X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fuser-manual%2Fwhatsnew.html;h=269b847a857051029320711eed3d2fc0c4264d13;hp=26132c33770d43ff82ba72dccd6a7aed668ffa2f;hb=d1c39df48bd2a8953ceb49fdbb370b20f3d89422;hpb=bed127c394abcb5af3b8a33ba39a478aa0d925d7;ds=sidebyside diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html index 26132c33..269b847a 100644 --- a/doc/webserver/user-manual/whatsnew.html +++ b/doc/webserver/user-manual/whatsnew.html @@ -1,371 +1,238 @@ - -
Privoxy 3.0.13 introduces IPv6 support, - improved keep-alive support and a bunch of minor improvements:
Added IPv6 support. Thanks to Petr Pisar who not only provided - the initial patch but also helped a lot with the integration. -
Added client-side keep-alive support. -
The connection sharing code is only used if the connection-sharing - option is enabled. -
The max-client-connections option has been added to restrict - the number of client connections below a value enforced by - the operating system. -
Fixed a regression reintroduced in 3.0.12 that could cause - crashes on mingw32 if header date randomization was enabled. -
Compressed content with extra fields couldn't be decompressed - and would get passed to the client unfiltered. This problem - has only be detected through statical analysis with clang as - nobody seems to be using extra fields anyway. -
If the server resets the Connection after sending only the headers - Privoxy forwards what it got to the client. Previously Privoxy - would deliver an error message instead. -
Error messages in case of connection timeouts use the right - HTTP status code. -
If spawning a child to handle a request fails, the client - gets an error message and Privoxy continues to listen for - new requests right away. -
The error messages in case of server-connection timeouts or - prematurely closed server connections are now template-based. -
If zlib support isn't compiled in, Privoxy no longer tries to - filter compressed content unless explicitly asked to do so. -
In case of connections that are denied based on ACL directives, - the memory used for the client IP is no longer leaked. -
Fixed another small memory leak if the client request times out - while waiting for client headers other than the request line. -
The client socket is kept open until the server socket has - been marked as unused. This should increase the chances that - the still-open connection will be reused for the client's next - request to the same destination. Note that this only matters - if connection-sharing is enabled. -
A TODO list has been added to the source tarballs to give potential - volunteers a better idea of what the current goals are. Donations - are still welcome too: http://www.privoxy.org/faq/general.html#DONATE -
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action has been merged into - the default.action file. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
Privoxy 3.0.23 stable is a bug-fix + release, some of the fixed bugs are security issues (CVE requests + pending):
+ +Bug fixes:
+ +Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled (the + default) they could previously cause Privoxy to abort(). Reported + by Matthew Daley.
+Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid + commands would be loaded without error. Note that Privoxy's pcrs + sources (action and filter files) are considered trustworthy + input and should not be writable by untrusted third-parties.
+Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been + observed.
+Compiles with --disable-force again. Reported by Kay + Raven.
+Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + Reported by Basil Hussain.
+General improvements:
+ +If a pcrs command is rejected as invalid, Privoxy now logs the + cause of the problem as text. Previously the pcrs error code was + logged.
+The tests are less likely to cause false positives.
+Action file improvements:
+ +'.sify.com/' is no longer blocked. Apparently it is not + actually a pure tracking site (anymore?). Reported by Andrew on + ijbswa-users@.
+Unblock banners on .amnesty.de/ which aren't ads.
+Documentation improvements:
+ +The 'Would you like to donate?' section now also contains a + "Paypal" address.
+The list of supported operating systems has been updated.
+The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. Most of + the time the mailing lists still work.
+The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years.
+Explicitly mention that Tor's port may deviate from the + default when using a bundle. Requested by Andrew on + ijbswa-users@.
+A quick list of things to be aware of before upgrading from earlier + versions of Privoxy:
+ +The recommended way to upgrade Privoxy is to backup your old configuration + files, install the new ones, verify that Privoxy is working correctly and finally merge + back your changes using diff and + maybe patch.
+ +There are a number of new features in each Privoxy release and most of them have to be + explicitly enabled in the configuration files. Old configuration + files obviously don't do that and due to syntax changes using old + configuration files with a new Privoxy isn't always possible anyway.
+Note that some installers remove earlier versions completely, + including configuration files, therefore you should really save any + important configuration files!
+On the other hand, other installers don't overwrite existing + configuration files, thinking you will want to do that + yourself.
+In the default configuration only fatal errors are logged now. + You can change that in the debug + section of the configuration file. You may also want to enable + more verbose logging until you verified that the new Privoxy version is working as expected.
+Three other config file settings are now off by default: + enable-remote-toggle, + enable-remote-http-toggle, + and enable-edit-actions. If you + use or want these, you will need to explicitly enable them, and be + aware of the security issues involved.
+