X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fannounce.txt;h=da79b5858035aed2cc99eeea7f0309a8c1c655c3;hp=4cdffbbfb48e4ecd7381d105f197343357a7679b;hb=0de72d6db377899ad32731e62bb2778d2c98e012;hpb=859a204ed11c1f887be0849cb76580c7a7b58434 diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 4cdffbbf..da79b585 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,88 +1,153 @@ - Announcing Privoxy v.3.0.11 ------------------------------------------------------------------ - -3.0.11 is a stable release which includes many enhancements but no major -new features. The most prominent new feature is "keep-alive" support for -outgoing connections. + Announcing Privoxy v.3.0.20 beta +-------------------------------------------------------------------- -See http://www.privoxy.org/3.0.11/user-manual/whatsnew.html for details. +This is a beta release that introduces some new features and fixes a number of bugs, some of which are reasonably significant. One new feature (tolerate-pipelining) is enabled by default. See below for details. -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- - -*** Version 3.0.11 *** - -- On most platforms, outgoing connections can be kept alive and - reused if the server supports it. Whether or not this improves - things depends on the connection. -- When dropping privileges, membership in supplementary groups - is given up as well. Not doing that can lead to Privoxy running - with more rights than necessary and violates the principle of - least privilege. Users of the --user option are advised to update. - Thanks to Matthias Drochner for reporting the problem, - providing the initial patch and testing the final version. -- Passing invalid users or groups with the --user option - didn't lead to program exit. Regression introduced in 3.0.7. -- The match all section has been moved from default.action - to a new file called match-all.action. As a result the - default.action no longer needs to be touched by the user - and can be safely overwritten by updates. -- The standard.action file has been removed. Its content - is now part of the default.action file. -- In some situations the logged content length was slightly too low. -- Crunched requests are logged with their own log level. - If you used "debug 1" in the past, you'll probably want - to additionally enable "debug 1024", otherwise only passed - requests will be logged. If you only care about crunched - requests, simply replace "debug 1" with "debug 1024". -- The crunch reason has been moved to the beginning of the - crunch message. For HTTP URLs, the protocol is logged as well. -- Log messages are shortened by printing the thread id on its - own (as opposed to putting it inside the string "Privoxy()"). -- The config option socket-timeout has been added to control - the time Privoxy waits for data to arrive on a socket. -- Support for remote toggling is controlled by the configure - option --disable-toggle only. In previous versions it also - depended on the action editor and thus configuring with the - --disable-editor option would disable remote toggling support - as well. -- Requests with invalid HTTP versions are rejected. -- The template symbol @date@ can be used to include a date(1)-like - time string. Initial patch submitted by Endre Szabo. -- Responses from shoutcast servers are accepted again. - Problem reported and fix suggested by Stefan. -- The hide-forwarded-for-headers action has been replaced with - the change-x-forwarded-for{} action which can also be used to - add X-Forwarded-For headers. The latter functionality already - existed in Privoxy versions prior to 3.0.7 but has been removed - as it was often used unintentionally (by not using the - hide-forwarded-for-headers action). -- A "clear log" view option was added to the mingw32 version - to clear out all of the lines in the Privoxy log window. - Based on a patch submitted by T Ford. -- The mingw32 version uses "critical sections" now, which prevents - log message corruption under load. As a side effect, the - "no thread-safe PRNG" warning could be removed as well. -- The mingw32 version's task bar icon is crossed out and - the color changed to gray if Privoxy is toggled off. +*** Version 3.0.20 Beta *** + +- Bug fixes: + - Client sockets are now properly shutdown and drained before being + closed. This fixes page truncation issues with clients that aggressively + pipeline data on platforms that otherwise discard already written data. + The issue mainly affected Opera users and was initially reported + by Kevin in #3464439, szotsaki provided additional information to track + down the cause. + - Fix latency calculation for shared connections (disabled by default). + It was broken since their introduction in 2009. The calculated latency + for most connections would be 0 in which case the timeout detection + failed to account for the real latency. + - Reject URLs with invalid port. Previously they were parsed incorrectly and + characters between the port number and the first slash were silently + dropped as shown by curl test 187. + - The default-server-timeout and socket-timeout directives accept 0 as + valid value. + - Fix a race condition on Windows that could cause Privoxy to become + unresponsive after toggling it on or off through the taskbar icon. + Reported by Tim H. in #3525694. + - Fix the compilation on Windows when configured without IPv6 support. + - Fix an assertion that could cause debug builds to abort() in case of + socks5 connection failures with "debug 2" enabled. + - Fix an assertion that could cause debug builds to abort() if a filter + contained nul bytes in the replacement text. + +- General improvements: + - Significantly improved keep-alive support for both client and server + connections. + - New debug log level 65536 which logs all actions that were applied to + the request. + - New directive client-header-order to forward client headers in a + different order than the one in which they arrived. + - New directive tolerate-pipelining to allow client-side pipelining. + If enabled (3.0.20 beta enables it by default), Privoxy will keep + pipelined client requests around to deal with them once the current + request has been served. + - New --config-test option to let Privoxy exit after checking whether or not + the configuration seems valid. The limitations noted in TODO #22 and #23 + still apply. Based on a patch by Ramkumar Chinchani. + - New limit-cookie-lifetime{} action to let cookies expire before the end + of the session. Suggested by Rick Sykes in #1049575. + - Increase the hard-coded maximum number of actions and filter files from + 10 to 30 (each). It doesn't significantly affect Privoxy's memory usage + and recompiling wasn't an option for all Privoxy users that reached the + limit. + - Add support for chunk-encoded client request bodies. Previously + chunk-encoded request bodies weren't guaranteed to be forwarded correctly, + so this can also be considered a bug fix although chunk-encoded request + bodies aren't commonly used in the real world. + - Add support for Tor's optimistic-data SOCKS extension, which can reduce the + latency for requests on newly created connections. Currently only the + headers are sent optimistically and only if the client request has already + been read completely which rules out requests with large bodies. + - After preventing the client from pipelining, don't signal keep-alive + intentions. When looking at the response headers alone, it previously + wasn't obvious from the client's perspective that no additional responses + should be expected. + - Stop considering client sockets tainted after receving a request with body. + It hasn't been necessary for a while now and unnecessarily causes test + failures when using curl's test suite. + - Allow HTTP/1.0 clients to signal interest in keep-alive through the + Proxy-Connection header. While such client are rare in the real world, it + doesn't hurt and couple of curl tests rely on it. + - Only remove duplicated Content-Type headers when filters are enabled. + If they are not it doesn't cause ill effects and the user might not want it. + Downgrade the removal message to LOG_LEVEL_HEADER to clarify that it's not + an error in Privoxy and is unlikely to cause any problems in general. + Anonymously reported in #3599335. + - Set the socket option SO_LINGER for the client socket. + - Move several variable declarations to the beginning of their code block. + It's required when compiling with gcc 2.95 which is still used on some + platforms. Initial patch submitted by Simon South in #3564815. + - Optionally try to sanity-check strptime() results before trusting them. + Broken strptime() implementations have caused problems in the past and + the most recent offender seems to be FreeBSD's libc (standards/173421). + - When filtering is enabled, let Range headers pass if the range starts at + the beginning. This should work around (or at least reduce ) the video + playback issues with various Apple clients as reported by Duc in #3426305. + - Do not confuse a client hanging up with a connection time out. If a client + closes its side of the connection without sending a request line, do not + send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, but report the condition + properly. + - Allow closing curly braces as part of action values as long as they are + escaped. + - On Windows, the logfile is now written before showing the GUI error + message which blocks until the user acknowledges it. + Reported by Adriaan in #3593603. + - Remove an unreasonable parameter limit in the CGI interface. The new + parameter limit depends on the memory available and is currently unlikely + to be reachable, due to other limits in both Privoxy and common clients. + Reported by Andrew on ijbswa-users@. + - Decrease the chances of parse failures after requests with unsupported + methods were sent to the CGI interface. + +*** Version 3.0.19 Stable *** + +- Bug fixes: + - Prevent a segmentation fault when de-chunking buffered content. + It could be triggered by malicious web servers if Privoxy was + configured to filter the content and running on a platform + where SIZE_T_MAX isn't larger than UINT_MAX, which probably + includes most 32-bit systems. On those platforms, all Privoxy + versions before 3.0.19 appear to be affected. + To be on the safe side, this bug should be presumed to allow + code execution as proving that it doesn't seems unrealistic. + - Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced + in 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781. + +- General improvements: + - Fix an off-by-one in an error message about connect failures. + - Use a GNUMakefile variable for the webserver root directory and + update the path. Sourceforge changed it which broke various + web-related targets. + - Update the CODE_STATUS description. ----------------------------------------------------------------- About Privoxy: ----------------------------------------------------------------- -Privoxy is a non-caching web proxy with advanced filtering -capabilities for enhancing privacy, modifying web page data, -managing HTTP cookies, controlling access, and removing ads, -banners, pop-ups and other obnoxious Internet junk. Privoxy -has a flexible configuration and can be customized to suit -individual needs and tastes. Privoxy has application for -both stand-alone systems and multi-user networks. +Privoxy is a non-caching web proxy with advanced filtering capabilities for +enhancing privacy, modifying web page data and HTTP headers, controlling +access, and removing ads and other obnoxious Internet junk. Privoxy has a +flexible configuration and can be customized to suit individual needs and +tastes. It has application for both stand-alone systems and multi-user +networks. + +Privoxy is Free Software and licensed under the GNU GPLv2. + +Privoxy is an associated project of Software in the Public Interest (SPI). -Privoxy is based on Internet Junkbuster (tm). +Helping hands and donations are welcome: + + * http://www.privoxy.org/faq/general.html#PARTICIPATE + + * http://www.privoxy.org/faq/general.html#DONATE At present, Privoxy is known to run on Windows(95, 98, ME, 2000, -XP, Vista), Linux (Ubuntu, RedHat, SuSE, Debian, Fedora, Gentoo and +XP, Vista), GNU/Linux (Ubuntu, RedHat, SuSE, Debian, Fedora, Gentoo and others), Mac OSX, OS/2, AmigaOS, FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix. @@ -91,7 +156,12 @@ Privoxy provides many supplemental features, that give the end-user more control, more privacy and more freedom: - * Can keep outgoing connections alive and reuse them later on. + * Supports "Connection: keep-alive". Outgoing connections can be kept + alive independently from the client. Currently not available on all + platforms. + + * Supports IPv6, provided the operating system does so too, + and the configure script detects it. * Supports tagging which allows to change the behaviour based on client and server headers. @@ -109,8 +179,7 @@ more control, more privacy and more freedom: tracing of rule and filter effects. Remote toggling. * Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, pop-up windows, - etc.) + invisible web-bugs and HTML annoyances, etc.) * Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions @@ -119,23 +188,16 @@ more control, more privacy and more freedom: * Support for Perl Compatible Regular Expressions in the configuration files, and a more sophisticated and flexible configuration syntax. - * Improved cookie management features (e.g. session based cookies). - * GIF de-animation. * Bypass many click-tracking scripts (avoids script redirection). - * Multi-threaded (POSIX and native threads). - * User-customizable HTML templates for most proxy-generated pages (e.g. "blocked" page). * Auto-detection and re-reading of config file changes. - - * Improved signal handling, and a true daemon mode (Unix). - * Every feature now controllable on a per-site or per-location basis, - configuration more powerful and versatile over-all. + * Most features are controllable on a per-site or per-location basis. Download location: