From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 7 Mar 2013 14:28:19 +0000 (+0000)
Subject: Sync the announcement with the ChangeLog
X-Git-Tag: v_3_0_21~1
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=359419f39c3e8372070306fe3dc505ccddff1c15

Sync the announcement with the ChangeLog
---

diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt
index 6e625514..efd91d3f 100644
--- a/doc/webserver/announce.txt
+++ b/doc/webserver/announce.txt
@@ -1,9 +1,9 @@
                Announcing Privoxy 3.0.21 stable
 --------------------------------------------------------------------
 
-This is a bug-fix release for Privoxy 3.0.20 beta. It also addresses
-a security issue that affects all previous Privoxy versions (on some
-platforms).
+Privoxy 3.0.21 stable is a bug-fix release for Privoxy 3.0.20 beta.
+It also addresses two security issues that affect all previous
+Privoxy versions.
 
 --------------------------------------------------------------------
 ChangeLog for Privoxy
@@ -15,6 +15,11 @@ ChangeLog for Privoxy
     values above FD_SETSIZE are properly rejected. Previously they
     could cause memory corruption in configurations that allowed
     the limit to be reached.
+  - Proxy authentication headers are removed unless the new directive
+    enable-proxy-authentication-forwarding is used. Forwarding the
+    headers potentionally allows malicious sites to trick the user
+    into providing them with login information.
+    Reported by Chris John Riley.
   - Compiles on OS/2 again now that unistd.h is only included
     on platforms that have it.