Privoxy 3.0.15 beta is a bug-fix release - for the previous beta. The changes since 3.0.14 are:
In case of missing server data, no error message is send to the - client if the request arrived on a reused connection. The client - is then supposed to silently retry the request without bothering - the user. This should significantly reduce the frequency of the - "No server or forwarder data received" error message many users - reported. -
More reliable detection of prematurely closed client sockets - with keep-alive enabled. -
FEATURE_CONNECTION_KEEP_ALIVE is decoupled from - FEATURE_CONNECTION_SHARING and now available on - all platforms. -
Improved handling of POST requests on reused connections. - Should fix problems with stalled connections after submitting - form data with some browser configurations. -
Fixed various latency calculation issues. -
Allows the client to pass NTLM authentication requests to a - forwarding proxy. This was already assumed and hinted to work - in 3.0.13 beta but actually didn't. Now it's confirmed to work - with IE, Firefox and Chrome. - Thanks to Francois Botha and Wan-Teh Chang -
Fixed a calculation problem if receiving the server headers - takes more than two reads, that could cause Privoxy to terminate - the connection prematurely. Reported by Oliver. -
Compiles again on platforms such as OpenBSD and systems - using earlier glibc version that don't support AI_ADDRCONFIG. - Anonymously submitted in #2872591. -
A bunch of MS VC project files and Suse and Redhat RPM spec - files have been removed as they were no longer maintained for - quite some time. -
Overly long action lines are properly rejected with a proper - error message. Previously they would be either rejected as - invalid or cause a core dump through abort(). -
Already timed-out connections are no longer temporarily remembered. - They weren't reused anyway, but wasted a socket slot. -
len refers to the number of bytes actually read which might - differ from the ones received. Adjust log messages accordingly. -
The optional JavaScript on the CGI page uses encodeURIComponent() - instead of escape() which doesn't encode all characters that matter. - Anonymously reported in #2832722. -
Fix gcc45 warnings in decompress_iob(). -
Various log message improvements. -
Privoxy-Regression-Test supports redirect tests. -
Privoxy-Log-Parser can gather some connection statistics. -
If you missed the previous two beta versions, you may also be - interested in the additional changes since 3.0.12, the - last stable release:
Added IPv6 support. Thanks to Petr Pisar who not only provided - the initial patch but also helped a lot with the integration. -
Added client-side keep-alive support. -
The connection sharing code is only used if the connection-sharing - option is enabled. -
The latency is taken into account when evaluating whether or not to - reuse a connection. This should significantly reduce the number of - connections problems several users reported. -
The max-client-connections option has been added to restrict - the number of client connections below a value enforced by - the operating system. -
If the server doesn't specify how long the connection stays alive, - Privoxy errs on the safe side of caution and assumes it's only a second. -
Setting keep-alive-timeout to 0 disables keep-alive support. Previously - Privoxy would claim to allow persistence but not reuse the connection. -
Pipelined requests are less likely to be mistaken for the request - body of the previous request. Note that Privoxy still has no real - pipeline support and will either serialize pipelined requests or - drop them in which case the client has to resent them. -
Fixed a crash on some Windows versions when header randomization - is enabled and the date couldn't be parsed. -
Privoxy's keep-alive timeout for the current connection is reduced - to the one specified in the client's Keep-Alive header. -
For HTTP/1.1 requests, Privoxy implies keep-alive support by not - setting any Connection header instead of using 'Connection: keep-alive'. -
If the socket isn't reusable, Privoxy doesn't temporarily waste - a socket slot to remember the connection. -
If keep-alive support is disabled but compiled in, the client's - Keep-Alive header is removed. -
Fixed a bug on mingw32 where downloading large files failed if - keep-alive support was enabled. -
Fixed a bug that (at least theoretically) could cause log - timestamps to be occasionally off by about a second. -
The configure script respects the $PATH variable when searching - for groups and id. -
Compressed content with extra fields couldn't be decompressed - and would get passed to the client unfiltered. This problem - has only be detected through statical analysis with clang as - nobody seems to be using extra fields anyway. -
If the server resets the Connection after sending only the headers - Privoxy forwards what it got to the client. Previously Privoxy - would deliver an error message instead. -
Error messages in case of connection timeouts use the right - HTTP status code. -
If spawning a child to handle a request fails, the client - gets an error message and Privoxy continues to listen for - new requests right away. -
The error messages in case of server-connection timeouts or - prematurely closed server connections are now template-based. -
If zlib support isn't compiled in, Privoxy no longer tries to - filter compressed content unless explicitly asked to do so. -
In case of connections that are denied based on ACL directives, - the memory used for the client IP is no longer leaked. -
Fixed another small memory leak if the client request times out - while waiting for client headers other than the request line. -
The client socket is kept open until the server socket has - been marked as unused. This should increase the chances that - the still-open connection will be reused for the client's next - request to the same destination. Note that this only matters - if connection-sharing is enabled. -
A TODO list has been added to the source tarballs to give potential - volunteers a better idea of what the current goals are. Donations - are still welcome too: http://www.privoxy.org/faq/general.html#DONATE -
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action has been merged into - the default.action file. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
Privoxy 3.0.22 stable is mainly a + bug-fix release, it also has a couple of new features, though. Note that + the first two entries in the ChangeLog below refer to security + issues:
+ +Bug fixes:
+ +Fixed a memory leak when rejecting client connections due to + the socket limit being reached (CID 66382). This affected Privoxy + 3.0.21 when compiled with IPv6 support (on most platforms this is + the default).
+Fixed an immediate-use-after-free bug (CID 66394) and two + additional unconfirmed use-after-free complaints made by Coverity + scan (CID 66391, CID 66376).
+Actually show the FORCE_PREFIX value on the show-status + page.
+Properly deal with Keep-Alive headers with timeout= parameters + If the timeout still can't be parsed, use the configured timeout + instead of preventing the client from keeping the connection + alive. Fixes #3615312/#870 reported by Bernard Guillot.
+Not using any filter files no longer results in warning + messages unless an action file is referencing header taggers or + filters. Reported by Stefan Kurtz in #3614835.
+Fixed a bug that prevented Privoxy from reusing some reusable + connections. Two bit masks with different purpose unintentionally + shared the same bit.
+A couple of additional bugs were discovered by Coverity Scan. + The fixes that are not expected to affect users are not + explicitly mentioned here, for details please have a look at the + CVS logs.
+General improvements:
+ +Introduced negative tag patterns NO-REQUEST-TAG and + NO-RESPONSE-TAG. They apply if no matching tag is found after + parsing client or server headers.
+Add support for external filters which allow to process the + response body with a script or program written in any language + the platform supports. External filters are enabled with + +external-filter{} after they have been defined in one of the + filter files with a header line starting with "EXTERNAL-FILTER:". + External filter support is experimental, not compiled by default + and known not to work on all platforms.
+Add support for the 'PATCH' method as defined in RFC5789.
+Reject requests with unsupported Expect header values. Fixes a + couple of Co-Advisor tests.
+Normalize the HTTP-version in forwarded requests and + responses. This is an explicit RFC 2616 MUST and RFC 7230 + mandates that intermediaries send their own HTTP-version in + forwarded messages.
+Client 'Keep-Alive' headers are no longer forwarded. From a + user's point of view it doesn't really matter, but RFC 2616 + (obsolete) mandates that the header is removed and this fixes a + Co-Advisor complaint.
+Change declared template file encoding to UTF-8. The templates + already used a subset of UTF-8 anyway and changing the + declaration allows to properly display UTF-8 characters used in + the action files. This change may require existing action files + with ISO-8859-1 characters that aren't valid UTF-8 to be + converted to UTF-8. Requested by Sam Chen in #582.
+Do not pass rejected keep-alive timeouts to the server. It + might not have caused any problems (we know of), but doing the + right thing shouldn't hurt either.
+Let log_error() use its own buffer size #define to make + changing the log buffer size slightly less inconvenient.
+Turned single-threaded into a "proper" toggle directive with + arguments.
+CGI templates no longer enforce new windows for some + links.
+Remove an undocumented workaround ('HOST' header removal) for + an Apple iTunes bug that according to #729900 got fixed in + 2003.
+Action file improvements:
+ +The pattern 'promotions.' is no longer being blocked. Reported + by rakista in #3608540.
+Disable fast-redirects for .microsofttranslator.com/.
+Disable filter{banners-by-size} for + .dgb-tagungszentren.de/.
+Add adn.speedtest.net as a site-specific unblocker. Support + request #3612908.
+Disable filter{banners-by-size} for creativecommons.org/.
+Block requests to data.gosquared.com/. Reported by cbug in + #3613653.
+Unblock .conrad./newsletter/. Reported by David Bo in + #3614238.
+Unblock .bundestag.de/.
+Unblock .rote-hilfe.de/.
+Disable fast-redirects for .facebook.com/plugins/like.php.
+Unblock Stackexchange popup URLs that aren't used to serve + ads. Reported by David Wagner in #3615179.
+Disable fast-redirects for creativecommons.org/.
+Unblock .stopwatchingus.info/.
+Block requests for .adcash.com/script/. Reported by + Tyrexionibus in #3615289.
+Disable HTML filters if the response was tagged as JavaScript. + Filtering JavaScript code with filters intended to deal with HTML + is usually a waste of time and, more importantly, may break + stuff.
+Use a custom redirect{} for + .washingtonpost.com/wp-apps/imrs\.php\?src= Previously enabling + the 'Advanced' settings (or manually enabling +fast-redirects{}) + prevented some images from being loaded properly.
+Unblock "adina*." Fixes #919 reported by Morton A. + Goldberg.
+Block '/.*DigiAd'.
+Unblock 'adele*.'. Reported by Adele Lime in #1663.
+Disable banners-by-size for kggp.de/.
+Filter file improvements & bug fixes:
+ +Decrease the chances that js-annoyances creates invalid + JavaScript. Submitted by John McGowan on ijbswa-users@.
+Let the msn filter hide 'related' ads again.
+Remove a stray '1' in the 'html-annoyances' filter.
+Prevent img-reorder from messing up img tags with empty src + attributes. Fixes #880 reported by Duncan.
+Documentation improvements:
+ +Updated the 'Would you like to donate?' section.
+Note that invalid forward-override{} parameter syntax isn't + detected until the parameter is used.
+Add another +redirect{} example: a shortcut for illumos + bugs.
+Make it more obvious that many operating systems support log + rotation out of the box.
+Fixed dead links. Reported by Mark Nelson in #3614557.
+Rephrased the 'Why is the configuration so complicated?' + answer to be slightly less condescending. Anonymously suggested + in #3615122.
+Be more explicit about accept-intercepted-requests's lack of + MITM support.
+Make 'demoronizer' FAQ entries more generic.
+Add an example hostname to the --pre-chroot-nslookup + description.
+Add an example for a host pattern that matches an IP + address.
+Rename the 'domain pattern' to 'host pattern' as it may + contain IP addresses as well.
+Recommend forward-socks5t when using Tor. It seems to work + fine and modifying the Tor configuration to profit from it hasn't + been necessary for a while now.
+Add another redirect{} example to stress that redirect loops + can and should be avoided.
+The usual spelling and grammar fixes. Parts of them were + reported by Reuben Thomas in #3615276.
+Mention the PCRS option letters T and D in the filter + section.
+Clarify that handle-as-empty-doc-returns-ok is still useful + and will not be removed without replacement.
+Note that security issues shouldn't be reported using the bug + tracker.
+Clarify what Privoxy does if both +block{} and +redirect{} + apply.
+Removed the obsolete bookmarklets section.
+Build system improvements:
+ +Let --with-group properly deal with secondary groups. Patch + submitted by Anatoly Arzhnikov in #3615187.
+Fix web-actions target.
+Add a web-faq target that only updates the FAQ on the + webserver.
+Remove already-commented-out non-portable DOSFILTER + alternatives.
+Remove the obsolete targets dok-put and dok-get.
+Add a sf-shell target.
+A quick list of things to be aware of before upgrading from earlier + versions of Privoxy:
+ +The recommended way to upgrade Privoxy is to backup your old configuration + files, install the new ones, verify that Privoxy is working correctly and finally merge + back your changes using diff and + maybe patch.
+ +There are a number of new features in each Privoxy release and most of them have to be + explicitly enabled in the configuration files. Old configuration + files obviously don't do that and due to syntax changes using old + configuration files with a new Privoxy isn't always possible anyway.
+Note that some installers remove earlier versions completely, + including configuration files, therefore you should really save any + important configuration files!
+On the other hand, other installers don't overwrite existing + configuration files, thinking you will want to do that + yourself.
+In the default configuration only fatal errors are logged now. + You can change that in the debug + section of the configuration file. You may also want to enable + more verbose logging until you verified that the new Privoxy version is working as expected.
+Three other config file settings are now off by default: + enable-remote-toggle, + enable-remote-http-toggle, + and enable-edit-actions. If you + use or want these, you will need to explicitly enable them, and be + aware of the security issues involved.
+