<meta name="GENERATOR" content=
"Modular DocBook HTML Stylesheet Version 1.79">
- <link rel="HOME" title="Privoxy 3.0.22 User Manual" href="index.html">
+ <link rel="HOME" title="Privoxy 3.0.25 User Manual" href="index.html">
<link rel="PREVIOUS" title="Installation" href="installation.html">
<link rel="NEXT" title="Quickstart to Using Privoxy" href=
"quickstart.html">
<table summary="Header navigation table" width="100%" border="0"
cellpadding="0" cellspacing="0">
<tr>
- <th colspan="3" align="center">Privoxy 3.0.22 User Manual</th>
+ <th colspan="3" align="center">Privoxy 3.0.25 User Manual</th>
</tr>
<tr>
<h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this
Release</a></h1>
- <p><span class="APPLICATION">Privoxy 3.0.22</span> stable is mainly a
- bug-fix release, it also has a couple of new features, though. Note that
- the first two entries in the ChangeLog below refer to security
- issues:</p>
+ <p><span class="APPLICATION">Privoxy 3.0.25</span> beta introduces
+ client-specific tags and includes a couple of minor improvements. It will be
+ followed by a stable release in the near future.</p>
<ul>
<li>
<ul>
<li>
- <p>Fixed a memory leak when rejecting client connections due to
- the socket limit being reached (CID 66382). This affected Privoxy
- 3.0.21 when compiled with IPv6 support (on most platforms this is
- the default).</p>
+ <p>Always use the current toggle state for new requests.
+ Previously new requests on reused connections inherited the
+ toggle state from the previous request even though the toggle
+ state could have changed. Reported by Robert Klemme.</p>
</li>
<li>
- <p>Fixed an immediate-use-after-free bug (CID 66394) and two
- additional unconfirmed use-after-free complaints made by Coverity
- scan (CID 66391, CID 66376).</p>
- </li>
-
- <li>
- <p>Actually show the FORCE_PREFIX value on the show-status
- page.</p>
- </li>
-
- <li>
- <p>Properly deal with Keep-Alive headers with timeout= parameters
- If the timeout still can't be parsed, use the configured timeout
- instead of preventing the client from keeping the connection
- alive. Fixes #3615312/#870 reported by Bernard Guillot.</p>
- </li>
-
- <li>
- <p>Not using any filter files no longer results in warning
- messages unless an action file is referencing header taggers or
- filters. Reported by Stefan Kurtz in #3614835.</p>
- </li>
-
- <li>
- <p>Fixed a bug that prevented Privoxy from reusing some reusable
- connections. Two bit masks with different purpose unintentionally
- shared the same bit.</p>
- </li>
-
- <li>
- <p>A couple of additional bugs were discovered by Coverity Scan.
- The fixes that are not expected to affect users are not
- explicitly mentioned here, for details please have a look at the
- CVS logs.</p>
+ <p>Fixed two buffer-overflows in the (deprecated) static pcre
+ code. These bugs are not considered security issues as the input
+ is trusted. Found with afl-fuzz and ASAN.</p>
</li>
</ul>
</li>
<ul>
<li>
- <p>Introduced negative tag patterns NO-REQUEST-TAG and
- NO-RESPONSE-TAG. They apply if no matching tag is found after
- parsing client or server headers.</p>
+ <p>Added support for client-specific tags which allow Privoxy
+ admins to pre-define tags that are set for all requests from
+ clients that previously opted in through the CGI interface. They
+ are useful in multi-user setups where admins may want to allow
+ users to disable certain actions and filters for themselves
+ without affecting others. In single-user setups they are useful
+ to allow more fine-grained toggling. For example to disable
+ request blocking while still crunching cookies, or to disable
+ experimental filters only. This is an experimental feature, the
+ syntax and behaviour may change in future versions. Sponsored by
+ Robert Klemme.</p>
</li>
<li>
- <p>Add support for external filters which allow to process the
- response body with a script or program written in any language
- the platform supports. External filters are enabled with
- +external-filter{} after they have been defined in one of the
- filter files with a header line starting with "EXTERNAL-FILTER:".
- External filter support is experimental, not compiled by default
- and known not to work on all platforms.</p>
+ <p>Dynamic filters and taggers now support a $listen-address
+ variable which contains the address the request came in on. For
+ external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
+ Original patch contributed by pursievro.</p>
</li>
<li>
- <p>Add support for the 'PATCH' method as defined in RFC5789.</p>
+ <p>Add client-header-tagger 'listen-address'.</p>
</li>
<li>
- <p>Reject requests with unsupported Expect header values. Fixes a
- couple of Co-Advisor tests.</p>
+ <p>Include the listen-address in the log message when logging new
+ requests. Patch contributed by pursievro.</p>
</li>
<li>
- <p>Normalize the HTTP-version in forwarded requests and
- responses. This is an explicit RFC 2616 MUST and RFC 7230
- mandates that intermediaries send their own HTTP-version in
- forwarded messages.</p>
+ <p>Turn invalid max-client-connections values into fatal
+ errors.</p>
</li>
<li>
- <p>Server 'Keep-Alive' headers are no longer forwarded. From a
- user's point of view it doesn't really matter, but RFC 2616
- (obsolete) mandates that the header is removed and this fixes a
- Co-Advisor complaint.</p>
+ <p>The show-status page now shows whether or not dates before
+ 1970 and after 2038 are expected to be handled properly. This is
+ mainly useful for Privoxy-Regression-Test but could also come
+ handy when dealing with time-related support requests.</p>
</li>
<li>
- <p>Change declared template file encoding to UTF-8. The templates
- already used a subset of UTF-8 anyway and changing the
- declaration allows to properly display UTF-8 characters used in
- the action files. This change may require existing action files
- with ISO-8859-1 characters that aren't valid UTF-8 to be
- converted to UTF-8. Requested by Sam Chen in #582.</p>
+ <p>On Mac OS X the thread id in log messages are more likely to
+ be unique now.</p>
</li>
<li>
- <p>Do not pass rejected keep-alive timeouts to the server. It
- might not have caused any problems (we know of), but doing the
- right thing shouldn't hurt either.</p>
+ <p>When complaining about missing filters, the filter type is
+ logged as well.</p>
</li>
<li>
- <p>Let log_error() use its own buffer size #define to make
- changing the log buffer size slightly less inconvenient.</p>
- </li>
-
- <li>
- <p>Turned single-threaded into a "proper" toggle directive with
- arguments.</p>
- </li>
-
- <li>
- <p>CGI templates no longer enforce new windows for some
- links.</p>
- </li>
-
- <li>
- <p>Remove an undocumented workaround ('HOST' header removal) for
- an Apple iTunes bug that according to #729900 got fixed in
- 2003.</p>
+ <p>A couple of harmless coverity warnings were silenced (CID
+ #161202, CID #161203, CID #161211).</p>
</li>
</ul>
</li>
<ul>
<li>
- <p>The pattern 'promotions.' is no longer being blocked. Reported
- by rakista in #3608540.</p>
+ <p>Filtering is disabled for Range requests to let download
+ resumption and Windows updates work with the default
+ configuration.</p>
</li>
<li>
- <p>Disable fast-redirects for .microsofttranslator.com/.</p>
+ <p>Unblock ".ardmediathek.de/". Reported by ThTomate in #932.</p>
</li>
+ </ul>
+ </li>
- <li>
- <p>Disable filter{banners-by-size} for
- .dgb-tagungszentren.de/.</p>
- </li>
+ <li>
+ <p>Documentation improvements:</p>
+ <ul>
<li>
- <p>Add adn.speedtest.net as a site-specific unblocker. Support
- request #3612908.</p>
+ <p>Add FAQ entry for crashes caused by memory limits.</p>
</li>
<li>
- <p>Disable filter{banners-by-size} for creativecommons.org/.</p>
+ <p>Remove obsolete FAQ entry about a bug in PHP 4.2.3.</p>
</li>
<li>
- <p>Block requests to data.gosquared.com/. Reported by cbug in
- #3613653.</p>
+ <p>Mention the new mailing lists were appropriate. As the
+ archives have not been migrated, continue to mention the archives
+ at SF in the contacting section for now.</p>
</li>
<li>
- <p>Unblock .conrad./newsletter/. Reported by David Bo in
- #3614238.</p>
+ <p>Note that the templates should be adjusted if Privoxy is
+ running as intercepting proxy without getting all requests.</p>
</li>
<li>
- <p>Unblock .bundestag.de/.</p>
+ <p>A bunch of links were converted to https://.</p>
</li>
<li>
- <p>Unblock .rote-hilfe.de/.</p>
+ <p>Rephrase onion service paragraph to make it more obvious that
+ Tor is involved and that the whole website (and not just the
+ homepage) is available as onion service.</p>
</li>
<li>
- <p>Disable fast-redirects for .facebook.com/plugins/like.php.</p>
+ <p>Streamline the "More information" section on the homepage
+ further by additionally ditching the link to the 'See also'
+ section of the user manual. The section contains mostly links
+ that are directly reachable from the homepage already and the
+ rest is not significant enough to get a link from the
+ homepage.</p>
</li>
<li>
- <p>Unblock Stackexchange popup URLs that aren't used to serve
- ads. Reported by David Wagner in #3615179.</p>
+ <p>Change the add-header{} example to set the DNT header and use
+ a complete section to make copy and pasting more convenient. Add
+ a comment to make it obvious that adding the header is not
+ recommended for obvious reasons. Using the DNT header as example
+ was suggested by Leo Wzukw.</p>
</li>
<li>
- <p>Disable fast-redirects for creativecommons.org/.</p>
+ <p>Streamline the support-and-service template Instead of linking
+ to the various support trackers (whose URLs hopefully change
+ soon), link to the contact section of the user manual to increase
+ the chances that users actually read it.</p>
</li>
<li>
- <p>Unblock .stopwatchingus.info/.</p>
+ <p>Add a FAQ entry for tainted sockets.</p>
</li>
<li>
- <p>Block requests for .adcash.com/script/. Reported by
- Tyrexionibus in #3615289.</p>
+ <p>More sections in the documentation have stable URLs now.</p>
</li>
<li>
- <p>Disable HTML filters if the response was tagged as JavaScript.
- Filtering JavaScript code with filters intended to deal with HTML
- is usually a waste of time and, more importantly, may break
- stuff.</p>
+ <p>FAQ: Explain why 'ping config.privoxy.org' is not expected to
+ reach a local Privoxy installation.</p>
</li>
<li>
- <p>Use a custom redirect{} for
- .washingtonpost.com/wp-apps/imrs\.php\?src= Previously enabling
- the 'Advanced' settings (or manually enabling +fast-redirects{})
- prevented some images from being loaded properly.</p>
+ <p>Note that donations done through Zwiebelfreunde e.V. currently
+ can't be checked automatically.</p>
</li>
<li>
- <p>Unblock "adina*." Fixes #919 reported by Morton A.
- Goldberg.</p>
+ <p>Updated section regarding starting Privoxy under OS X.</p>
</li>
<li>
- <p>Block '/.*DigiAd'.</p>
+ <p>Use dedicated start instructions for FreeBSD and
+ ElectroBSD.</p>
</li>
<li>
- <p>Unblock 'adele*.'. Reported by Adele Lime in #1663.</p>
+ <p>Removed release instructions for AIX. They haven't been
+ working for years and unsurprisingly nobody seems to care.</p>
</li>
<li>
- <p>Disable banners-by-size for kggp.de/.</p>
+ <p>Removed obsolete reference to the solaris-dist target.</p>
</li>
- </ul>
- </li>
- <li>
- <p>Filter file improvements & bug fixes:</p>
-
- <ul>
<li>
- <p>Decrease the chances that js-annoyances creates invalid
- JavaScript. Submitted by John McGowan on ijbswa-users@.</p>
+ <p>Updated the release instructions for FreeBSD.</p>
</li>
<li>
- <p>Let the msn filter hide 'related' ads again.</p>
+ <p>Removed unfinished release instructions for Amiga OS and HP-UX
+ 11.</p>
</li>
<li>
- <p>Remove a stray '1' in the 'html-annoyances' filter.</p>
+ <p>Added a pointer to the Cygwin Time Machine for getting the
+ last release of Cygwin version 1.5 to use for building Privoxy on
+ Windows.</p>
</li>
<li>
- <p>Prevent img-reorder from messing up img tags with empty src
- attributes. Fixes #880 reported by Duncan.</p>
+ <p>Various typos have been fixed.</p>
</li>
</ul>
</li>
<li>
- <p>Documentation improvements:</p>
+ <p>Infrastructure improvements:</p>
<ul>
<li>
- <p>Updated the 'Would you like to donate?' section.</p>
+ <p>The website is no longer hosted at SourceForge and can be
+ reached through https now.</p>
</li>
<li>
- <p>Note that invalid forward-override{} parameter syntax isn't
- detected until the parameter is used.</p>
+ <p>The mailing lists at SourceForge have been deprecated, you can
+ subscribe to the new ones at: https://lists.privoxy.org/</p>
</li>
<li>
- <p>Add another +redirect{} example: a shortcut for illumos
- bugs.</p>
- </li>
-
- <li>
- <p>Make it more obvious that many operating systems support log
- rotation out of the box.</p>
+ <p>Migrating the remaining services from SourceForge is work in
+ progress (TODO list item #53).</p>
</li>
+ </ul>
+ </li>
- <li>
- <p>Fixed dead links. Reported by Mark Nelson in #3614557.</p>
- </li>
+ <li>
+ <p>Build system improvements:</p>
+ <ul>
<li>
- <p>Rephrased the 'Why is the configuration so complicated?'
- answer to be slightly less condescending. Anonymously suggested
- in #3615122.</p>
+ <p>Add configure argument to optimistically redefine FD_SETSIZE
+ with the intent to change the maximum number of client
+ connections Privoxy can handle. Only works with some libcs.
+ Sponsored by Robert Klemme.</p>
</li>
<li>
- <p>Be more explicit about accept-intercepted-requests's lack of
- MITM support.</p>
+ <p>Let the tarball-dist target skip files in ".git".</p>
</li>
<li>
- <p>Make 'demoronizer' FAQ entries more generic.</p>
+ <p>Let the tarball-dist target work in cwds other than
+ current.</p>
</li>
<li>
- <p>Add an example hostname to the --pre-chroot-nslookup
- description.</p>
+ <p>Make the 'clean' target faster when run from a git
+ repository.</p>
</li>
<li>
- <p>Add an example for a host pattern that matches an IP
- address.</p>
+ <p>Include tools in the generic distribution.</p>
</li>
<li>
- <p>Rename the 'domain pattern' to 'host pattern' as it may
- contain IP addresses as well.</p>
+ <p>Let the gen-dist target work in cwds other than current.</p>
</li>
<li>
- <p>Recommend forward-socks5t when using Tor. It seems to work
- fine and modifying the Tor configuration to profit from it hasn't
- been necessary for a while now.</p>
+ <p>Sort find output that is used for distribution tarballs to get
+ reproducible results.</p>
</li>
<li>
- <p>Add another redirect{} example to stress that redirect loops
- can and should be avoided.</p>
+ <p>Don't add '-src' to the name of the tar ball generated by the
+ gen-dist target. The package isn't a source distribution but a
+ binary package. While at it, use a variable for the name to
+ reduce the chances that the various references get out of sync
+ and fix the gen-upload target which was looking in the wrong
+ directory.</p>
</li>
<li>
- <p>The usual spelling and grammar fixes. Parts of them were
- reported by Reuben Thomas in #3615276.</p>
+ <p>Add regression-tests.action to the files that are
+ distributed.</p>
</li>
<li>
- <p>Mention the PCRS option letters T and D in the filter
- section.</p>
+ <p>The gen-dist target which was broken since 2002 (r1.92) has
+ been fixed.</p>
</li>
<li>
- <p>Clarify that handle-as-empty-doc-returns-ok is still useful
- and will not be removed without replacement.</p>
+ <p>Remove genclspec.sh which has been obsolete since 2009.</p>
</li>
<li>
- <p>Note that security issues shouldn't be reported using the bug
- tracker.</p>
+ <p>Remove obsolete reference to Redhat spec file.</p>
</li>
<li>
- <p>Clarify what Privoxy does if both +block{} and +redirect{}
- apply.</p>
+ <p>Remove the obsolete announce target which has been commented
+ out years ago.</p>
</li>
<li>
- <p>Removed the obsolete bookmarklets section.</p>
+ <p>Let rsync skip files if the checksums match.</p>
</li>
</ul>
</li>
<li>
- <p>Build system improvements:</p>
+ <p>Privoxy-Regression-Test:</p>
<ul>
<li>
- <p>Let --with-group properly deal with secondary groups. Patch
- submitted by Anatoly Arzhnikov in #3615187.</p>
- </li>
-
- <li>
- <p>Fix web-actions target.</p>
+ <p>Add a "Default level offset" directive which can be used to
+ change the default level by a given value. This directive affects
+ all tests located after it until the end of the file or a another
+ "Default level offset" directive is reached. The purpose of this
+ directive is to make it more convenient to skip similar tests in
+ a given file without having to remove or disable the tests
+ completely.</p>
</li>
<li>
- <p>Add a web-faq target that only updates the FAQ on the
- webserver.</p>
+ <p>Let test level 17 depend on FEATURE_64_BIT_TIME_T instead of
+ FEATURE_PTHREAD which has no direct connection to the time_t
+ size.</p>
</li>
<li>
- <p>Remove already-commented-out non-portable DOSFILTER
- alternatives.</p>
+ <p>Fix indentation in perldoc examples.</p>
</li>
<li>
- <p>Remove the obsolete targets dok-put and dok-get.</p>
+ <p>Don't overlook directives in the first line of the action
+ file.</p>
</li>
<li>
- <p>Add a sf-shell target.</p>
+ <p>Bump version to 0.7.</p>
</li>
- </ul>
- </li>
- </ul>
- <ul>
- <li>
- <p>Known bugs:</p>
-
- <ul>
<li>
- <p>To compile with --disable-force you need <a href=
- "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/project.h?r1=1.208&r2=1.209&view=patch"
- target="_top">this patch</a> which didn't make it into the
- release. Thanks to Kai Raven for the report.</p>
+ <p>Fix detection of the Privoxy version now that https:// is used
+ for the website.</p>
</li>
</ul>
</li>