- Don't generate revocation key for LS2
- Fix generation of persistent revocation key for LS1
- Fix persistent private keys without persistent revocation key
- Don't put unconfigured private keys in leaseset
- Don't strip i2cp.leaseSetPrivateKey from config before it's used
Store destination in outbound session
Allow sending null data through OCMOSJ for ratchet acks; omit data clove
Only call messageDeliveryStatusUpdate() for nonzero nonce
Bundle 2.0 API only; remove 1.1 API
Convert DoH, NDT, and i2pcontrol to the 2.x API
Fix i2pcontrol handling of number values and serialization for 2.x API
Remove xenial dependency on libjson-simple-java, it has only 1.1
Set min and max version constraint on libjson-simple-java for bionic+
Based on patch from Gilles Filippini
ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901827
This does not support 3.x but the patch for that will be smaller.
Set MTU in receiveConnection() for inbound connections
Cleanup CDR.isAckOnly()
Only call now() in MOS for debugging
Set receive.streamActive stat to 1, not 0
Don't set I2P user agent, spoof MiniUPnPc
Don't convert string-to-bytes-to-string
Don't fallback to alternate code after failure
Don't use HttpURLConnection if proxy enabled
Add location sanity checks
Force Connection: close
Don't attempt to set Host header, HttpURLConnection ignores it
Disable following redirects
For new installs, change owner rather than giving 'F' permission to Users group
For existing installs, change owner and change 'F' permission to 'RX' for Users group
Local privilege escalation vulnerability
Introduced 2009-06-11, released in 0.7.5 2009-06-29
Reported by Juilo Cesar Fort of Blaze Information Security 2020-04-28
Fix malformed HTTP requests
Check HTTP response code in Parser
Check content type in Parser
Debug log in Parser
Show device URL in CLI
Don't retry after parser exception
Close resources in finally block
