June 2026, Privoxy 4.2.0 (stable) macOS Apple Silicon installer V1.0 released.

Version Support

This installer has been tested on macOS Tahoe 26.5.1 (the current release at time of build). It is likely to work on macOS as old as 11, on Macs using Apple Silicon processors.

What's New

This is a general maintenance release, comprising support for elliptic-curve TLS keys, some security fixes, and a variety of bug fixes and general improvements.

Please read the user manual to learn how to enable HTTPS inspection on your platform; this release supports it but it is not enabled by default.

Full ChangeLog

- Security improvements:
  - Parse the chunk-size with a dedicated function and reject "unreasonably"
    large values to prevent silent truncation by sscanf(), integer overflows
    and misinterpretation of the content later on. Heap buffer overflows on
    platforms with 32-bit pointers were alleged as well.
    Commit 5b3bb22b77. OVE-20260515-0002. Reported by @TristanInSec.
  - ssl_send_certificate_error(): Store the generated message on the heap
    instead of the stack to prevent an alleged segmentation fault if there
    are enough certificates in the chain to exceed the stack size.
    While at it, replace another variable-length array that was probably
    unproblematic with a heap-based buffer as well.
    Commit 4963aa4f08. OVE-20260515-0001. Reported by @TristanInSec.

- Bug fixes:
  - block_acl(): Ignore ACL matches when we don't have a destination yet
    but the ACL requires one to match. block_acl() will be called
    again later on when the destination is known from parsing the request.
    Fixes SF bug #913 reported by Rainer Sokoll with confirmation from
    Peter Geelhoed.
  - rfc2553_connect_to(): Prevent theoretical memory disclosure through
    the CGI interface if a request is rejected due to ACLs. It's theoretical
    due to the previous bug in the ACL code.
  - send_http_request(): Give up on the client connection if writing the
    request data failed. If there's a request body Privoxy may not have
    read all the data yet. The issue could be reproduced by running the
    upstream curl test 1293 multiple times in a row.
  - load_one_re_filterfile(): Only register content filters for statistics.
    Previously all filter types were registered which wasted a bit of memory.
  - Prevent unused-variable warnings when compiling with
    DISABLE_PCRE_JIT_COMPILATION defined.
  - cgi_show_url_info(): Remove special handling of "standard.action".

- General improvements:
  - Add elliptic-curve-keys directive and enable it by default.
    It lets Privoxy use the SN_X9_62_prime256v1 group instead of RSA when
    generating website keys and certificates. This is expected to be faster
    but may not be supported by older clients. The OpenSSL-specific code is
    based on on a patch by Steven Smith submitted in SF#933.
  - Check the listening address when deciding whether or not a client tag
    matches. This allows to use different client tags for different clients
    running on the same host.
  - Add code to make debugging ACL rules more convenient. It can be enabled
    with the new configure parameter --enable-acl-debugging.
  - acl_addr(): Properly reject IPv6 addresses when compiled without RFC2553 support.
  - Use separate linked lists for filters of different types to be able look up
    filters more efficiently. Implements TODO item #96.
  - Allow to set and unset external filters through the CGI editor.
  - parse_acl_rule(): Include the config file line number in the error messages.
  - wolfssl: Downgrade an error message in create_server_ssl_connection()
    to LOG_LEVEL_ERROR.
  - Remove useless csp member re_filterfile_short[].
  - templates: Update description of the 'unstable' conditional symbol.
  - templates/url-info-osd.xml: Update address of the Privoxy developers mailing list.
  - Factor parse_acl_rule() out of load_config().
  - configure.in: Don't claim that OpenSSL has been detected when it may be LibreSSL.
  - configure.in: Remove code to disable pcre2. Since the removal of pcre1
    support in 24d0ff8398fdf pcre2 is no longer optional.
  - Replace the term 'TLS/SSL' with 'TLS' in a bunch of places as most (all?)
    supported TLS libraries default to not supporting SSL anymore.
  - utils/filter2docs.pl: Add two spaces between filter names and description
    so there's space after the longest filter name which currently is
    'allow-autocompletion'.
  - utils/filter2docs.pl: Recognize filters with dots in the name.
  - Remove support for mbedtls 2.x.
  - Remove support for OpenSSL versions before 2.0.
  - GNUMakefile.in: Remove duplicated 'only' in the web-rss-feed target's message.
  - GNUMakefile.in: Add a web-rss-feed target that only syncs the RSS feed.
  - GNUMakefile.in: The Privoxy tools privoxy-log-parser, privoxy-regression-test
    and uagen are handled by the "install" and "uninstall" targets now.

- Action file improvements:
  - Disable fast-redirects for "/.*&__goaway_referer=http".
  - Block ".parsely.com/p(logger|x)/" to match URLs that weren't
    covered by ".pixel.parsely.com/".
  - Block requests to ".siteintercept.qualtrics.com/".
  - Unblock "gitlab./search/count\?".
  - Reword a comment in user.action that claimed that 'we' want
    to support certain sites.
  - Remove obsolete domain sunsolve.sun.com from user.action.
  - Stop referring to SSL in comments.
  - Disable fast-redirects for "archive.is/".
  - Add example section for the taz.de filter to user.action.
  - default.action.master: Update list of predefined filters.

- Filter improvements:
  - Let the "sourceforge" filter hide the "MongoDB" ad and the "vibe coding bar".
  - Add a "taz.de" filter which hides the "paywahl" banner on taz.de by default.

- Documentation improvements:
  - FAQ: Mention that one can also donate through Liberapay and add a link.
  - Add two paragraphs to the 'Reporting security problems' section.
    Request that use of "AI" is disclosed and that reporters respond to
    questions about the report.
  - The Privoxy tools privoxy-log-parser, privoxy-regression-test and uagen
    have man pages now. Previously they were only documented in perldoc.
  - user-manual: Update the content filter list.
  - user-manual: Update limit-connect description. If the https-inspection action
    is enabled, Privoxy does filter the transferred content even if the CONNECT
    action is being used.
  - Document that the listen-address is taken into account for client
    tags as well now.
  - Update limit-connect description.
  - Don't mention an obsolete mbed TLS version in the user manual's
    'Third-party licenses and copyrights' section. While at it, link to the
    GitHub page which shows the README instead of the list of tags which is
    less informative and replace an 'and' with a comma.
  - Mention zstd in the user manual's 'Third-party licenses and copyrights' section.
  - license.sgml: Remove incorrect comment claiming that the file is included
    into the user manual.
  - Factor out license explanation into separate SGML document
    to deduplicate the content. No HTML output change intended.
  - user-manual: Sync paragraph explaining the license of Privoxy binaries
    when linked to a recent TLS library with license.sgml.
  - user-manual: Use &lt; instead of literal '<' to unbreak highlighting in Emacs.

- Website improvements:
  - Update doc/webserver/README.txt.
  - Delete doc/webserver/redirect.php which hasn't been used in years.

- Privoxy-Log-Parser:
  - Highlight listen address in "Evaluating tag 'forward-directly' for client
    127.0.0.1 using 127.0.1.1:8120. End of life 1774948202."
  - Deal with a log message containing only 'TLS' instead of 'TLS/SSL'.
  - Bump version to 0.9.8.
  - Highlight listen address in 'Enlisting tag 'allow-cookies' for client
    127.0.0.1 using 127.0.1.1:8120.'

- Test improvements:
  - run-privoxy-tests.sh: Kill the whole process group if Privoxy
    doesn't start up in time. This prevents hangs when the system is
    heavily loaded, run-privoxy-test.sh's output is piped into tee(1)
    and Privoxy starts up after the the script checks for it, but before
    it exits.
  - Add test for the content filter "taz.de".
  - Add test scenarios for the ACL code.
  - tests/cts: Make the TESTDIR available as environment variable so
    the prechecks can access it.
  - Add test helper script that checks if a local address is available
    to bind to.
  - run-privoxy-tests.sh: Add valgrind support that can be enabled with "-v".
  - run-privoxy-tests.sh: Turn $log_file into a local variable in start_privoxy().
  - tests/cts/README: Recommend to use curl upstream tag curl-8_20_0.
  - Regenerate curl-test-manifest-for-privoxy.
  - gen-skip-reasons.pl: Use '==' instead of 'eq' when checking whether or
    not a test should be skipped. While the script output is the same, the
    test number isn't a  string so using '==' seems more appropriate.
  - gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values.
  - gen-skip-reasons.pl: Skip test 58 for now which doesn't work anymore after
    a recent curl upstream change.
  - gen-skip-reasons.pl: Skip test 1685 which uses a Cookie header with a tab
    that Privoxy converts into a space.
  - Privoxy-Regression-Test: Bump version to 0.7.6
  - Privoxy-Regression-Test: Allow '!' characters which are used in URLs from
    taz.de for example.
  - Privoxy-Regression-Test: Include the offending line in the error message
    when rejecting Sticky Actions with whitespace inside the action parameters.
  - Add three more tests for the chunked-transfer-encoding scenario.

Please see the "What's New in this Release" section in the User Manual for details of all new features introduced and bugs fixed in this release.
