There are many improvements and new features since Privoxy 3.0.8, the last stable release:
Added SOCKS5 support (with address resolution done by - the SOCKS5 server). Patch provided by Eric M. Hopper. -
The "blocked" CGI pages include a block reason that was - provided as argument to the last-applying block action. -
If enable-edit-actions is disabled (the default since 3.0.7 beta) - the show-status page hides the edit buttons and explains why. - Previously the user would get the "this feature has been disabled" - message after using the edit button. -
Forbidden CONNECT requests are treated like blocks by default. - The now-pointless treat-forbidden-connects-like-blocks action - has been removed. -
Not enabling limit-connect now allows CONNECT requests to all ports. - In previous versions it would only allow CONNECT requests to port 443. - Use +limit-connect{443} if you think you need the old default behaviour. -
The CGI editor gets turned off after three edit requests with invalid - file modification timestamps. This makes life harder for attackers - who can leverage browser bugs to send fake Referers and intend to - brute-force edit URLs. -
Action settings for multiple patterns in the same section are - shared in memory. As a result these sections take up less space - (and are loaded slightly faster). Problem reported by Franz Schwartau. -
Linear white space in HTTP headers will be normalized to single - spaces before parsing the header's content, headers split across - multiple lines get merged first. -
Host information is gathered outside the main thread so it's less - likely to delay other incoming connections if the host is misconfigured. -
New config option "hostname" to use a hostname other than - the one returned by the operating system. Useful to speed-up responses - for CGI requests on misconfigured systems. Requested by Max Khon. -
The CGI editor supports the "disable all filters of this type" - directives "-client-header-filter", "-server-header-filter", - "-client-header-tagger" and "-server-header-tagger". -
Fixed false-positives with the link-by-url filter and URLs that - contain the pattern "/jump/". -
The less-download-windows filter no longer messes - "Content-Type: application/x-shockwave-flash" headers up. -
In the show-url-info page's "Final results" section active and - inactive actions are listed separately. Patch provided by Lee. -
The GNUmakefile supports the DESTDIR variable. Patch for - the install target submitted by Radoslaw Zielinski. -
Embedding the content of configuration files in the show-status - page is significantly faster now. For a largish action file (1 MB) - a speedup of about 2450 times has been measured. This is mostly - interesting if you are using large action files or regularly use - Privoxy-Regression-Test while running Privoxy through Valgrind, - for stock configuration files it doesn't really matter. -
If zlib support is unavailable and there are content - filters active but the prevent-compression action is disabled, - the show-url-info page includes a warning that compression - might prevent filtering. -
The show-url-info page provides an OpenSearch Description that - allows to access the page through browser search plugins. -
The obsolete kill-popups action has been removed as the - PCRS-based popup filters can do the same and are slightly - less unreliable. -
The inspect-jpegs action has been removed. -
The send-wafer and send-vanilla-wafer actions have been removed. - They weren't particular useful and their behaviour could be emulated - with add-header anyway. -
Privoxy-Regression-Test has been significantly improved. -
Most sections in the default.action file contain tests for - Privoxy-Regression-Test to verify that they are working as intended. -
Parts of Privoxy have been refactored to increase maintainability. -
Building with zlib (if available) is done by default. -
Ordinary configuration file changes no longer cause program - termination on OS/2 if the name of the logfile hasn't been - changed as well. This regression probably crept in with the - logging improvements in 3.0.7. Reported by Maynard. -
The img-reorder filter is less likely to mess up JavaScript code in - img tags. Problem and solution reported by Glenn Washburn in #2014552. -
The source tar ball now includes Privoxy-Log-Parser, - a syntax-highlighter for Privoxy logs. Documentation is available - through perldoc(1), for fancy screenshots see: - http://www.fabiankeil.de/sourcecode/privoxy-log-parser/. -
For a more detailed list of changes please have a look at the ChangeLog.
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action now only includes the enabled actions. - Not all actions as before. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
The "filter-client-headers" and - "filter-server-headers" actions that were introduced with - Privoxy 3.0.5 to apply content filters to - the headers have been removed and replaced with new actions. - See the What's New section above. -
Privoxy 3.0.26 changes
+ +Bug fixes:
+ +accept_connection(): Fix crashes with "listen-addr :8118"
+ +After jbsockets.c v1.136 a valid text representation of the + host address is required for the $listen-address variable. If no + host address has been specified, use an empty string to prevent + NULL pointer dereferences.
+ +The problem was reported by Marvin Renich in Debian bug + #834941, the offending commit was tracked down by Roland in SF + Bug #902.
+General improvements:
+ +Log when privoxy is toggled on or off via cgi interface.
+Highlight the "Info: Now toggled " on/off log message in the + windows log viewer.
+Highlight the loading actions/filter file log message in the + windows log viewer.
+Mention client-specific tags on the toggle page as a + potentionally more appropriate alternative.
+Documentation improvements:
+ +Update download section on the homepage. The downloads are + available from the website now.
+Add sponsor FAQ
+Remove obsolete reference to mailing lists hosted at + SourceForge
+Update the "Before the Release" section of the developer + manual.
+Infrastructure improvements:
+ +Add perl script to generate an RSS feed for the packages
+ +Submitted by "Unknown": + https://lists.privoxy.org/pipermail/privoxy-devel/2016-July/000068.html
+Build system improvements:
+ +strptime.h: fix a compiler warning about ambiguous else
+configure.in: Check for Docbook goo on the BSDs as well
+GNUMakefile.in: Let the dok-user target remove temporary + files
+Privoxy 3.0.25 beta introduces + client-specific tags and includes a couple of minor improvements. It will + be followed by a stable release in the near future.
+ +Bug fixes:
+ +Always use the current toggle state for new requests. + Previously new requests on reused connections inherited the + toggle state from the previous request even though the toggle + state could have changed. Reported by Robert Klemme.
+Fixed two buffer-overflows in the (deprecated) static pcre + code. These bugs are not considered security issues as the input + is trusted. Found with afl-fuzz and ASAN.
+General improvements:
+ +Added support for client-specific tags which allow Privoxy + admins to pre-define tags that are set for all requests from + clients that previously opted in through the CGI interface. They + are useful in multi-user setups where admins may want to allow + users to disable certain actions and filters for themselves + without affecting others. In single-user setups they are useful + to allow more fine-grained toggling. For example to disable + request blocking while still crunching cookies, or to disable + experimental filters only. This is an experimental feature, the + syntax and behaviour may change in future versions. Sponsored by + Robert Klemme.
+Dynamic filters and taggers now support a $listen-address + variable which contains the address the request came in on. For + external filters the variable is called $PRIVOXY_LISTEN_ADDRESS. + Original patch contributed by pursievro.
+Add client-header-tagger 'listen-address'.
+Include the listen-address in the log message when logging new + requests. Patch contributed by pursievro.
+Turn invalid max-client-connections values into fatal + errors.
+The show-status page now shows whether or not dates before + 1970 and after 2038 are expected to be handled properly. This is + mainly useful for Privoxy-Regression-Test but could also come + handy when dealing with time-related support requests.
+On Mac OS X the thread id in log messages are more likely to + be unique now.
+When complaining about missing filters, the filter type is + logged as well.
+A couple of harmless coverity warnings were silenced (CID + #161202, CID #161203, CID #161211).
+Action file improvements:
+ +Filtering is disabled for Range requests to let download + resumption and Windows updates work with the default + configuration.
+Unblock ".ardmediathek.de/". Reported by ThTomate in #932.
+Documentation improvements:
+ +Add FAQ entry for crashes caused by memory limits.
+Remove obsolete FAQ entry about a bug in PHP 4.2.3.
+Mention the new mailing lists were appropriate. As the + archives have not been migrated, continue to mention the archives + at SF in the contacting section for now.
+Note that the templates should be adjusted if Privoxy is + running as intercepting proxy without getting all requests.
+A bunch of links were converted to https://.
+Rephrase onion service paragraph to make it more obvious that + Tor is involved and that the whole website (and not just the + homepage) is available as onion service.
+Streamline the "More information" section on the homepage + further by additionally ditching the link to the 'See also' + section of the user manual. The section contains mostly links + that are directly reachable from the homepage already and the + rest is not significant enough to get a link from the + homepage.
+Change the add-header{} example to set the DNT header and use + a complete section to make copy and pasting more convenient. Add + a comment to make it obvious that adding the header is not + recommended for obvious reasons. Using the DNT header as example + was suggested by Leo Wzukw.
+Streamline the support-and-service template Instead of linking + to the various support trackers (whose URLs hopefully change + soon), link to the contact section of the user manual to increase + the chances that users actually read it.
+Add a FAQ entry for tainted sockets.
+More sections in the documentation have stable URLs now.
+FAQ: Explain why 'ping config.privoxy.org' is not expected to + reach a local Privoxy installation.
+Note that donations done through Zwiebelfreunde e.V. currently + can't be checked automatically.
+Updated section regarding starting Privoxy under OS X.
+Use dedicated start instructions for FreeBSD and + ElectroBSD.
+Removed release instructions for AIX. They haven't been + working for years and unsurprisingly nobody seems to care.
+Removed obsolete reference to the solaris-dist target.
+Updated the release instructions for FreeBSD.
+Removed unfinished release instructions for Amiga OS and HP-UX + 11.
+Added a pointer to the Cygwin Time Machine for getting the + last release of Cygwin version 1.5 to use for building Privoxy on + Windows.
+Various typos have been fixed.
+Infrastructure improvements:
+ +The website is no longer hosted at SourceForge and can be + reached through https now.
+The mailing lists at SourceForge have been deprecated, you can + subscribe to the new ones at: https://lists.privoxy.org/
+Migrating the remaining services from SourceForge is work in + progress (TODO list item #53).
+Build system improvements:
+ +Add configure argument to optimistically redefine FD_SETSIZE + with the intent to change the maximum number of client + connections Privoxy can handle. Only works with some libcs. + Sponsored by Robert Klemme.
+Let the tarball-dist target skip files in ".git".
+Let the tarball-dist target work in cwds other than + current.
+Make the 'clean' target faster when run from a git + repository.
+Include tools in the generic distribution.
+Let the gen-dist target work in cwds other than current.
+Sort find output that is used for distribution tarballs to get + reproducible results.
+Don't add '-src' to the name of the tar ball generated by the + gen-dist target. The package isn't a source distribution but a + binary package. While at it, use a variable for the name to + reduce the chances that the various references get out of sync + and fix the gen-upload target which was looking in the wrong + directory.
+Add regression-tests.action to the files that are + distributed.
+The gen-dist target which was broken since 2002 (r1.92) has + been fixed.
+Remove genclspec.sh which has been obsolete since 2009.
+Remove obsolete reference to Redhat spec file.
+Remove the obsolete announce target which has been commented + out years ago.
+Let rsync skip files if the checksums match.
+Privoxy-Regression-Test:
+ +Add a "Default level offset" directive which can be used to + change the default level by a given value. This directive affects + all tests located after it until the end of the file or a another + "Default level offset" directive is reached. The purpose of this + directive is to make it more convenient to skip similar tests in + a given file without having to remove or disable the tests + completely.
+Let test level 17 depend on FEATURE_64_BIT_TIME_T instead of + FEATURE_PTHREAD which has no direct connection to the time_t + size.
+Fix indentation in perldoc examples.
+Don't overlook directives in the first line of the action + file.
+Bump version to 0.7.
+Fix detection of the Privoxy version now that https:// is used + for the website.
+A quick list of things to be aware of before upgrading from earlier + versions of Privoxy:
+ +The recommended way to upgrade Privoxy is to backup your old configuration + files, install the new ones, verify that Privoxy is working correctly and finally merge + back your changes using diff and + maybe patch.
+ +There are a number of new features in each Privoxy release and most of them have to be + explicitly enabled in the configuration files. Old configuration + files obviously don't do that and due to syntax changes using old + configuration files with a new Privoxy isn't always possible anyway.
+Note that some installers remove earlier versions completely, + including configuration files, therefore you should really save any + important configuration files!
+On the other hand, other installers don't overwrite existing + configuration files, thinking you will want to do that + yourself.
+In the default configuration only fatal errors are logged now. + You can change that in the debug + section of the configuration file. You may also want to enable + more verbose logging until you verified that the new Privoxy version is working as expected.
+Three other config file settings are now off by default: + enable-remote-toggle, + enable-remote-http-toggle, + and enable-edit-actions. If you + use or want these, you will need to explicitly enable them, and be + aware of the security issues involved.
+