+ <p><span class="APPLICATION">Privoxy 3.0.19</span> is a stable release.
+ The changes since 3.0.18 stable are:</p>
+
+ <ul>
+ <li>
+ <p>Bug fixes:</p>
+
+ <ul>
+ <li>
+ <p>Prevent a segmentation fault when de-chunking buffered
+ content. It could be triggered by malicious web servers if
+ Privoxy was configured to filter the content and running on a
+ platform where SIZE_T_MAX isn't larger than UINT_MAX, which
+ probably includes most 32-bit systems. On those platforms, all
+ Privoxy versions before 3.0.19 appear to be affected. To be on
+ the safe side, this bug should be presumed to allow code
+ execution as proving that it doesn't seems unrealistic.</p>
+ </li>
+
+ <li>
+ <p>Do not expect a response from the SOCKS4/4A server until it
+ got something to respond to. This regression was introduced in
+ 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+ Reported by qqqqqw in #3459781.</p>
+ </li>
+ </ul>
+ </li>
+
+ <li>
+ <p>General improvements:</p>
+
+ <ul>
+ <li>
+ <p>Fix an off-by-one in an error message about connect
+ failures.</p>
+ </li>
+
+ <li>
+ <p>Use a GNUMakefile variable for the webserver root directory
+ and update the path. Sourceforge changed it which broke various
+ web-related targets.</p>
+ </li>
+
+ <li>
+ <p>Update the CODE_STATUS description.</p>
+ </li>
+ </ul>
+ </li>
+ </ul>
+
+ <p>The following changes were made between 3.0.17 and 3.0.18:</p>