[Privoxy-commits] [privoxy] 02/07: Add ChangeLog entries for 4.2.0 stable

Mon Apr 20 15:58:38 CEST 2026

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 67a8f804ac197fb38b49cff386e3c13b9ffa26d1
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sat Apr 11 10:25:19 2026 +0200

    Add ChangeLog entries for 4.2.0 stable
---
 ChangeLog | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 4a458202..e7b1e444 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,140 @@
 --------------------------------------------------------------------
 ChangeLog for Privoxy
 --------------------------------------------------------------------
+*** Version 4.2.0 stable ***
+
+- Bug fixes:
+  - block_acl(): Ignore ACL matches when we don't have a destination yet
+    but the ACL requires one to match. block_acl() will be called
+    again later on when the destination is known from parsing the request.
+    Fixes SF bug #913 reported by Rainer Sokoll  with confirmation from
+    Peter Geelhoed.
+  - rfc2553_connect_to(): Prevent theoretical memory disclosure through
+    the CGI interface if a request is rejected due to ACLs. It's theoretical
+    due to the previous bug in the ACL code.
+  - send_http_request(): Give up on the client connection if writing the
+    request data failed. If there's a request body Privoxy may not have
+    read all the data yet. The issue could be reproduced by running the
+    upstream curl test 1293 multiple times in a row.
+  - load_one_re_filterfile(): Only register content filters for statistics.
+    Previously all filter types were registered which wasted a bit of memory.
+  - Prevent unused-variable warnings when compiling with
+    DISABLE_PCRE_JIT_COMPILATION defined.
+  - cgi_show_url_info(): Remove special handling of "standard.action".
+
+- General improvements:
+  - Add elliptic-curve-keys directive and enable it by default.
+    It lets Privoxy use the SN_X9_62_prime256v1 group instead of RSA when
+    generating website keys and certificates. This is expected to be faster
+    but may not be supported by older clients. The OpenSSL-specific code is
+    based on on a patch by Steven Smith submitted in SF#933.
+  - Check the listening address when deciding whether or not a client tag
+    matches. This allows to use different client tags for different clients
+    running on the same host.
+  - Add code to make debugging ACL rules more convenient. It can be enabled
+    with the new configure parameter --enable-acl-debugging.
+  - acl_addr(): Properly reject IPv6 addresses when compiled without RFC2553 support.
+  - Use separate linked lists for filters of different types to be able look up
+    filters more efficiently. Implements TODO item #96.
+  - Allow to set and unset external filters through the CGI editor.
+  - parse_acl_rule(): Include the config file line number in the error messages.
+  - wolfssl: Downgrade an error message in create_server_ssl_connection()
+    to LOG_LEVEL_ERROR.
+  - Remove useless csp member re_filterfile_short[].
+  - templates: Update description of the 'unstable' conditional symbol.
+  - templates/url-info-osd.xml: Update address of the Privoxy developers mailing list.
+  - Factor parse_acl_rule() out of load_config().
+  - configure.in: Don't claim that OpenSSL has been detected when it may be LibreSSL.
+  - configure.in: Remove code to disable pcre2. Since the removal of pcre1
+    support in 24d0ff8398fdf pcre2 is no longer optional.
+  - Replace the term 'TLS/SSL' with 'TLS' in a bunch of places as most (all?)
+    supported TLS libraries default to not supporting SSL anymore.
+  - utils/filter2docs.pl: Add two spaces between filter names and description
+    so there's space after the longest filter name which currently is
+    'allow-autocompletion'.
+  - utils/filter2docs.pl: Recognize filters with dots in the name.
+  - Remove support for mbedtls 2.x.
+  - Remove support for OpenSSL versions before 2.0.
+  - GNUMakefile.in: Remove duplicated 'only' in the web-rss-feed target's message.
+  - GNUMakefile.in: Add a web-rss-feed target that only syncs the RSS feed.
+  - GNUMakefile.in: The Privoxy tools privoxy-log-parser, privoxy-regression-test
+    and uagen are handled by the "install" and "uninstall" targets now.
+
+- Action file improvements:
+  - Disable fast-redirects for "/.*&__goaway_referer=http".
+  - Block ".parsely.com/p(logger|x)/" to match URLs that weren't
+    covered by ".pixel.parsely.com/".
+  - Unblock "gitlab./search/count\?".
+  - Reword a comment in user.action that claimed that 'we' want
+    to support certain sites.
+  - Remove obsolete domain sunsolve.sun.com from user.action.
+  - Stop referring to SSL in comments.
+  - Disable fast-redirects for "archive.is/".
+  - Add example section for the taz.de filter to user.action.
+  - default.action.master: Update list of predefined filters.
+
+- Filter improvements:
+  - Let the "sourceforge" filter hide the "MongoDB" ad and the "vibe coding bar".
+  - Add a "taz.de" filter which hides the "paywahl" banner on taz.de by default.
+
+- Documentation improvements:
+  - The Privoxy tools privoxy-log-parser, privoxy-regression-test and uagen
+    have man pages now. Previously they were only documented in perldoc.
+  - user-manual: Update the content filter list.
+  - user-manual: Update limit-connect description. If the https-inspection action
+    is enabled, Privoxy does filter the transferred content even if the CONNECT
+    action is being used.
+  - Document that the listen-address is taken into account for client
+    tags as well now.
+  - Update limit-connect description.
+  - Don't mention an obsolete mbed TLS version in the user manual's
+    'Third-party licenses and copyrights' section. While at it, link to the
+    GitHub page which shows the README instead of the list of tags which is
+    less informative and replace an 'and' with a comma.
+  - Mention zstd in the user manual's 'Third-party licenses and copyrights' section.
+  - license.sgml: Remove incorrect comment claiming that the file is included
+    into the user manual.
+  - Factor out license explanation into separate SGML document
+    to deduplicate the content. No HTML output change intended.
+  - user-manual: Sync paragraph explaining the license of Privoxy binaries
+    when linked to a recent TLS library with license.sgml.
+  - user-manual: Use < instead of literal '<' to unbreak highlighting in Emacs.
+
+- Website improvements:
+  - Update doc/webserver/README.txt.
+  - Delete doc/webserver/redirect.php which hasn't been used in years.
+
+- Privoxy-Log-Parser:
+  - Highlight listen address in "Evaluating tag 'forward-directly' for client
+    127.0.0.1 using 127.0.1.1:8120. End of life 1774948202."
+  - Deal with a log message containing only 'TLS' instead of 'TLS/SSL'.
+  - Bump version to 0.9.8.
+  - Highlight listen address in 'Enlisting tag 'allow-cookies' for client
+    127.0.0.1 using 127.0.1.1:8120.'
+
+- Test improvements:
+  - run-privoxy-tests.sh: Kill the whole process group if Privoxy
+    doesn't start up in time. This prevents hangs when the system is
+    heavily loaded, run-privoxy-test.sh's output is piped into tee(1)
+    and Privoxy starts up after the the script checks for it, but before
+    it exits.
+  - Add test for the content filter "taz.de".
+  - Add test scenarios for the ACL code.
+  - tests/cts: Make the TESTDIR available as environment variable so
+    the prechecks can access it.
+  - Add test helper script that checks if a local address is available
+    to bind to.
+  - run-privoxy-tests.sh: Add valgrind support that can be enabled with "-v".
+  - run-privoxy-tests.sh: Turn $log_file into a local variable in start_privoxy().
+  - tests/cts/README: Recommend to use curl upstream tag curl-8_19_0.
+  - Regenerate curl-test-manifest-for-privoxy.
+  - gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values.
+  - Privoxy-Regression-Test: Bump version to 0.7.6
+  - Privoxy-Regression-Test: Allow '!' characters which are used in URLs from
+    taz.de for example.
+  - Privoxy-Regression-Test: Include the offending line in the error message
+    when rejecting Sticky Actions with whitespace inside the action parameters.
+
 *** Version 4.1.0 stable ***
 
 - General improvements:

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
