1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
6 <title>What's New in this Release</title>
7 <meta name="GENERATOR" content=
8 "Modular DocBook HTML Stylesheet Version 1.79">
9 <link rel="HOME" title="Privoxy 3.0.21 User Manual" href="index.html">
10 <link rel="PREVIOUS" title="Installation" href="installation.html">
11 <link rel="NEXT" title="Quickstart to Using Privoxy" href=
13 <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
14 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
15 <link rel="STYLESHEET" type="text/css" href="p_doc.css">
18 <body class="SECT1" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink=
19 "#840084" alink="#0000FF">
20 <div class="NAVHEADER">
21 <table summary="Header navigation table" width="100%" border="0"
22 cellpadding="0" cellspacing="0">
24 <th colspan="3" align="center">Privoxy 3.0.21 User Manual</th>
28 <td width="10%" align="left" valign="bottom"><a href=
29 "installation.html" accesskey="P">Prev</a></td>
31 <td width="80%" align="center" valign="bottom"></td>
33 <td width="10%" align="right" valign="bottom"><a href=
34 "quickstart.html" accesskey="N">Next</a></td>
37 <hr align="left" width="100%">
41 <h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this
44 <p><span class="APPLICATION">Privoxy 3.0.21</span> stable is a bug-fix
45 release for Privoxy 3.0.20 beta. It also addresses a security issue that
46 affects all previous Privoxy versions (on some platforms). The changes
47 since 3.0.20 beta are:</p>
55 <p>On POSIX-like platforms, network sockets with file descriptor
56 values above FD_SETSIZE are properly rejected. Previously they
57 could cause memory corruption in configurations that allowed the
58 limit to be reached.</p>
62 <p>Compiles on OS/2 again now that unistd.h is only included on
63 platforms that have it.</p>
69 <p>General improvements:</p>
73 <p>The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS
78 <p>A couple of assert()s that could theoretically dereference
79 NULL pointers in debug builds have been relocated.</p>
83 <p>Added an LSB info block to the generic start script. Based on
84 a patch from Natxo Asenjo.</p>
88 <p>The max-client-connections default has been changed to 128
89 which should be more than enough for most setups.</p>
95 <p>Action file improvements:</p>
99 <p>Block rover.ebay./ar.*\&adtype= instead of
100 "/.*\&adtype=" which caused too man false positives. Reported
101 by u302320 in #360284, additional feedback from Adam Piggott.</p>
105 <p>Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously
106 reported in #3603636.</p>
112 <p>Filter file improvements:</p>
116 <p>Added an iframes filter.</p>
122 <p>Documentation improvements:</p>
126 <p>The whole GPLv2 text is included in the user manual now, so
127 Privoxy can serve it itself and the user can read it without
128 having to wade through GPLv3 ads first.</p>
132 <p>Properly numbered and underlined a couple of section titles in
133 the config that where previously overlooked due to a flaw in the
134 conversion script. Reported by Ralf Jungblut.</p>
138 <p>Improved the support instruction to hopefully make it harder
139 to unintentionally provide insufficient information when
140 requesting support. Previously it wasn't obvious that the
141 information we need in bug reports is usually also required in
142 support requests.</p>
146 <p>Removed documentation about packages that haven't been
147 provided in years.</p>
153 <p>Privoxy-Regression-Test:</p>
157 <p>Only log the test number when not running in verbose mode The
158 position of the test is rarely relevant and it previously wasn't
159 exactly obvious which one of the numbers was useful to repeat the
160 test with --test-number.</p>
166 <p>GNUmakefile improvements:</p>
170 <p>Factor generate-config-file out of config-file to make testing
175 <p>The clean target now also takes care of patch leftovers.</p>
181 <p><span class="APPLICATION">Privoxy 3.0.20</span> beta contained the
182 following changes compared to the previous stable release:</p>
190 <p>Client sockets are now properly shutdown and drained before
191 being closed. This fixes page truncation issues with clients that
192 aggressively pipeline data on platforms that otherwise discard
193 already written data. The issue mainly affected Opera users and
194 was initially reported by Kevin in #3464439, szotsaki provided
195 additional information to track down the cause.</p>
199 <p>Fix latency calculation for shared connections (disabled by
200 default). It was broken since their introduction in 2009. The
201 calculated latency for most connections would be 0 in which case
202 the timeout detection failed to account for the real latency.</p>
206 <p>Reject URLs with invalid port. Previously they were parsed
207 incorrectly and characters between the port number and the first
208 slash were silently dropped as shown by curl test 187.</p>
212 <p>The default-server-timeout and socket-timeout directives
213 accept 0 as valid value.</p>
217 <p>Fix a race condition on Windows that could cause Privoxy to
218 become unresponsive after toggling it on or off through the
219 taskbar icon. Reported by Tim H. in #3525694.</p>
223 <p>Fix the compilation on Windows when configured without IPv6
228 <p>Fix an assertion that could cause debug builds to abort() in
229 case of socks5 connection failures with "debug 2" enabled.</p>
233 <p>Fix an assertion that could cause debug builds to abort() if a
234 filter contained nul bytes in the replacement text.</p>
240 <p>General improvements:</p>
244 <p>Significantly improved keep-alive support for both client and
245 server connections.</p>
249 <p>New debug log level 65536 which logs all actions that were
250 applied to the request.</p>
254 <p>New directive client-header-order to forward client headers in
255 a different order than the one in which they arrived.</p>
259 <p>New directive tolerate-pipelining to allow client-side
260 pipelining. If enabled (3.0.20 beta enables it by default),
261 Privoxy will keep pipelined client requests around to deal with
262 them once the current request has been served.</p>
266 <p>New --config-test option to let Privoxy exit after checking
267 whether or not the configuration seems valid. The limitations
268 noted in TODO #22 and #23 still apply. Based on a patch by
269 Ramkumar Chinchani.</p>
273 <p>New limit-cookie-lifetime{} action to let cookies expire
274 before the end of the session. Suggested by Rick Sykes in
279 <p>Increase the hard-coded maximum number of actions and filter
280 files from 10 to 30 (each). It doesn't significantly affect
281 Privoxy's memory usage and recompiling wasn't an option for all
282 Privoxy users that reached the limit.</p>
286 <p>Add support for chunk-encoded client request bodies.
287 Previously chunk-encoded request bodies weren't guaranteed to be
288 forwarded correctly, so this can also be considered a bug fix
289 although chunk-encoded request bodies aren't commonly used in the
294 <p>Add support for Tor's optimistic-data SOCKS extension, which
295 can reduce the latency for requests on newly created connections.
296 Currently only the headers are sent optimistically and only if
297 the client request has already been read completely which rules
298 out requests with large bodies.</p>
302 <p>After preventing the client from pipelining, don't signal
303 keep-alive intentions. When looking at the response headers
304 alone, it previously wasn't obvious from the client's perspective
305 that no additional responses should be expected.</p>
309 <p>Stop considering client sockets tainted after receiving a
310 request with body. It hasn't been necessary for a while now and
311 unnecessarily causes test failures when using curl's test
316 <p>Allow HTTP/1.0 clients to signal interest in keep-alive
317 through the Proxy-Connection header. While such client are rare
318 in the real world, it doesn't hurt and couple of curl tests rely
323 <p>Only remove duplicated Content-Type headers when filters are
324 enabled. If they are not it doesn't cause ill effects and the
325 user might not want it. Downgrade the removal message to
326 LOG_LEVEL_HEADER to clarify that it's not an error in Privoxy and
327 is unlikely to cause any problems in general. Anonymously
328 reported in #3599335.</p>
332 <p>Set the socket option SO_LINGER for the client socket.</p>
336 <p>Move several variable declarations to the beginning of their
337 code block. It's required when compiling with gcc 2.95 which is
338 still used on some platforms. Initial patch submitted by Simon
339 South in #3564815.</p>
343 <p>Optionally try to sanity-check strptime() results before
344 trusting them. Broken strptime() implementations have caused
345 problems in the past and the most recent offender seems to be
346 FreeBSD's libc (standards/173421).</p>
350 <p>When filtering is enabled, let Range headers pass if the range
351 starts at the beginning. This should work around (or at least
352 reduce) the video playback issues with various Apple clients as
353 reported by Duc in #3426305.</p>
357 <p>Do not confuse a client hanging up with a connection time out.
358 If a client closes its side of the connection without sending a
359 request line, do not send the CLIENT_CONNECTION_TIMEOUT_RESPONSE,
360 but report the condition properly.</p>
364 <p>Allow closing curly braces as part of action values as long as
365 they are escaped.</p>
369 <p>On Windows, the logfile is now written before showing the GUI
370 error message which blocks until the user acknowledges it.
371 Reported by Adriaan in #3593603.</p>
375 <p>Remove an unreasonable parameter limit in the CGI interface.
376 The new parameter limit depends on the memory available and is
377 currently unlikely to be reachable, due to other limits in both
378 Privoxy and common clients. Reported by Andrew on
383 <p>Decrease the chances of parse failures after requests with
384 unsupported methods were sent to the CGI interface.</p>
390 <p>Action file improvements:</p>
394 <p>Remove the comment that indicated that updated default.action
395 versions are released on their own.</p>
399 <p>Block 'optimize.indieclick.com/' and
400 'optimized-by.rubiconproject.com/'</p>
404 <p>Unblock 'adjamblog.wordpress.com/' and
405 'adjamblog.files.wordpress.com/'. Reported by Ryan Farmer in
410 <p>Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.</p>
414 <p>Add test URLs for '.freebsd.org' and '.watson.org'.</p>
418 <p>Unblock '.urbandictionary.com/popular'.</p>
422 <p>Block '.adnxs.com/'.</p>
426 <p>Block 'farm.plista.com/widgetdata.php'.</p>
430 <p>Block 'rotation.linuxnewmedia.com/'.</p>
434 <p>Block 'reklamy.sfd.pl/'. Reported by kacperdominik in
439 <p>Block 'g.adspeed.net/'.</p>
443 <p>Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in
448 <p>Block '/openx/www/delivery/'.</p>
452 <p>Disable fast-redirects for '.googleapis.com/'.</p>
456 <p>Block 'imp.double.net/'. Reported by David Bo in #3070411.</p>
460 <p>Block 'gm-link.com/' which is used for email tracking.
461 Reported by David Bo in #1812733.</p>
465 <p>Verify that requests to "bwp." are blocked. URL taken from
466 #1736879 submitted by Francois Marier.</p>
470 <p>Block '/.*bannerid='. Reported by Adam Piggott in
475 <p>Block 'cltomedia.info/delivery/' and '.adexprt.com/'.
476 Anonymously reported in #2965254.</p>
480 <p>Block 'de17a.com/'. Reported by David Bo in #3061472.</p>
484 <p>Block 'oskar.tradera.com/'. Reported by David Bo in
489 <p>Block '/scripts/webtrends\.js'. Reported by johnd16 in
494 <p>Block requests for 'pool.*.adhese.com/'. Reported by johnd16
499 <p>Update path pattern for Coremetrics and add tests. Pattern and
500 URLs submitted by Adam Piggott #3168443.</p>
504 <p>Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'.
505 Reported by David Bo in #3268832.</p>
509 <p>Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo
514 <p>Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.</p>
518 <p>Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in
523 <p>Block requests to 'service.maxymiser.net/'. Reported by
524 johnd16 in #3118401 (with a previous URL).</p>
528 <p>Disable fast-redirects for Google's "let's pretend your
529 computer is infected" page.</p>
533 <p>Unblock '/.*download' to resolve actionsfile feedback
534 #3498129. Submitted by Steven Kolins (soundcloud.com not
539 <p>Unblock '.wlxrs.com/' which is required by hotmail.com. Fixes
540 #3413827 submitted by David Bo.</p>
544 <p>Add two unblock patterns for popup radio and TV players.
545 Submitted by Adam Piggott in #3596089.</p>
551 <p>Filter file improvements & bug fixes:</p>
555 <p>Add a referer tagger.</p>
559 <p>Reduce the likelihood that the google filter messes up
560 HTML-generating JavaScript. Reported by Zeno Kugy in
567 <p>Documentation improvements:</p>
571 <p>Revised all OS X sections due to new packaging module
572 (OSXPackageBuilder).</p>
576 <p>Update the list of supported operating systems to clarify that
577 all Windows versions after 95 are expected to work and note that
578 the platform-specific code for AmigaOS and QNX currently isn't
583 <p>Update 'Signals' section, the only explicitly handled signals
584 are SIGINT, SIGTERM and SIGHUP.</p>
588 <p>Add Haiku to the list of operating systems on which Privoxy is
593 <p>Add DragonFly to the list of BSDs on which Privoxy is known to
598 <p>Removed references to redhat-specific documentation set since
599 it no longer exists.</p>
603 <p>Removed references to building PDFs since we no longer do
608 <p>Multiple listen-address directives are supported since 3.0.18,
609 correct the documentation to say so.</p>
613 <p>Remove bogus section about long and short being preferable to
618 <p>Corrected some Internet JunkBuster references to Privoxy.</p>
622 <p>Removed references to www.junkbusters.com since it is no
623 longer maintained. Reported by Angelina Matson.</p>
627 <p>Various grammar and spelling corrections</p>
631 <p>Add a client-header-tagger{} example for disabling filtering
632 for range requests.</p>
636 <p>Correct a URL in the "Privoxy with Tor" FAQ.</p>
640 <p>Spell 'refresh-tags' correctly. Reported by Don in
645 <p>Sort manpage options alphabetically.</p>
649 <p>Remove an incorrect sentence in the toggle section. The toggle
650 state doesn't affect whether or not the Windows version uses the
651 tray icon. Reported by Zeno Kugy in #3596395.</p>
655 <p>Add new contributors since 3.0.19.</p>
661 <p>Log message improvements:</p>
665 <p>When stopping to watch a client socket due to pipelining,
666 additionally log the socket number.</p>
670 <p>Log the client socket and its condition before closing it.
671 This makes it more obvious that the socket actually gets closed
672 and should help when diagnosing problems like #3464439.</p>
676 <p>In case of SOCKS5 failures, do not explicitly log the server's
677 response. It hasn't helped so far and the response can already be
678 logged by enabling "debug 32768" anyway. This reverts v1.81 and
679 the follow-up bug fix v1.84.</p>
683 <p>Relocate the connection-accepted message from listen_loop() to
684 serve(). This way it's printed by the thread that is actually
685 serving the connection which is nice when grepping for thread ids
692 <p>Code cleanups:</p>
696 <p>Remove compatibility layer for versions prior to 3.0 since it
697 has been obsolete for more than 10 years now.</p>
701 <p>Remove the ijb_isupper() and ijb_tolower() macros from
702 parsers.c since they aren't used in this file.</p>
706 <p>Removed the 'Functions declared include:' comment sections
707 since they tend to be incomplete, incorrect and out of date and
708 the benefit seems questionable.</p>
712 <p>Various comment grammar and comprehensibility
717 <p>Remove a pointless fflush() call in chat(). Flushing all
718 streams pretty much all the time for no obvious reason is
723 <p>Relocate ijb_isupper()'s definition to project.h and get the
724 ijb_tolower() definition from there, too.</p>
728 <p>Relocate ijb_isdigit()'s definition to project.h.</p>
732 <p>Rename ijb_foo macros to privoxy_foo.</p>
736 <p>Add malloc_or_die() which will allow to simplify code paths
737 where malloc() failures don't need to be handled gracefully.</p>
741 <p>Add strdup_or_die() which will allow to simplify code paths
742 where strdup() failures don't need to be handled gracefully.</p>
746 <p>Replace strdup() calls with strdup_or_die() calls where it's
747 safe and simplifies the code.</p>
751 <p>Fix white-space around parentheses.</p>
755 <p>Add missing white-space behind if's and the following
760 <p>Unwrap a memcpy() call in resolve_hostname_to_ip().</p>
764 <p>Declare pcrs_get_delimiter()'s delimiters[] static const.</p>
768 <p>Various optimisations to remove dead code and merge
769 inefficient code structures for improved clarity, performance or
770 code compactness.</p>
774 <p>Various data type corrections.</p>
778 <p>Change visibility of several code segments when compiling
779 without FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.</p>
783 <p>In pcrs_get_delimiter(), do not use delimiters outside the
784 ASCII range. Fixes a clang complaint.</p>
788 <p>Fix an error message in get_last_url() nobody is supposed to
789 see. Reported by Matthew Fischer in #3507301.</p>
793 <p>Fix a typo in the no-zlib-support complaint. Patch submitted
794 by Matthew Fischer in #3507304.</p>
798 <p>Shorten ssplit()'s prototype by removing the last two
799 arguments. We always want to skip empty fields and ignore leading
800 delimiters, so having parameters for this only complicates the
805 <p>Use an enum for the type of the action value.</p>
809 <p>Rename action_name's member takes_value to value_type as it
810 isn't used as boolean.</p>
814 <p>Turn family mismatches in match_sockaddr() into fatal
819 <p>Let enlist_unique_header() verify that the caller didn't pass
820 a header containing either \r or \n.</p>
824 <p>Change the hashes used in load_config() to unsigned int.
825 That's what hash_string() actually returns and using a
826 potentially larger type is at best useless.</p>
830 <p>Use privoxy_tolower() instead of vanilla tolower() with manual
831 casting of the argument.</p>
835 <p>Catch ssplit() failures in parse_cgi_parameters().</p>
841 <p>Privoxy-Regression-Test:</p>
845 <p>Add an 'Overwrite condition' directive to skip any matching
846 tests before it. As it has a global scope, using it is more
847 convenient than clowning around with the Ignore directive.</p>
851 <p>Log to STDOUT instead of STDERR.</p>
855 <p>Include the Privoxy version in the output.</p>
859 <p>Various grammar and spelling corrections in documentation and
864 <p>Additional tests for range requests with filtering
869 <p>Tests with mostly invalid range request.</p>
873 <p>Add a couple of hide-if-modified-since{} tests with different
878 <p>Cleaned up the format of the regression-tests.action file to
879 match the format of default.action.</p>
883 <p>Remove the "Copyright" line from print_version(). When using
884 --help, every line of screen space matters and thus shouldn't be
885 wasted on things the user doesn't care about.</p>
891 <p>Privoxy-Log-Parser:</p>
895 <p>Improve the --statistics performance by skipping sanity checks
896 for input that shouldn't affect the results anyway. Add a
897 --strict-checks option that enables some of the checks again,
898 just in case anybody cares.</p>
902 <p>The distribution of client requests per connection is included
903 in the --statistic output.</p>
907 <p>The --accept-unknown-messages option has been removed and the
908 behavior is now the default.</p>
912 <p>Accept and (mostly) highlight new log messages introduced with
923 <p>Bump generated Firefox version to 17.</p>
929 <p>GNUmakefile improvements:</p>
933 <p>The dok-tidy target no longer taints documents with a
938 <p>Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich
943 <p>Remove tidy's clean flag as it changes the scope of
944 attributes. Link-specific colors end up being applied to all
945 text. Reported by Adam Piggott in #3569551.</p>
949 <p>Leave it up to the user whether or not smart tags are
954 <p>Let w3m itself do the line wrapping for the config file. It
955 works better than fmt as it can honour pre tags causing less
956 unintentional line breaks.</p>
960 <p>Ditch a pointless '-r' passed to rm to delete files.</p>
964 <p>The config-file target now requires less manual intervention
965 and updates the original config.</p>
969 <p>Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8
970 in the AUTHORS file so the names are right.</p>
974 <p>Stop pretending that lynx and links are supported for the
981 <p>configure improvements:</p>
985 <p>On Haiku, do not pass -lpthread to the compiler. Haiku's
986 pthreads implementation is contained in its system library,
987 libroot, so no additional library needs to be searched. Patch
988 submitted by Simon South in #3564815.</p>
992 <p>Additional Haiku-specific improvements. Disable checks
993 intended for multi-user systems as Haiku is presently
994 single-user. Group Haiku-specific settings in their own section,
995 following the pattern for Solaris, OS/2 and AmigaOS. Add
996 additional library-related settings to remove the need for
997 providing configure with custom LDFLAGS. Submitted by Simon South
1005 <h2 class="SECT2"><a name="UPGRADERSNOTE" id="UPGRADERSNOTE">3.1. Note
1006 to Upgraders</a></h2>
1008 <p>A quick list of things to be aware of before upgrading from earlier
1009 versions of <span class="APPLICATION">Privoxy</span>:</p>
1013 <p>The recommended way to upgrade <span class=
1014 "APPLICATION">Privoxy</span> is to backup your old configuration
1015 files, install the new ones, verify that <span class=
1016 "APPLICATION">Privoxy</span> is working correctly and finally merge
1017 back your changes using <span class="APPLICATION">diff</span> and
1018 maybe <span class="APPLICATION">patch</span>.</p>
1020 <p>There are a number of new features in each <span class=
1021 "APPLICATION">Privoxy</span> release and most of them have to be
1022 explicitly enabled in the configuration files. Old configuration
1023 files obviously don't do that and due to syntax changes using old
1024 configuration files with a new <span class=
1025 "APPLICATION">Privoxy</span> isn't always possible anyway.</p>
1029 <p>Note that some installers remove earlier versions completely,
1030 including configuration files, therefore you should really save any
1031 important configuration files!</p>
1035 <p>On the other hand, other installers don't overwrite existing
1036 configuration files, thinking you will want to do that
1041 <p>In the default configuration only fatal errors are logged now.
1042 You can change that in the <a href="config.html#DEBUG">debug
1043 section</a> of the configuration file. You may also want to enable
1044 more verbose logging until you verified that the new <span class=
1045 "APPLICATION">Privoxy</span> version is working as expected.</p>
1049 <p>Three other config file settings are now off by default:
1050 <a href="config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a>,
1052 "config.html#ENABLE-REMOTE-HTTP-TOGGLE">enable-remote-http-toggle</a>,
1054 "config.html#ENABLE-EDIT-ACTIONS">enable-edit-actions</a>. If you
1055 use or want these, you will need to explicitly enable them, and be
1056 aware of the security issues involved.</p>
1062 <div class="NAVFOOTER">
1063 <hr align="left" width="100%">
1065 <table summary="Footer navigation table" width="100%" border="0"
1066 cellpadding="0" cellspacing="0">
1068 <td width="33%" align="left" valign="top"><a href="installation.html"
1069 accesskey="P">Prev</a></td>
1071 <td width="34%" align="center" valign="top"><a href="index.html"
1072 accesskey="H">Home</a></td>
1074 <td width="33%" align="right" valign="top"><a href="quickstart.html"
1075 accesskey="N">Next</a></td>
1079 <td width="33%" align="left" valign="top">Installation</td>
1081 <td width="34%" align="center" valign="top"> </td>
1083 <td width="33%" align="right" valign="top">Quickstart to Using