詳細情報
| タイトル | Privoxy |
|---|---|
| URL | http://www.privoxy.org/ |
| バージョン | 3.0.34 3.0.33 3.0.32 3.0.31 3.0.29 3.0.28 3.0.26 3.0.25 3.0.24 3.0.19 3.0.18 |
| 更新日 | 2023/02/06 |
| 追加日 | 2013/08/17 |
| 種別 | フリーソフト |
| 説明 | 広告除去など優れたフィルタリング能力を持つオープンソースのWebプロキシ。 |
スクリーンショット
スクリーンショットはありません。
レビュー
レビューはありません。
更新グラフ
バージョン履歴
| No. | バージョン名 | 日付 |
|---|---|---|
| 1 | 3.0.34 | 2023/02/06 |
| Announcing Privoxy 3.0.34 stable Privoxy 3.0.34 fixes a few minor bugs and comes with a couple of general improvements and new features. Please note that Google started to bounce messages from the Privoxy mailing lists a couple of months ago. As a result gmail users have been unsubscribed by Mailman. If you are affected by this, please resubscribe with a different mail address. The Privoxy project has limited resources and limited time to investigate an issue that only affects gmail addresses. ChangeLog for Privoxy 3.0.34 - Improve the handling of chunk-encoded responses by buffering the data even if filters are disabled and properly keeping track of where the various chunks are supposed to start and end. Previously Privoxy would merely check the last bytes received to see if they looked like the last-chunk. This failed to work if the last-chunk wasn't received in one read and could also result in actual data being misdetected as last-chunk. Should fix: SF support request #1739. Reported by: withoutname. (省略されました) | ||
| 2 | 3.0.33 | 2021/12/09 |
| Announcing Privoxy 3.0.33 stable Privoxy 3.0.33 fixes an XSS issue, multiple DoS issues and a couple of other bugs. The issues also affect earlier Privoxy releases. Privoxy 3.0.33 also comes with a couple of general improvements and new features. ChangeLog for Privoxy 3.0.33 - cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) when Privoxy is configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. Reported by: Artem Ivanov - get_url_spec_param(): Free memory of compiled pattern spec before bailing. Reported by Joshua Rogers (Opera) who also provided the fix. Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540. - process_encrypted_request_headers(): Free header memory when failing to get the request destination. Reported by Joshua Rogers (Opera) who also provided the fix. Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541. (省略されました) | ||
| 3 | 3.0.32 | 2021/02/28 |
| Announcing Privoxy 3.0.32 stable Privoxy 3.0.32 fixes multiple DoS issues and a couple of other bugs. The issues also affect earlier Privoxy releases. ChangeLog for Privoxy 3.0.32 - ssplit(): Remove an assertion that could be triggered with a crafted CGI request. Commit 2256d7b4d67. OVE-20210203-0001. - cgi_send_banner(): Overrule invalid image types. Prevents a crash with a crafted CGI request if Privoxy is toggled off. Commit e711c505c48. OVE-20210206-0001. Reported by: Joshua Rogers (Opera) - socks5_connect(): Don't try to send credentials when none are configured. Fixes a crash due to a NULL-pointer dereference when the socks server misbehaves. Commit 85817cc55b9. OVE-20210207-0001. Reported by: Joshua Rogers (Opera) - chunked_body_is_complete(): Prevent an invalid read of size two. Commit a912ba7bc9c. OVE-20210205-0001. Reported by: Joshua Rogers (Opera) (省略されました) | ||
| 4 | 3.0.31 | 2021/02/01 |
| Announcing Privoxy 3.0.31 stable Privoxy 3.0.31 fixes two security issues that were discovered while preparing the 3.0.30 release. The issues also affect earlier Privoxy releases. ChangeLog for Privoxy 3.0.31 - Prevent an assertion from getting triggered by a crafted CGI request. Commit 5bba5b89193fa. OVE-20210130-0001. Reported by: Joshua Rogers (Opera) - Fixed a memory leak when decompression fails "unexpectedly". Commit f431d61740cc0. OVE-20210128-0001. - Bug fixes: - Fixed detection of insufficient data for decompression. Previously Privoxy could try to decompress a partly uninitialized buffer. -------------------------------------------------------------------- ChangeLog for Privoxy 3.0.30 -------------------------------------------------------------------- - Bug fixes: - Check the actual URL for redirects when https inspecting requests. (省略されました) | ||
| 5 | 3.0.29 | 2020/11/30 |
| Announcing Privoxy 3.0.29 stable Privoxy 3.0.29 stable fixes a couple of memory leaks and introduces https inspection which allows to filter encrypted requests and responses. ChangeLog for Privoxy 3.0.29 - Security/Reliability: - Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001. - Fixed a memory leak in the show-status CGI handler when no action files are configured. Commit c62254a686. OVE-20201118-0002. - Fixed a memory leak in the show-status CGI handler when no filter files are configured. Commit 1b1370f7a8a. OVE-20201118-0003. - Fixes a memory leak when client tags are active. Commit 245e1cf32. OVE-20201118-0004. - Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error. (省略されました) | ||
| 6 | 3.0.28 | 2019/01/01 |
| Announcing Privoxy 3.0.28 stable Privoxy 3.0.27 stable scales better in multi-user environments and brings a couple of tuning directives. Privoxy 3.0.28 stable fixes two regressions introduced in 3.0.27. ChangeLog for Privoxy 3.0.28 - Bug fixes for regressions in 3.0.27: - Fixed misplaced parentheses. Reported by David Binderman. - Changed two regression tests to depend on config directive enable-remote-toggle instead of FEATURE_TOGGLE. -------------------------------------------------------------------- ChangeLog for Privoxy 3.0.27 -------------------------------------------------------------------- - Add a receive-buffer-size directive which can be used to set the size of the previously statically allocated buffer in handle_established_connection(). Increasing the buffer size increases Privoxy's memory usage but can lower the number of context switches and thereby reduce the CPU usage and potentially increase the throughput. (省略されました) | ||
| 7 | 3.0.26 | 2016/08/30 |
| Announcing Privoxy 3.0.26 stable Privoxy 3.0.26 stable is a bug-fix release for the previously released 3.0.25 beta which introduced client-specific tags and included a couple of minor improvements. - Fixed crashes with "listen-addr :8118" (SF Bug #902). The regression was introduced in 3.0.25 beta and reported by Marvin Renich in Debian bug #834941. - General improvements: - Log when privoxy is toggled on or off via cgi interface. - Highlight the "Info: Now toggled " on/off log message in the Windows log viewer. - Highlight the loading actions/filter file log message in the Windows log viewer. - Mention client-specific tags on the toggle page as a potentionally more appropriate alternative. - Documentation improvements: - Update download section on the homepage. The downloads are available from the website now. - Add sponsor FAQ. (省略されました) | ||
| 8 | 3.0.25 | 2016/06/04 |
| Announcing Privoxy 3.0.25 beta Privoxy 3.0.25 beta introduces client-specific tags and includes a couple of minor improvements. It will be followed by a stable release in the near future. - Always use the current toggle state for new requests. Previously new requests on reused connections inherited the toggle state from the previous request even though the toggle state could have changed. Reported by Robert Klemme. - Fixed two buffer-overflows in the (deprecated) static pcre code. These bugs are not considered security issues as the input is trusted. Found with afl-fuzz and ASAN. - Added support for client-specific tags which allow Privoxy admins to pre-define tags that are set for all requests from clients that previously opted in through the CGI interface. They are useful in multi-user setups where admins may want to allow users to disable certain actions and filters for themselves without affecting others. (省略されました) | ||
| 9 | 3.0.24 | 2016/01/28 |
| Announcing Privoxy 3.0.24 stable Privoxy 3.0.24 stable contains a couple of new features but is mainly a bug-fix release. Two of the fixed bugs are security issues and may be used to remotely trigger crashes on platforms that carefully check memory accesses (most don't). - Security fixes (denial of service): - Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. - Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz and AddressSanitizer. - When using socks5t, send the request body optimistically as well. Previously the request body wasn't guaranteed to be sent at all and the error message incorrectly blamed the server. Fixes #1686 reported by Peter M端ller and G4JC. - Fixed buffer scaling in execute_external_filter() that could lead to crashes. Submitted by Yang Xia in #892. - Fixed crashes when executing external filters on platforms like Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@. (省略されました) | ||
| 10 | 3.0.19 | 2011/12/27 |
| Announcing Privoxy v.3.0.19 stable This is a bug-fix release for the previously released Privoxy 3.0.18. One of the fixes addresses a security issue. -------------------------------------------------------------------- *** Version 3.0.19 Stable *** - Bug fixes: - Prevent a segmentation fault when de-chunking buffered content. It could be triggered by malicious web servers if Privoxy was configured to filter the content and running on a platform where SIZE_T_MAX isn't larger than UINT_MAX, which probably includes most 32-bit systems. On those platforms, all Privoxy versions before 3.0.19 appear to be affected. To be on the safe side, this bug should be presumed to allow code execution as proving that it doesn't seems unrealistic. - Do not expect a response from the SOCKS4/4A server until it got something to respond to. This regression was introduced in 3.0.18 and prevented the SOCKS4/4A negotiation from working. Reported by qqqqqw in #3459781. - General improvements: (省略されました) | ||
| 11 | 3.0.18 | 2011/11/21 |
| Announcing Privoxy v.3.0.18 stable This is mainly a bug-fix release for the previously released Privoxy 3.0.17. One of the fixes addresses a security issue. *** Version 3.0.18 stable *** - Bug fixes: - If the redirect URL contains characters RFC 3986 doesn't permit, they are (re)encoded. Not doing this makes Privoxy versions from 3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113) attacks if the +fast-redirects{check-decoded-url} action is used. - Fix a logic bug that could cause Privoxy to reuse a server socket after it got tainted by a server-header-tagger-induced block that was triggered before the whole server response had been read. If keep-alive was enabled and the request following the blocked one was to the same host and using the same forwarding settings, Privoxy would send it on the tainted server socket. While the server would simply treat it as a pipelined request, Privoxy would later on fail to properly parse the server's response as it would try to parse the unread data from the first response as server headers for the second one. (省略されました) | ||
RSS[全体]
Tw[@softantenna]