twitter月別更新回数
History
2011/12/27 ver 3.0.19
Announcing Privoxy v.3.0.19 stable
This is a bug-fix release for the previously released
Privoxy 3.0.18. One of the fixes addresses a security issue.
--------------------------------------------------------------------
*** Version 3.0.19 Stable ***
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems. On those platforms, all Privoxy
versions before 3.0.19 appear to be affected.
To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
Reported by qqqqqw in #3459781.
- General improvements:
(省略されました)
This is a bug-fix release for the previously released
Privoxy 3.0.18. One of the fixes addresses a security issue.
--------------------------------------------------------------------
*** Version 3.0.19 Stable ***
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems. On those platforms, all Privoxy
versions before 3.0.19 appear to be affected.
To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
Reported by qqqqqw in #3459781.
- General improvements:
(省略されました)
2011/11/21 ver 3.0.18
Announcing Privoxy v.3.0.18 stable
This is mainly a bug-fix release for the previously released
Privoxy 3.0.17. One of the fixes addresses a security issue.
*** Version 3.0.18 stable ***
- Bug fixes:
- If the redirect URL contains characters RFC 3986 doesn't permit,
they are (re)encoded. Not doing this makes Privoxy versions from
3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
attacks if the +fast-redirects{check-decoded-url} action is used.
- Fix a logic bug that could cause Privoxy to reuse a server
socket after it got tainted by a server-header-tagger-induced
block that was triggered before the whole server response had
been read. If keep-alive was enabled and the request following
the blocked one was to the same host and using the same forwarding
settings, Privoxy would send it on the tainted server socket.
While the server would simply treat it as a pipelined request,
Privoxy would later on fail to properly parse the server's
response as it would try to parse the unread data from the
first response as server headers for the second one.
(省略されました)
This is mainly a bug-fix release for the previously released
Privoxy 3.0.17. One of the fixes addresses a security issue.
*** Version 3.0.18 stable ***
- Bug fixes:
- If the redirect URL contains characters RFC 3986 doesn't permit,
they are (re)encoded. Not doing this makes Privoxy versions from
3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
attacks if the +fast-redirects{check-decoded-url} action is used.
- Fix a logic bug that could cause Privoxy to reuse a server
socket after it got tainted by a server-header-tagger-induced
block that was triggered before the whole server response had
been read. If keep-alive was enabled and the request following
the blocked one was to the same host and using the same forwarding
settings, Privoxy would send it on the tainted server socket.
While the server would simply treat it as a pipelined request,
Privoxy would later on fail to properly parse the server's
response as it would try to parse the unread data from the
first response as server headers for the second one.
(省略されました)
2010/11/15 ver 3.0.17
Announcing Privoxy v.3.0.17 stable
This is mainly a bug-fix release for the previously released Privoxy 3.0.16.
It contains fixes for two bugs that could cause connections to hang under
certain circumstances when keep-alive support was enabled, until they timed
out or where closed by the server.
See http://www.privoxy.org/3.0.17/user-manual/whatsnew.html for details.
*** Version 3.0.17 Stable ***
- Fixed last-chunk-detection for responses where the content was small
enough to be read with the body, causing Privoxy to wait for the
end of the content until the server closed the connection or the
request timed out. Reported by "Karsten" in #3028326.
- Responses with status code 204 weren't properly detected as body-less
like RFC2616 mandates. Like the previous bug, this caused Privoxy to
wait for the end of the content until the server closed the connection
or the request timed out. Fixes #3022042 and #3025553, reported by a
user with no visible name. Most likely also fixes a bunch of other
AJAX-related problem reports that got closed in the past due to
insufficient information and lack of feedback.
- Fixed an ACL bug that made it impossible to build a blacklist.
(省略されました)
This is mainly a bug-fix release for the previously released Privoxy 3.0.16.
It contains fixes for two bugs that could cause connections to hang under
certain circumstances when keep-alive support was enabled, until they timed
out or where closed by the server.
See http://www.privoxy.org/3.0.17/user-manual/whatsnew.html for details.
*** Version 3.0.17 Stable ***
- Fixed last-chunk-detection for responses where the content was small
enough to be read with the body, causing Privoxy to wait for the
end of the content until the server closed the connection or the
request timed out. Reported by "Karsten" in #3028326.
- Responses with status code 204 weren't properly detected as body-less
like RFC2616 mandates. Like the previous bug, this caused Privoxy to
wait for the end of the content until the server closed the connection
or the request timed out. Fixes #3022042 and #3025553, reported by a
user with no visible name. Most likely also fixes a bunch of other
AJAX-related problem reports that got closed in the past due to
insufficient information and lack of feedback.
- Fixed an ACL bug that made it impossible to build a blacklist.
(省略されました)
2010/02/21 ver 3.0.16
Announcing Privoxy v.3.0.16 stable
This is the first stable release since 3.0.12. It mainly contains
bugfixes for the previous betas which introduced IPv6 support,
improved keep-alive support and a bunch of minor improvements.
See http://www.privoxy.org/3.0.16/user-manual/whatsnew.html for details.
*** Version 3.0.16 stable ***
- Added the config file option handle-as-empty-doc-returns-ok to
work around Firefox bug #492459, which causes Firefox to hang
if JavaScripts are blocked in certain situations. The option is
enabled in the default config file.
- Added the config file option default-server-timeout to control the
assumed default server timeout. Since Privoxy no longer returns
an error message for connection resets on reused client connections,
assuming larger server timeout values appears to actually work
pretty well as long as connections aren't shared.
- Added optional support for FreeBSD's accf_http(9). Use the
configure option --enable-accept-filter to enable it.
- Added fancier Privoxy icons for win32. Contributed by Jeff H.
- In daemon mode, fd 0, 1 and 2 are bound to /dev/null.
(省略されました)
This is the first stable release since 3.0.12. It mainly contains
bugfixes for the previous betas which introduced IPv6 support,
improved keep-alive support and a bunch of minor improvements.
See http://www.privoxy.org/3.0.16/user-manual/whatsnew.html for details.
*** Version 3.0.16 stable ***
- Added the config file option handle-as-empty-doc-returns-ok to
work around Firefox bug #492459, which causes Firefox to hang
if JavaScripts are blocked in certain situations. The option is
enabled in the default config file.
- Added the config file option default-server-timeout to control the
assumed default server timeout. Since Privoxy no longer returns
an error message for connection resets on reused client connections,
assuming larger server timeout values appears to actually work
pretty well as long as connections aren't shared.
- Added optional support for FreeBSD's accf_http(9). Use the
configure option --enable-accept-filter to enable it.
- Added fancier Privoxy icons for win32. Contributed by Jeff H.
- In daemon mode, fd 0, 1 and 2 are bound to /dev/null.
(省略されました)
2009/10/19 ver 3.0.15
Announcing Privoxy v.3.0.15 beta
Privoxy 3.0.15 beta is a bugfix-release for the previous betas
See http://www.privoxy.org/3.0.15/user-manual/whatsnew.html for details.
*** Version 3.0.15 beta ***
- In case of missing server data, no error message is send to the
client if the request arrived on a reused connection. The client
is then supposed to silently retry the request without bothering
the user. This should significantly reduce the frequency of the
"No server or forwarder data received" error message many users
reported.
- More reliable detection of prematurely closed client sockets
with keep-alive enabled.
- FEATURE_CONNECTION_KEEP_ALIVE is decoupled from
FEATURE_CONNECTION_SHARING and now available on
all platforms.
- Improved handling of POST requests on reused connections.
Should fix problems with stalled connections after submitting
form data with some browser configurations.
- Fixed various latency calculation issues.
(省略されました)
Privoxy 3.0.15 beta is a bugfix-release for the previous betas
See http://www.privoxy.org/3.0.15/user-manual/whatsnew.html for details.
*** Version 3.0.15 beta ***
- In case of missing server data, no error message is send to the
client if the request arrived on a reused connection. The client
is then supposed to silently retry the request without bothering
the user. This should significantly reduce the frequency of the
"No server or forwarder data received" error message many users
reported.
- More reliable detection of prematurely closed client sockets
with keep-alive enabled.
- FEATURE_CONNECTION_KEEP_ALIVE is decoupled from
FEATURE_CONNECTION_SHARING and now available on
all platforms.
- Improved handling of POST requests on reused connections.
Should fix problems with stalled connections after submitting
form data with some browser configurations.
- Fixed various latency calculation issues.
(省略されました)