1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
5 <title>What's New in this Release</title>
6 <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
7 <link rel="HOME" title="Privoxy 3.0.29 User Manual" href="index.html">
8 <link rel="PREVIOUS" title="Installation" href="installation.html">
9 <link rel="NEXT" title="Quickstart to Using Privoxy" href="quickstart.html">
10 <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
11 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
12 <link rel="STYLESHEET" type="text/css" href="p_doc.css">
14 <body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink="#840084" alink="#0000FF">
15 <div class="NAVHEADER">
16 <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
18 <th colspan="3" align="center">Privoxy 3.0.29 User Manual</th>
21 <td width="10%" align="left" valign="bottom"><a href="installation.html" accesskey="P">Prev</a></td>
22 <td width="80%" align="center" valign="bottom"></td>
23 <td width="10%" align="right" valign="bottom"><a href="quickstart.html" accesskey="N">Next</a></td>
26 <hr align="left" width="100%">
29 <h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this Release</a></h1>
30 <p><span class="APPLICATION">Privoxy 3.0.29</span> fixes a couple of memory leaks and introduces https inspection
31 which allows to filter encrypted requests and responses.</p>
32 <p>Changes in <span class="APPLICATION">Privoxy 3.0.29</span> stable:</p>
35 <p>Security/Reliability:</p>
38 <p>Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out
39 of memory. Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001. Sponsored by: Robert Klemme</p>
42 <p>Fixed a memory leak in the show-status CGI handler when no action files are configured. Commit
43 c62254a686. OVE-20201118-0002. Sponsored by: Robert Klemme</p>
46 <p>Fixed a memory leak in the show-status CGI handler when no filter files are configured. Commit
47 1b1370f7a8a. OVE-20201118-0003. Sponsored by: Robert Klemme</p>
50 <p>Fixes a memory leak when client tags are active. Commit 245e1cf32. OVE-20201118-0004. Sponsored by:
54 <p>Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error.
55 Commit 5cfb7bc8fe. OVE-20201118-0005.</p>
58 <p>Prevent an unlikely dereference of a NULL-pointer that could result in a crash if
59 accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header
60 and a memory allocation failed. Commit 7530132349. CID 267165. OVE-20201118-0006.</p>
63 <p>Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations
64 fail. Commit cf5640eb2a. CID 267168. OVE-20201118-0007.</p>
67 <p>Fixed memory leaks in the show-status CGI handler when memory allocations fail. Commit 064eac5fd0 and
68 commit fdee85c0bf3. CID 305233. OVE-20201118-0008.</p>
73 <p>General improvements:</p>
76 <p>Added experimental https inspection support which allows to filter https traffic. To enable it, install
77 MbedTLS and configure with --with-mbedtls, or install OpenSSL or LibreSSL and configure with
78 --with-openssl. Afterwards configure the directives in section 7 of the config file and enable the
79 +https-inspection action. Initial MbedTLS-based code contributed by Vaclav Svec, initial OpenSSL support
80 contributed by Maxim Antonov. With help from Nedzad Hrnjica and Ho+ Ho+ Ho+. Integration and improvements
81 sponsored by Robert Klemme.</p>
84 <p>pcrs: Request JIT compilation if it's supported and the filter isn't dynamic. This can speed up
88 <p>Added support for Brotli decompression. Sponsored by: Robert Klemme</p>
91 <p>Added FEATURE_EXTENDED_STATISTICS to gather statistics for block reasons and filter executions. To
92 enable it, configure with --enable-extended-statistics and visit http://config.privoxy.org/show-status.
93 Sponsored by: Robert Klemme</p>
96 <p>Use the IP_FREEBIND socket option, if defined. This allows Privoxy to bind to not-yet assigned IP
97 addresses which is useful in failover environments. Patch by Sam Varshavchik.</p>
100 <p>Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended
101 host patterns with "PCRE-HOST-PATTERN:". To enable this, configure with --enable-pcre-host-patterns.
102 Sponsored by: Robert Klemme</p>
105 <p>Added "Cross-origin resource sharing" (CORS) support. This allows to access Privoxy's CGI interface via
106 JavaScript from another domain (white-listed with the new cors-allowed-origin directive). Based on a patch
107 by Nedzad Hrnjica. Sponsored by: Robert Klemme.</p>
110 <p>Add SOCKS5 username/password support. Based on a patch by Sam, improved by Ivan Romanov. Closes
111 Patch#141 and solves TODO#105.</p>
114 <p>Bump the maximum number of action and filter files to 100 each. Sponsored by: Robert Klemme</p>
117 <p>Fixed handling of filters with "split-large-forms 1" when using the CGI editor. Reported by withoutname
121 <p>Better detect a mismatch of connection details when figuring out whether or not a connection can be
125 <p>Don't send a "Connection failure" message instead of the "DNS failure" message. Sponsored by: Robert
129 <p>Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted requests were only logged with
130 LOG_LEVEL_REQUEST when they weren't crunched (in which case they were logged with LOG_LEVEL_CRUNCH). This
131 was documented behaviour, but logging all requests seems more useful.</p>
134 <p>Fixed locking around localtime() and gmtime().</p>
137 <p>Removed OS/2 support. We haven't provided OS/2 packages in years, it complicated the code and it
138 depended on a fallback snprintf() implementation which is GPLv2 only.</p>
141 <p>Remove the fallback snprintf() implementation Now that OS/2 support is gone we no longer need it.</p>
144 <p>Fixed a bunch of format specifiers log messages.</p>
147 <p>Added a missing apostrophe in the 'More Privoxy' menu.</p>
150 <p>Explicitly prevent use of FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE. It makes no
151 sense and does not compile anyway. Sponsored by: Robert Klemme</p>
154 <p>Fix build without FEATURE_CONNECTION_KEEP_ALIVE. Sponsored by: Robert Klemme</p>
157 <p>Downgrade the 'Graceful termination requested' message to LOG_LEVEL_INFO as it isn't an error. Sponsored
158 by: Robert Klemme</p>
161 <p>decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER While at it, fix a typo in a
162 comment. Sponsored by: Robert Klemme</p>
165 <p>Fixed a couple of cppcheck warnings.</p>
168 <p>Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST. Only the shadow knows what "GPC" is supposed to stand
172 <p>Remove SourceForge references in copyright headers.</p>
175 <p>Upgrade a bunch of links to the homepage to https://.</p>
178 <p>Add 'no-brotli-accepted' filter which prevents the use of Brotli compression.</p>
181 <p>Changed license for pcrs to GPLv2+ after getting the permission from Andreas. This allows to
182 redistribute Privoxy under the GPLv3 which is required when linking to future mbedTLS versions which are
183 expected to be licensed under the Apache 2.0 license only.</p>
186 <p>Updated a bunch of tests that have to expect status code 403 now after r1.168/070e904afa5.</p>
189 <p>Lowercase the host name in the request line.</p>
192 <p>Only set SOURCE_DATE_EPOCH if it's not already set so distributions can overwrite it through the
198 <p>Documentation changes:</p>
201 <p>Explain that Privoxy has to be distributed under the GPLv3 (or later) when linked with an MbedTLS
202 version that is licensed under the Apache 2.0 license.</p>
205 <p>Import the GNU GPLv3 and include it the user manual.</p>
208 <p>Clarify FEATURE_FORCE_LOAD's description. It allows to bypass blocking not filtering and only does it if
209 blocks aren't enforced. Reported by: Robert Klemme</p>
212 <p>FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors As of 2021 they no longer handle
213 donations for foreign organisations due to lack of resources.</p>
216 <p>FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.</p>
219 <p>FAQ: Add a link to the TODO list.</p>
222 <p>FAQ: Change the sponsor amounts to USD slightly rounding the converted amounts up to get simple numbers.
223 Receiving USD is apparently easier for SPI and SPI is preferred by sponsors as they can send invoices.</p>
226 <p>Advertise the client-tags CGI page in the user manual.</p>
229 <p>Stop advertising the show-version CGI page which no longer exists.</p>
232 <p>Add yet another reason why +prevent-compression may cause problems.</p>
235 <p>Don't claim that contributors need ssh. It's only needed for committers.</p>
238 <p>Replace obsolete CVS instructions with Git instructions.</p>
241 <p>Remove an obsolete comment</p>
246 <p>Config file changes:</p>
249 <p>Change the suggested default-server-timeout to 5 to match the suggested keep-alive-timeout. Otherwise
250 using the defaults would result in Privoxy reducing the default-server-timeout and logging an error
251 message. Sponsored by: Robert Klemme</p>
254 <p>Update the 'debug 1' description.</p>
257 <p>Add a missing 'client-specific-tag' directive.</p>
260 <p>Comment out trusted-cgi-referer pointing to example.org.</p>
265 <p>Action file improvements:</p>
268 <p>Block requests to /(.*/)?piwik\.php</p>
271 <p>Block requests to .connectaserver.de/</p>
274 <p>Block requests to pixel.inforsea.com/</p>
277 <p>Block requests to t.vi-serve.com/</p>
280 <p>Block requests to .ioam.de/</p>
283 <p>Block requests to t.9gag.com/img.gif</p>
286 <p>Block requests to .pixel.parsely.com/ as image</p>
289 <p>Block requests to pixel.wp.com/</p>
292 <p>Disable fast-redirects for .librarything.com/</p>
295 <p>Disable fast-redirects for issue.freebsdfoundation.org/</p>
298 <p>Disable fast-redirects for .twitter.com/.*origin=http</p>
301 <p>Unblock belco24.de/</p>
304 <p>Add fast-redirects exception for .wikipedia.org/</p>
307 <p>Add fast-redirects exception for oss-fuzz.com/</p>
310 <p>Disable fast-redirects for .consensu.org/delivery/pixel\.php and block the requests as image instead</p>
313 <p>Unblock .adbinstaller.com/ Reported by lvm in #942.</p>
316 <p>Unblock .adbshell.com Reported by lvm in #942.</p>
319 <p>Unblock .tagesschau.de/</p>
322 <p>Disable fast-redirects for collector.githubapp.com/ and block requests to it as image instead</p>
325 <p>Unblock 'ada*.'</p>
328 <p>Add fast-redirects{} exception for sourcepoint.vice.com/</p>
331 <p>Unblock adaway.org/ Reported by DRS David Soft in AF#945.</p>
334 <p>Change two block reasons that previously were the same. Sponsored by: Robert Klemme</p>
337 <p>Added a +delay-response{} test.</p>
340 <p>Updated the location of the development version of default.action.master.</p>
345 <p>Privoxy-Log-Parser:</p>
348 <p>Added a --keep-date option to keep the date in highlighted messages.</p>
351 <p>Highlight new log messages.</p>
354 <p>Make gather_loglevel_clf_stats() more tolerant. While at it, count all CLF messages as requests, even if
355 the request is invalid.</p>
358 <p>Only show HTTP version distribution if at least one version has been detected.</p>
361 <p>Only show crunch statistics if crunches were detected.</p>
364 <p>Warn if the request counts differ.</p>
367 <p>Generate statistics if the log only contains LOG_LEVEL_CLF messages so it can be used with vanilla
368 webserver logs. Previously Privoxy-specific "Request:" messages were required.</p>
371 <p>Align the client-HTTP-version distribution like other distributions</p>
374 <p>Bump version to 0.9.1</p>
377 <p>Include status code distribution in the stats.</p>
380 <p>Let the statistics include the size of the content Privoxy transferred excluding HTTP headers.</p>
383 <p>Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST. It's no longer
384 necessary to count both LOG_LEVEL_REQUEST and LOG_LEVEL_CRUNCH messages to get the total number of
388 <p>Leverage the LOG_LEVEL_CLF message to gather statistics that where previously taken from
389 LOG_LEVEL_HEADER lines. This results in less confusing results if https inspection is enabled in which case
390 there are two LOG_LEVEL_HEADER lines with request lines. Sponsored by: Robert Klemme</p>
393 <p>Properly highlight the filter results message. Previously a brace got lost.</p>
396 <p>Prefer the number of CLF lines to get the total number of requests as it works with older Privoxy
397 versions as well.</p>
402 <p>Privoxy-Regression-Test:</p>
405 <p>Turn curl's globbing mode off so we can allow more characters in URLs.</p>
408 <p>Allow '[' and ']' in URLs.</p>
411 <p>Include the action file when complaining about missing Sticky Actions.</p>
414 <p>Fix a sentence in the documentation.</p>
417 <p>Bump version to 0.7.1</p>
422 <p>url-pattern-translator:</p>
425 <p>Detect a couple of pattern prefixes case-insensitively. Sponsored by: Robert Klemme</p>
428 <p>Skip CLIENT-TAG patterns. Sponsored by: Robert Klemme</p>
431 <p>Skip patterns that have already been converted. It should now be safe to "convert" a file multiple
432 times. Sponsored by: Robert Klemme</p>
435 <p>Add the new 'PCRE-HOST-PATTERN:' prefix. Sponsored by: Robert Klemme</p>
441 <h2 class="SECT2"><a name="UPGRADERSNOTE" id="UPGRADERSNOTE">3.1. Note to Upgraders</a></h2>
442 <p>A quick list of things to be aware of before upgrading from earlier versions of <span class=
443 "APPLICATION">Privoxy</span>:</p>
446 <p>The recommended way to upgrade <span class="APPLICATION">Privoxy</span> is to backup your old
447 configuration files, install the new ones, verify that <span class="APPLICATION">Privoxy</span> is working
448 correctly and finally merge back your changes using <span class="APPLICATION">diff</span> and maybe
449 <span class="APPLICATION">patch</span>.</p>
450 <p>There are a number of new features in each <span class="APPLICATION">Privoxy</span> release and most of
451 them have to be explicitly enabled in the configuration files. Old configuration files obviously don't do
452 that and due to syntax changes using old configuration files with a new <span class=
453 "APPLICATION">Privoxy</span> isn't always possible anyway.</p>
456 <p>Note that some installers remove earlier versions completely, including configuration files, therefore you
457 should really save any important configuration files!</p>
460 <p>On the other hand, other installers don't overwrite existing configuration files, thinking you will want
461 to do that yourself.</p>
464 <p>In the default configuration only fatal errors are logged now. You can change that in the <a href=
465 "config.html#DEBUG">debug section</a> of the configuration file. You may also want to enable more verbose
466 logging until you verified that the new <span class="APPLICATION">Privoxy</span> version is working as
470 <p>Three other config file settings are now off by default: <a href=
471 "config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a>, <a href=
472 "config.html#ENABLE-REMOTE-HTTP-TOGGLE">enable-remote-http-toggle</a>, and <a href=
473 "config.html#ENABLE-EDIT-ACTIONS">enable-edit-actions</a>. If you use or want these, you will need to
474 explicitly enable them, and be aware of the security issues involved.</p>
479 <div class="NAVFOOTER">
480 <hr align="left" width="100%">
481 <table summary="Footer navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
483 <td width="33%" align="left" valign="top"><a href="installation.html" accesskey="P">Prev</a></td>
484 <td width="34%" align="center" valign="top"><a href="index.html" accesskey="H">Home</a></td>
485 <td width="33%" align="right" valign="top"><a href="quickstart.html" accesskey="N">Next</a></td>
488 <td width="33%" align="left" valign="top">Installation</td>
489 <td width="34%" align="center" valign="top"> </td>
490 <td width="33%" align="right" valign="top">Quickstart to Using Privoxy</td>