From: Fabian Keil Date: Thu, 7 Mar 2013 14:11:11 +0000 (+0000) Subject: Add ChangeLog entry for enable-proxy-authentication-forwarding X-Git-Tag: v_3_0_21~5 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=d00498028d389a06ccbcc099b0c2e2aa3a60b32e;ds=sidebyside Add ChangeLog entry for enable-proxy-authentication-forwarding --- diff --git a/ChangeLog b/ChangeLog index 78b86d5e..5d1df9fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ ChangeLog for Privoxy values above FD_SETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentionally allows malicious sites to trick the user + into providing it with login information. + Reported by Chris John Riley. - Compiles on OS/2 again now that unistd.h is only included on platforms that have it. diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml index e75d284f..9a07f275 100644 --- a/doc/source/changelog.sgml +++ b/doc/source/changelog.sgml @@ -3,7 +3,7 @@ Purpose : Entity included in other project documents. - $Id: changelog.sgml,v 2.3 2013/03/02 14:40:18 fabiankeil Exp $ + $Id: changelog.sgml,v 2.4 2013/03/03 11:25:16 fabiankeil Exp $ Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/ See LICENSE. @@ -22,9 +22,8 @@ Privoxy 3.0.21 stable is a bug-fix release - for Privoxy 3.0.20 beta. It also addresses a security issue that affects - all previous Privoxy versions (on some platforms). The changes since - 3.0.20 beta are: + for Privoxy 3.0.20 beta. It also addresses two security issues that + affect all previous Privoxy versions. The changes since 3.0.20 beta are: