Privoxy 3.0.16 is a stable release. The changes since 3.0.15 beta are:
Added the config file option handle-as-empty-doc-returns-ok to work around Firefox bug #492459, which causes Firefox to hang if JavaScripts are blocked in certain situations. The option is enabled in the default config file.
Added the config file option default-server-timeout to control the assumed default server timeout. Since Privoxy no longer returns an error message for connection resets on reused client connections, assuming larger server timeout values appears to actually work pretty well as long as connections aren't shared.
Added optional support for FreeBSD's accf_http(9). Use the configure option --enable-accept-filter to enable it.
Added fancier Privoxy icons for win32. Contributed by Jeff H.
In daemon mode, fd 0, 1 and 2 are bound to /dev/null.
Resolve localhost using whatever address family the operating system feels like. Previous betas would try to use IPv4 as this is what most users expect, but this didn't work reliably on GNU/Linux systems.
In the action lists on CGI pages, actions and their parameters are no longer separated with a space. The action file parser doesn't actually allow this and will throw an invalid syntax error if actions and parameters in the action files are separated. Not adding the spaces means copy and pasting CGI output into the action files works.
The default keep-alive timeout has been reduced to 5 seconds to work around hangs in clients that treat the proxy like any other host and stop allowing any new connections if the "maximum number of connections per host" is reached.
Several webbug URLs that look like they are leading to images are now blocked as image instead of empty documents. Doing the latter causes WebKit-based clients to show a "missing image" icon which may mess up the layout.
The no-such-domain template is used for DNS resolution problems with FEATURE_IPV6_SUPPORT enabled. Previously the connect-failed template was used. Reported by 'zebul666'.
Accepts quoted expiration dates even though RFC 2109 10.1.2 doesn't seem to allow them. Reported anonymously.
Don't try to forget connections if connection sharing is disabled. This wasn't a real problem but caused an unnecessary log message.
The still undocumented --enable-extended-host-patterns configure option has a better description.
Fixed an error message that would claim a write to the server failed when actually writing to the client failed.
Log the crunch reason before trying to write to the client. The log is easier to read that way.
Several log messages about client connections also mention the socket number.
handle-as-empty-document no longer depends on the image blocking code being enabled.
Privoxy-Log-Parser is roughly 40% faster in highlighting mode.
uagen, a Firefox User-Agent generator for Privoxy and Mozilla browsers has been imported and is available in the tarball's tools directory.
The scripts in the tools directory treat unknown parameters as fatal errors.
If you missed the previous three beta versions, you may also be interested in the additional changes since 3.0.12, the last stable release:
Added IPv6 support. Thanks to Petr Pisar who not only provided the initial patch but also helped a lot with the integration.
Added client-side keep-alive support.
The connection sharing code is only used if the connection-sharing option is enabled.
The latency is taken into account when evaluating whether or not to reuse a connection. This should significantly reduce the number of connections problems several users reported.
The max-client-connections option has been added to restrict the number of client connections below a value enforced by the operating system.
If the server doesn't specify how long the connection stays alive, Privoxy errs on the safe side of caution and assumes it's only a second.
Setting keep-alive-timeout to 0 disables keep-alive support. Previously Privoxy would claim to allow persistence but not reuse the connection.
Pipelined requests are less likely to be mistaken for the request body of the previous request. Note that Privoxy still has no real pipeline support and will either serialize pipelined requests or drop them in which case the client has to resent them.
Fixed a crash on some Windows versions when header randomization is enabled and the date couldn't be parsed.
Privoxy's keep-alive timeout for the current connection is reduced to the one specified in the client's Keep-Alive header.
For HTTP/1.1 requests, Privoxy implies keep-alive support by not setting any Connection header instead of using 'Connection: keep-alive'.
If the socket isn't reusable, Privoxy doesn't temporarily waste a socket slot to remember the connection.
If keep-alive support is disabled but compiled in, the client's Keep-Alive header is removed.
Fixed a bug on mingw32 where downloading large files failed if keep-alive support was enabled.
Fixed a bug that (at least theoretically) could cause log timestamps to be occasionally off by about a second.
The configure script respects the $PATH variable when searching for groups and id.
Compressed content with extra fields couldn't be decompressed and would get passed to the client unfiltered. This problem has only be detected through statical analysis with clang as nobody seems to be using extra fields anyway.
If the server resets the Connection after sending only the headers Privoxy forwards what it got to the client. Previously Privoxy would deliver an error message instead.
Error messages in case of connection timeouts use the right HTTP status code.
If spawning a child to handle a request fails, the client gets an error message and Privoxy continues to listen for new requests right away.
The error messages in case of server-connection timeouts or prematurely closed server connections are now template-based.
If zlib support isn't compiled in, Privoxy no longer tries to filter compressed content unless explicitly asked to do so.
In case of connections that are denied based on ACL directives, the memory used for the client IP is no longer leaked.
Fixed another small memory leak if the client request times out while waiting for client headers other than the request line.
The client socket is kept open until the server socket has been marked as unused. This should increase the chances that the still-open connection will be reused for the client's next request to the same destination. Note that this only matters if connection-sharing is enabled.
A TODO list has been added to the source tarball to give potential volunteers a better idea of what the current goals are. Donations are still welcome too: http://www.privoxy.org/faq/general.html#DONATE
In case of missing server data, no error message is send to the client if the request arrived on a reused connection. The client is then supposed to silently retry the request without bothering the user. This should significantly reduce the frequency of the "No server or forwarder data received" error message many users reported.
More reliable detection of prematurely closed client sockets with keep-alive enabled.
FEATURE_CONNECTION_KEEP_ALIVE is decoupled from FEATURE_CONNECTION_SHARING and now available on all platforms.
Improved handling of POST requests on reused connections. Should fix problems with stalled connections after submitting form data with some browser configurations.
Fixed various latency calculation issues.
Allows the client to pass NTLM authentication requests to a forwarding proxy. This was already assumed and hinted to work in 3.0.13 beta but actually didn't. Now it's confirmed to work with IE, Firefox and Chrome. Thanks to Francois Botha and Wan-Teh Chang
Fixed a calculation problem if receiving the server headers takes more than two reads, that could cause Privoxy to terminate the connection prematurely. Reported by Oliver.
Compiles again on platforms such as OpenBSD and systems using earlier glibc version that don't support AI_ADDRCONFIG. Anonymously submitted in #2872591.
A bunch of MS VC project files and Suse and Redhat RPM spec files have been removed as they were no longer maintained for quite some time.
Overly long action lines are properly rejected with a proper error message. Previously they would be either rejected as invalid or cause a core dump through abort().
Already timed-out connections are no longer temporarily remembered. They weren't reused anyway, but wasted a socket slot.
len refers to the number of bytes actually read which might differ from the ones received. Adjust log messages accordingly.
The optional JavaScript on the CGI page uses encodeURIComponent() instead of escape() which doesn't encode all characters that matter. Anonymously reported in #2832722.
Fix gcc45 warnings in decompress_iob().
Various log message improvements.
Privoxy-Regression-Test supports redirect tests.
Privoxy-Log-Parser can gather some connection statistics.
A quick list of things to be aware of before upgrading from earlier versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old configuration files, install the new ones, verify that Privoxy is working correctly and finally merge back your changes using diff and maybe patch.
There are a number of new features in each Privoxy release and most of them have to be explicitly enabled in the configuration files. Old configuration files obviously don't do that and due to syntax changes using old configuration files with a new Privoxy isn't always possible anyway.
Note that some installers remove earlier versions completely, including configuration files, therefore you should really save any important configuration files!
On the other hand, other installers don't overwrite existing configuration files, thinking you will want to do that yourself.
standard.action has been merged into the default.action file.
In the default configuration only fatal errors are logged now. You can change that in the debug section of the configuration file. You may also want to enable more verbose logging until you verified that the new Privoxy version is working as expected.
Three other config file settings are now off by default: enable-remote-toggle, enable-remote-http-toggle, and enable-edit-actions. If you use or want these, you will need to explicitly enable them, and be aware of the security issues involved.