There are many improvements and new features since There are only a few improvements and new features since + Privoxy 3.0.8Privoxy 3.0.10, the last stable release:
Added SOCKS5 support (with address resolution done by - the SOCKS5 server). Patch provided by Eric M. Hopper. +> On most platforms, outgoing connections can be kept alive and + reused if the server supports it. Whether or not this improves + things depends on the connection.
The "blocked" CGI pages include a block reason that was - provided as argument to the last-applying block action. +> When dropping privileges, membership in supplementary groups + is given up as well. Not doing that can lead to Privoxy running + with more rights than necessary and violates the principle of + least privilege. Users of the --user option are advised to update. + Thanks to Matthias Drochner for reporting the problem, + providing the initial patch and testing the final version.
If enable-edit-actions is disabled (the default since 3.0.7 beta) - the show-status page hides the edit buttons and explains why. - Previously the user would get the "this feature has been disabled" - message after using the edit button. +> Passing invalid users or groups with the --user option + didn't lead to program exit. Regression introduced in 3.0.7.
Forbidden CONNECT requests are treated like blocks by default. - The now-pointless treat-forbidden-connects-like-blocks action - has been removed. +> The match all section has been moved from default.action + to a new file called match-all.action. As a result the + default.action no longer needs to be touched by the user + and can be safely overwritten by updates.
Not enabling limit-connect now allows CONNECT requests to all ports. - In previous versions it would only allow CONNECT requests to port 443. - Use +limit-connect{443} if you think you need the old default behaviour. +> The standard.action file has been removed. Its content + is now part of the default.action file.
The CGI editor gets turned off after three edit requests with invalid - file modification timestamps. This makes life harder for attackers - who can leverage browser bugs to send fake Referers and intend to - brute-force edit URLs. +> In some situations the logged content length was slightly too low.
Action settings for multiple patterns in the same section are - shared in memory. As a result these sections take up less space - (and are loaded slightly faster). Problem reported by Franz Schwartau. +> Crunched requests are logged with their own log level. + If you used "debug 1" in the past, you'll probably want + to additionally enable "debug 1024", otherwise only passed + requests will be logged. If you only care about crunched + requests, simply replace "debug 1" with "debug 1024".
Linear white space in HTTP headers will be normalized to single - spaces before parsing the header's content, headers split across - multiple lines get merged first. +> The crunch reason has been moved to the beginning of the + crunch message. For HTTP URLs, the protocol is logged as well.
Host information is gathered outside the main thread so it's less - likely to delay other incoming connections if the host is misconfigured. +> Log messages are shortened by printing the thread id on its + own (as opposed to putting it inside the string "Privoxy()").
New config option "hostname" to use a hostname other than - the one returned by the operating system. Useful to speed-up responses - for CGI requests on misconfigured systems. Requested by Max Khon. +> The config option socket-timeout has been added to control + the time Privoxy waits for data to arrive on a socket.
The CGI editor supports the "disable all filters of this type" - directives "-client-header-filter", "-server-header-filter", - "-client-header-tagger" and "-server-header-tagger". +> Support for remote toggling is controlled by the configure + option --disable-toggle only. In previous versions it also + depended on the action editor and thus configuring with the + --disable-editor option would disable remote toggling support + as well.
Fixed false-positives with the link-by-url filter and URLs that - contain the pattern "/jump/". +> Requests with invalid HTTP versions are rejected.
The less-download-windows filter no longer messes - "Content-Type: application/x-shockwave-flash" headers up. +> The template symbol @date@ can be used to include a date(1)-like + time string. Initial patch submitted by Endre Szabo.
In the show-url-info page's "Final results" section active and - inactive actions are listed separately. Patch provided by Lee. +> Responses from shoutcast servers are accepted again. + Problem reported and fix suggested by Stefan.
The GNUmakefile supports the DESTDIR variable. Patch for - the install target submitted by Radoslaw Zielinski. +> The hide-forwarded-for-headers action has been replaced with + the change-x-forwarded-for{} action which can also be used to + add X-Forwarded-For headers. The latter functionality already + existed in Privoxy versions prior to 3.0.7 but has been removed + as it was often used unintentionally (by not using the + hide-forwarded-for-headers action).
Embedding the content of configuration files in the show-status - page is significantly faster now. For a largish action file (1 MB) - a speedup of about 2450 times has been measured. This is mostly - interesting if you are using large action files or regularly use - Privoxy-Regression-Test while running Privoxy through Valgrind, - for stock configuration files it doesn't really matter. +> A "clear log" view option was added to the mingw32 version + to clear out all of the lines in the Privoxy log window. + Based on a patch submitted by T Ford.
If zlib support is unavailable and there are content - filters active but the prevent-compression action is disabled, - the show-url-info page includes a warning that compression - might prevent filtering. +> The mingw32 version uses "critical sections" now, which prevents + log message corruption under load. As a side effect, the + "no thread-safe PRNG" warning could be removed as well.
The show-url-info page provides an OpenSearch Description that - allows to access the page through browser search plugins. -
The obsolete kill-popups action has been removed as the - PCRS-based popup filters can do the same and are slightly - less unreliable. -
The inspect-jpegs action has been removed. -
The send-wafer and send-vanilla-wafer actions have been removed. - They weren't particular useful and their behaviour could be emulated - with add-header anyway. -
Privoxy-Regression-Test has been significantly improved. -
Most sections in the default.action file contain tests for - Privoxy-Regression-Test to verify that they are working as intended. -
Parts of Privoxy have been refactored to increase maintainability. -
Building with zlib (if available) is done by default. +> The mingw32 version's task bar icon is crossed out and + the color changed to gray if Privoxy is toggled off.
For a more detailed list of changes please have a look at the ChangeLog.
This release marks a departure for Privoxy development.Previously, odd numbered releases were considered beta versions and + were only released at the end of the development cycle when the code + was already believed to be stable. Usually it was, so the stable release + contained pretty much the same code, but got a higher version number. + In the future we intend to release several snapshots between stable releases. + There will probably still be about two stable releases per year, + but hopefully about six snapshots instead of the two betas we have now. + The intentions is to make testing without CVS access easier.
The "filter-client-headers" and - "filter-server-headers" actions that were introduced with - Privoxy 3.0.5 to apply content filters to - the headers have been removed and replaced with new actions. - See the What's New section above. -