2 File : doc/source/changelog.sgml
4 Purpose : Entity included in other project documents.
6 Copyright (C) 2013-2018 Privoxy Developers https://www.privoxy.org/
9 ======================================================================
10 This file used for inclusion with other documents only.
11 ======================================================================
13 If you make changes to this file, please verify the finished
14 docs all display as intended.
16 This file is included into:
23 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
27 <application>Privoxy 3.0.30</application> fixes a couple of bugs
28 and introduces a few new features.
31 Changes in <application>Privoxy 3.0.30</application> stable:
41 Check the actual URL for redirects when https inspecting requests.
42 Previously Privoxy would only check the path which resulted in
43 rewrite results being rejected as invalid URLs.
44 Reported by withoutname in #1736.
49 Let the hide-referrer code tolerate Referer headers with https:// URLs.
50 Previously they would always be treated like a changed host.
55 Use the https headers if the show-request handler is reached through
56 https://. Previously Privoxy would use the http headers which
57 may be empty on a reused connection.
62 Make CGI_PREFIX protocol-relative when building with FEATURE_HTTPS_INSPECTION.
63 This unbreaks (at least) https://config.privoxy.org/client-tags whose
64 buttons would previously use a http:// URL resulting in browser warnings.
69 Support using https-inspection and client-header-order at the same time.
70 Previously Privoxy would crash.
71 Reported by: Kai Raven
76 Properly reject rewrites from http to https as they currently
77 aren't supported. Previously Privoxy would wait for the client
78 to establish an encrypted connection which obviously would not happen.
83 When https inspection is enabled and Privoxy has been compiled with
84 FEATURE_GRACEFUL_TERMINATION (not recommended for production builds),
85 the TLS backend resources are free'd later on and only if no active
86 connections are left. Prevents crashes when exiting "gracefully" at the
92 Let the uninstall target remove the config file even if DESTDIR
93 is set and properly announce the deletion of the configuration files.
101 General improvements:
105 Allow to rewrite the request destination for https-inspected
106 requests behind the client's back. The documentation already sort
107 of claimed that it was supported by not especially mentioning that
108 it didn't work for https-inspected requests.
109 Fixes SF bug #923 reported by withoutname.
114 Add support for filtering client request bodies by using
115 CLIENT-BODY-FILTER filters which can be enabled with the
116 client-body-filter action.
117 Patch submitted by Maxim Antonov.
118 Sponsored by: Robert Klemme
123 Add the new action suppress-tag{} which can be used to prevent
124 a tagger from adding a tag. Patch submitted by Maxim Antonov.
125 Sponsored by: Robert Klemme
130 Gracefully handle existing website keys without matching certificates.
131 This can happen if Privoxy was previously running with an invalid
132 TLS configuration that didn't allow it to create a certificate.
137 Recycle debug bit 4 for Tagging-related messages.
142 Improve the message shown when the client-tags CGI page
143 is requested with no tags configured.
148 Shorten the 'donate' and 'participate' links used by templates
149 using redirects. Currently the redirects lead to the FAQ entries
150 but in the future we may want to relocate the content and using
151 redirects makes this more convenient.
156 Log an error when a PCRE-HOST-PATTERN is used with
157 FEATURE_PCRE_HOST_PATTERNS disabled. Don't treat this a
158 fatal error so the regression tests can be used with and
159 without FEATURE_PCRE_HOST_PATTERNS.
164 The code compiles with older C compilers again.
169 The chdir() return code is checked to fix a compiler warning.
174 The packages feed has been removed from the source tarball.
175 It's usually out of date when the source tarball is generated
181 Fixed harmless compiler warnings from GCC9 with -D_FORTIFY_SOURCE=2.
186 windows: Remove obsolete '$(DEST)/doc/images' target.
191 windows: Install the images referenced in the user manual.
196 Remove obsolete 'gnu_regex.@OBJEXT@' target.
201 When installing from the GNUMAkefile, don't create an 'images'
202 directory which is no longer used. The images were relocated to
203 the user-manual directory years ago.
208 Add new FEATURES to the show-status page and resort list.
213 Remove unused variable in the OpenSSL-specific code.
218 Update bug tracker URL in cgi_error_unknown().
223 Saved a couple of memory allocations when sorting client headers.
228 Improved a couple of error messages.
233 Saved memory allocations when using OpenSSL and checking if a
239 The configure script will bail out if OpenSSL and mbedTLS are
240 enabled at the same time.
245 Log a message right before exiting gracefully.
250 A couple of structures have been rearranged to require slightly
256 When https inspection is enabled and the certificate is invalid
257 the error message is now sent with status code 403 instead of 200.
262 The Slackware rc script template has been renamed to
263 slackware/rc.privoxy.in to silence complaints when building
269 When building with MbedTLS support, mbedtls_md5_ret() is used
270 instead of mbedtls_md5() which is deprecated and causes a warning
279 Action file improvements:
283 Block requests to eu-tlp03.kameleoon.com/.
288 Unblock metrics.sr.ht/.
293 Disable fast-redirects for .fsf.org/.
298 Disable fast-redirects for .gravater.com/.
303 Disable fast-redirects for .ksta.de/.
308 Block requests to tag.crsspxl.com/.
313 Block requests to analytics.slashdotmedia.com/.
318 Block requests to ml314.com/.
323 Block requests to .adroll.com/.
328 Block requests to fastlane.rubiconproject.com/.
333 Block requests to api.theadex.com/.
338 Block requests to ih.adscale.de/.
343 Block requests to .s400.meetrics.net/.
348 Block requests for pp.lp4.io/.
353 Block requests for trc-events.taboola.com/.
361 Filter file improvements:
365 A allow-autocompletion filter has been added which changes
366 autocomplete="off" to "on" on input fields to allow autocompletion.
367 Requested by Jamie Zawinski in #370.
368 Filter based on a submission by Aaron Linville.
373 Added an imdb filter.
378 Added a sourceforge filter that reduces the amount of ads
379 for proprietary software.
384 Added a github filter that removes the annoying "Sign-Up"
385 banner and the Cookie disclaimer.
390 Removed a duplicated pcrs command from the js-annoyances filter.
395 The crude-parental filter now provides a short reason when blocking,
396 inserts a link to Privoxy's webinterface and adds a new line at
397 the end of the generated page.
409 Highlight a few more messages.
414 Add a handler for tagging messages.
419 Properly deal with 'Certificate error' crunches
420 Previously the error description was highlighted as 'host'.
425 Log truncated LOG_LEVEL_CLF messages more gracefully
426 and note that the statistics will be imprecise.
436 Bump version to 0.9.2.
444 Privoxy-Regression-Test:
448 Use http://127.0.0.1:8118/ as default Privoxy address
449 unless http_proxy is set through the environment.
454 Add a --privoxy-cgi-prefix option that specifies the prefix
455 to use when building URLs that are supposed to reach Privoxy's
456 CGI interface. If it's not set, http://p.p/ is used, which is
457 supposed to work with the default Privoxy configuration.
458 If Privoxy has been built with FEATURE_HTTPS_INSPECTION enabled,
459 and if https inspection is activated with the +https-inspection
460 action, this option can be used with "https://p.p/" provided the
461 system running Privoxy-Regression-Test has been configured to
462 trust the certificate used by Privoxy.
463 Note that there are currently two tests in the official
464 regression-tests.action file that are expected to fail
465 when using "https://p.p/" as privoxy-cgi-prefix.
470 Skip the connection-established response in get_status_code()
471 when looking for the status code with a CGI prefix
472 that starts with https://. We care about the status code
473 sent by the impersonated web server.
478 Use --proxy-header when using a CGI prefix with https://
479 and a "Host:" header.
484 Allow '|' in tokens and values to allow tag patterns like
485 "TAG:^(application|text)/(x-)?javascript$".
490 When get_cgi_page_or_else() fails, include the URL of the
491 requested page in the log message.
496 Added a --check-bad-ssl option that can be used to verify that
497 Privoxy detects certificate problems when accessing the test
498 sites from badssl.com.
503 Bumped version to 0.7.2
515 Update example output.
520 Recommend the use of the https-inspection action in the documentation.
525 Upgrade a couple of URLs to https://.
530 Add ElectroBSD to the list of operating systems.
535 Bumped generated Firefox version to 78 (ESR).
540 Bumped version to 1.2.2.
552 Remove reference to 'How to Report Bugs Effectively'.
553 It was only rendered as text without URL in the README anyway
554 and there's no indication that users read it ...
559 Let the dok-readme target fix the location embedded into the
560 README file. This used to be done by CVS but since the git migration
561 it has to be done through other means.
566 Remove 'experimental' warning for client-specific-tag-related directives.
567 They seem to work reliably and there is no obvious reason
568 why we would change the syntax in the near future.
573 Describe how to check if Privoxy has been built with
574 FEATURE_HTTPS_INSPECTION.
579 Add a link to the trusted-cas-file documentation
580 that explains how the user can create the file herself.
585 Don't explicitly mention the license for the code coming from
586 'Anonymous Coders' and Junkbusters. It's obviously licensed under
587 the GNU GPL like the rest of Privoxy or we wouldn't be allowed to
593 Update the +hide-user-agent example with uagen output.
598 Slightly improve the wording of the ca-key-file documentation.
603 Explicitly mention Windows 10 as supported so search engines and
604 users looking for it can find it.
609 Import a bunch of contributors from the ChangeLog.
614 Remove obsolete doc/gpl.html.
619 Upgrade a couple of links to https://.
624 Don't prefer the SourceForge patch tracker over the
625 privoxy-devel mailing list. While at it, link to the
626 SourceForge patch tracker.
631 Mention http-inspection in the 'my browser warns me about
632 unauthenticated content' FAQ entry.
637 Simplify the 'Is there is a license or fee?' FAQ entry.
642 Add another +redirect{} example.
647 Explicitly mention that interested sponsors should include
648 the link target in their first mail.
653 Clarify that only Privoxy team members can object to new sponsors
654 and link to the list of current team members.
659 Note that sponsor URLs may not contain keyword spam.
664 Garbage collect doc/webserver/images which isn't referenced anymore.
669 Update the method to reach the proxy settings in Firefox.
674 Update proxy_setup.jpg description to refer to Firefox.
679 Regenerate proxy_setup.jpg with a more recent Firefox (78.0).
684 Regenerate files-in-use.jpg without obsolete standard.action
685 with modern colors and a slightly better quality.
690 Update URL to the actionsfile tracker.
695 Update a support request URL.
700 Rephrase the 'Can Privoxy run as service' FAQ entry and
701 remove an obsolete paragraph.
706 Let the 'Where can I get updated Actions Files?' entry link to
707 the gitweb version of default.action.master.
712 Update a link to the default.action file.
717 Update URLs for trackers and mailing lists.
722 Replace CVS reference with git.
727 Mention regression-tests.action in the config file.
732 Explicitly mention in the config file that access to the
733 CA key should be limited to Privoxy.
738 List more client-specific-tag examples for inspiration.
743 Add additional headers to the client-header-order example.
748 Note that actions aren't updated after rewrites.
753 Explicitly mention that upgrading from http to https with
754 a client-header filter is not supported
759 Note that protocol and host have to be added when rewriting
760 the destination host for https-inspected requests.
765 Explicitly mention that the CA key is used to sign certificates.
770 Put openssl command in 'command' tags.
775 The man page has been moved from section 1 to man section 8.
787 Flesh out the build instructions for Debian.
792 Remove the packaging instructions for RPM-based systems.
793 They don't work and we don't release RPM packages anymore anyway.
798 Remove the packaging instructions for Solaris.
799 They don't work and we don't release Solaris packages anymore anyway.
804 Update the suggested subject for the announce mails.
809 Update upload instructions.
810 ftp://upload.sourceforge.net is no longer functional.
815 Remove a couple of package-dependent upload instructions
816 that don't actually work.
821 Remove 'cd current' that no longer works.
826 Add regression-tests.action to the list of files that should be installed.
831 Stop claiming that there are text versions of the manuals.
832 We stopped building them in 2008 (9ed36a3c5e6f12).
837 Note that the 'webserver' target creates the link needed for the user-manual.
842 Suggest to use the master branch as reference when creating
843 the ChangeLog so the steps work when the current branch differs
844 from master which is likely as the developer manual
845 suggests to use a local branch for development.
850 Add the -s flag to the suggested 'git tag' command. We prefer signed tags.
855 Mention that merges into 'master' should be avoided.
860 Add git commands that should result in a merge-free history.
865 Mention Privoxy-Regression-Test.
870 Add a section id to reduce link churn.
875 Recommend the dok-tidy target when building docs for the webserver.
880 Add another plug for the privoxy-devel mailing list.
885 Let the intro link the copyright section in the user manual instead
886 of giving an incomplete summary of the license status.
891 Clarify that the webserver target uploads to the SourceForge webserver.
896 Mark the documentation for the Mac OS X installers as out of date and
897 change the SCM name back to CVS.
902 Fix the location of the installer modules for Mac OS X.
903 They are not actually available through git (yet).
908 Don't speak of Privoxy version 3 in the past tense.
913 Update the list of programs required for the release process.
918 Update description of the webserver target which uses ssh, not scp.
923 Remove obsolete reference to config.new.
935 Add another hide-referrer{conditional-block} test.
940 Add another hide-referrer{conditional-forge} test.
945 Fix a hide-referrer{conditional-forge} test
946 that expected an acceptable header to be forged.
951 Fix a hide-referrer{conditional-block} test
952 that expected an acceptable Referer to be removed.
957 Explain why the "Set Header = Host: whatever.example.org" test is
958 expected to fail when using a CGI prefix that starts with "https://".
963 Explain why a connection-sharing test is known to fail
964 when using "https://p.p/" as CGI prefix.
969 Add a link to Privoxy-Regression-Test to regression-tests.action
970 in case it isn't packaged.
975 Add regression tests for pcre host patterns.
980 Fixed a regression test that is executed when
981 FEATURE_GRACEFUL_TERMINATION is enabled.
989 Privoxy infrastructure:
993 Import a Privoxy logo for the website.
998 Update Tor onion service to HiddenServiceVersion 3.
1003 Display the "model" photos in a single row and remove placeholder images.
1008 Regenerate homepage with updated sponsor list.
1013 Use the '/sponsor' redirect for the link to the sponsor page.
1018 Git commit messages are sent to the Privoxy-commits mailing list.