1 Announcing Privoxy 3.0.22 stable
2 --------------------------------------------------------------------
4 Privoxy 3.0.22 stable is mainly a bug-fix release, it also has a
5 couple of new features, though. Note that the first two entries in
6 the ChangeLog below refer to security issues.
8 --------------------------------------------------------------------
10 --------------------------------------------------------------------
11 *** Version 3.0.22 stable ***
14 - Fixed a memory leak when rejecting client connections due to
15 the socket limit being reached (CID 66382). This affected
16 Privoxy 3.0.21 when compiled with IPv6 support (on most
17 platforms this is the default).
18 - Fixed an immediate-use-after-free bug (CID 66394) and two
19 additional unconfirmed use-after-free complaints made by
20 Coverity scan (CID 66391, CID 66376).
21 - Actually show the FORCE_PREFIX value on the show-status page.
22 - Properly deal with Keep-Alive headers with timeout= parameters
23 If the timeout still can't be parsed, use the configured
24 timeout instead of preventing the client from keeping the
25 connection alive. Fixes #3615312/#870 reported by Bernard Guillot.
26 - Not using any filter files no longer results in warning messages
27 unless an action file is referencing header taggers or filters.
28 Reported by Stefan Kurtz in #3614835.
29 - Fixed a bug that prevented Privoxy from reusing some reusable
30 connections. Two bit masks with different purpose unintentionally
32 - A couple of additional bugs were discovered by Coverity Scan.
33 The fixes that are not expected to affect users are not explicitly
34 mentioned here, for details please have a look at the CVS logs.
36 - General improvements:
37 - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
38 They apply if no matching tag is found after parsing client or
40 - Add support for external filters which allow to process the
41 response body with a script or program written in any language
42 the platform supports. External filters are enabled with
43 +external-filter{} after they have been defined in one of the
44 filter files with a header line starting with "EXTERNAL-FILTER:".
45 External filter support is experimental, not compiled by default
46 and known not to work on all platforms.
47 - Add support for the 'PATCH' method as defined in RFC5789.
48 - Reject requests with unsupported Expect header values.
49 Fixes a couple of Co-Advisor tests.
50 - Normalize the HTTP-version in forwarded requests and responses.
51 This is an explicit RFC 2616 MUST and RFC 7230 mandates that
52 intermediaries send their own HTTP-version in forwarded
54 - Server 'Keep-Alive' headers are no longer forwarded. From a user's
55 point of view it doesn't really matter, but RFC 2616 (obsolete)
56 mandates that the header is removed and this fixes a Co-Advisor
58 - Change declared template file encoding to UTF-8. The templates
59 already used a subset of UTF-8 anyway and changing the declaration
60 allows to properly display UTF-8 characters used in the action files.
61 This change may require existing action files with ISO-8859-1
62 characters that aren't valid UTF-8 to be converted to UTF-8.
63 Requested by Sam Chen in #582.
64 - Do not pass rejected keep-alive timeouts to the server. It might
65 not have caused any problems (we know of), but doing the right
66 thing shouldn't hurt either.
67 - Let log_error() use its own buffer size #define to make changing
68 the log buffer size slightly less inconvenient.
69 - Turned single-threaded into a "proper" toggle directive with arguments.
70 - CGI templates no longer enforce new windows for some links.
71 - Remove an undocumented workaround ('HOST' header removal) for
72 an Apple iTunes bug that according to #729900 got fixed in 2003.
74 - Action file improvements:
75 - The pattern 'promotions.' is no longer being blocked.
76 Reported by rakista in #3608540.
77 - Disable fast-redirects for .microsofttranslator.com/.
78 - Disable filter{banners-by-size} for .dgb-tagungszentren.de/.
79 - Add adn.speedtest.net as a site-specific unblocker.
80 Support request #3612908.
81 - Disable filter{banners-by-size} for creativecommons.org/.
82 - Block requests to data.gosquared.com/. Reported by cbug in #3613653.
83 - Unblock .conrad./newsletter/. Reported by David Bo in #3614238.
84 - Unblock .bundestag.de/.
85 - Unblock .rote-hilfe.de/.
86 - Disable fast-redirects for .facebook.com/plugins/like.php.
87 - Unblock Stackexchange popup URLs that aren't used to serve ads.
88 Reported by David Wagner in #3615179.
89 - Disable fast-redirects for creativecommons.org/.
90 - Unblock .stopwatchingus.info/.
91 - Block requests for .adcash.com/script/.
92 Reported by Tyrexionibus in #3615289.
93 - Disable HTML filters if the response was tagged as JavaScript.
94 Filtering JavaScript code with filters intended to deal with HTML
95 is usually a waste of time and, more importantly, may break stuff.
96 - Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=
97 Previously enabling the 'Advanced' settings (or manually enabling
98 +fast-redirects{}) prevented some images from being loaded properly.
99 - Unblock "adina*." Fixes #919 reported by Morton A. Goldberg.
101 - Unblock 'adele*.'. Reported by Adele Lime in #1663.
102 - Disable banners-by-size for kggp.de/.
104 - Filter file improvements & bug fixes:
105 - Decrease the chances that js-annoyances creates invalid JavaScript.
106 Submitted by John McGowan on ijbswa-users@.
107 - Let the msn filter hide 'related' ads again.
108 - Remove a stray '1' in the 'html-annoyances' filter.
109 - Prevent img-reorder from messing up img tags with empty src
110 attributes. Fixes #880 reported by Duncan.
112 - Documentation improvements:
113 - Updated the 'Would you like to donate?' section.
114 - Note that invalid forward-override{} parameter syntax isn't
115 detected until the parameter is used.
116 - Add another +redirect{} example: a shortcut for illumos bugs.
117 - Make it more obvious that many operating systems support log
118 rotation out of the box.
119 - Fixed dead links. Reported by Mark Nelson in #3614557.
120 - Rephrased the 'Why is the configuration so complicated?' answer
121 to be slightly less condescending. Anonymously suggested in #3615122.
122 - Be more explicit about accept-intercepted-requests's lack of MITM support.
123 - Make 'demoronizer' FAQ entries more generic.
124 - Add an example hostname to the --pre-chroot-nslookup description.
125 - Add an example for a host pattern that matches an IP address.
126 - Rename the 'domain pattern' to 'host pattern' as it may
127 contain IP addresses as well.
128 - Recommend forward-socks5t when using Tor. It seems to work fine and
129 modifying the Tor configuration to profit from it hasn't been necessary
131 - Add another redirect{} example to stress that redirect loops can
132 and should be avoided.
133 - The usual spelling and grammar fixes. Parts of them were
134 reported by Reuben Thomas in #3615276.
135 - Mention the PCRS option letters T and D in the filter section.
136 - Clarify that handle-as-empty-doc-returns-ok is still useful
137 and will not be removed without replacement.
138 - Note that security issues shouldn't be reported using the bug tracker.
139 - Clarify what Privoxy does if both +block{} and +redirect{} apply.
140 - Removed the obsolete bookmarklets section.
142 - Build system improvements:
143 - Let --with-group properly deal with secondary groups.
144 Patch submitted by Anatoly Arzhnikov in #3615187.
145 - Fix web-actions target.
146 - Add a web-faq target that only updates the FAQ on the webserver.
147 - Remove already-commented-out non-portable DOSFILTER alternatives.
148 - Remove the obsolete targets dok-put and dok-get.
149 - Add a sf-shell target.
152 - To compile with --disable-force you need the following change which
153 didn't make it into the release:
154 http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/project.h?r1=1.208&r2=1.209&view=patch
155 Thanks to Kai Raven for the report.
157 -----------------------------------------------------------------
159 -----------------------------------------------------------------
161 Privoxy is a non-caching web proxy with advanced filtering capabilities for
162 enhancing privacy, modifying web page data and HTTP headers, controlling
163 access, and removing ads and other obnoxious Internet junk. Privoxy has a
164 flexible configuration and can be customized to suit individual needs and
165 tastes. It has application for both stand-alone systems and multi-user
168 Privoxy is Free Software and licensed under the GNU GPLv2.
170 Our TODO list is rather long. Helping hands and donations are welcome:
172 * http://www.privoxy.org/faq/general.html#PARTICIPATE
174 * http://www.privoxy.org/faq/general.html#DONATE
176 At present, Privoxy is known to run on Windows 95 and later versions
177 (98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE,
178 Debian, Fedora, Gentoo, Slackware and others), Mac OS X (10.4 and
179 upwards on PPC and Intel processors), OS/2, Haiku, DragonFly,
180 FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix.
182 In addition to the core features of ad blocking and cookie management,
183 Privoxy provides many supplemental features, that give the end-user
184 more control, more privacy and more freedom:
186 * Supports "Connection: keep-alive". Outgoing connections can be kept
187 alive independently from the client. Currently not available on all
190 * Supports IPv6, provided the operating system does so too,
191 and the configure script detects it.
193 * Supports tagging which allows to change the behaviour based on client
196 * Can be run as an "intercepting" proxy, which obviates the need to
197 configure browsers individually.
199 * Sophisticated actions and filters for manipulating both server and
202 * Can be chained with other proxies.
204 * Integrated browser based configuration and control utility at
205 http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based
206 tracing of rule and filter effects. Remote toggling.
208 * Web page filtering (text replacements, removes banners based on size,
209 invisible <quote>web-bugs</quote> and HTML annoyances, etc.)
211 * Modularized configuration that allows for standard settings and user
212 settings to reside in separate files, so that installing updated actions
213 files won't overwrite individual user settings.
215 * Support for Perl Compatible Regular Expressions in the configuration
216 files, and a more sophisticated and flexible configuration syntax.
220 * Bypass many click-tracking scripts (avoids script redirection).
222 * User-customizable HTML templates for most proxy-generated pages (e.g.
225 * Auto-detection and re-reading of config file changes.
227 * Most features are controllable on a per-site or per-location basis.
231 http://sourceforge.net/project/showfiles.php?group_id=11118
234 http://www.privoxy.org/
236 - Privoxy Developers <ijbswa-developers@lists.sourceforge.net>