2 File : $Source: /cvsroot/ijbswa/current/doc/source/changelog.sgml,v $
4 Purpose : Entity included in other project documents.
6 $Id: changelog.sgml,v 2.12 2015/01/26 11:25:45 fabiankeil Exp $
8 Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/
11 ======================================================================
12 This file used for inclusion with other documents only.
13 ======================================================================
15 If you make changes to this file, please verify the finished
16 docs all display as intended.
18 This file is included into:
24 <application>Privoxy 3.0.23</application> stable is a bug-fix release,
25 some of the fixed bugs are security issues:
29 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
41 Fixed a DoS issue in case of client requests with incorrect
42 chunk-encoded body. When compiled with assertions enabled
43 (the default) they could previously cause Privoxy to abort().
44 Reported by Matthew Daley. CVE-2015-1380.
49 Fixed multiple segmentation faults and memory leaks in the
50 pcrs code. This fix also increases the chances that an invalid
51 pcrs command is rejected as such. Previously some invalid commands
52 would be loaded without error. Note that Privoxy's pcrs sources
53 (action and filter files) are considered trustworthy input and
54 should not be writable by untrusted third-parties. CVE-2015-1381.
59 Fixed an 'invalid read' bug which could at least theoretically
60 cause Privoxy to crash. So far, no crashes have been observed.
66 Compiles with --disable-force again. Reported by Kai Raven.
71 Client requests with body that can't be delivered no longer
72 cause pipelined requests behind them to be rejected as invalid.
73 Reported by Basil Hussain.
85 If a pcrs command is rejected as invalid, Privoxy now logs
86 the cause of the problem as text. Previously the pcrs error
92 The tests are less likely to cause false positives.
100 Action file improvements:
104 '.sify.com/' is no longer blocked. Apparently it is not actually
105 a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@.
110 Unblock banners on .amnesty.de/ which aren't ads.
118 Documentation improvements:
122 The 'Would you like to donate?' section now also contains
128 The list of supported operating systems has been updated.
133 The existence of the SF support and feature trackers has been
134 deemphasized because they have been broken for months.
135 Most of the time the mailing lists still work.
140 The claim that default.action updates are sometimes released
141 on their own has been removed. It hasn't happened in years.
146 Explicitly mention that Tor's port may deviate from the default
147 when using a bundle. Requested by Andrew on ijbswa-users@.