The Squid HTTP Proxy team is pleased to announce the availability of the Squid-3.0.STABLE17 release! This release is primarily a Security Update release. All users of Squid-3.0 are urgently advised to move up to this release. The major changes are for advisory SQUID-2009:2. This is for multiple vulnerabilities in both request and response processing. The cause is the same, but there are many variations of possible attack. http://www.squid-cache.org/Advisories/SQUID-2009_2.txt There are also a number of smaller fixes in this release with potential towards security problems. These are much harder trigger within Squid. The helper issues are primarily of concern when used by other systems than Squid. - Bug 2710: squid_kerb_auth non-terminated string - Bug 2674: Remove limit on HTTP headers read. - Bug 2659: String length overflows on append, leading to segfaults - Bug 2620: Invalid HTTP response codes causes segfault - Bug 2080: wbinfo_group.pl - false positive under certain conditions And a few more regular bugs: - Bug 2680 regression: Crash after rotate with no helpers running - Bug 2679: strsep and strtoll detection failure - Bug 1087: ESI processor not quoting attributes correctly. - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.0/RELEASENOTES.html if and when you are ready to make the switch to Squid-3. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.0/ ftp://ftp.squid-cache.org/pub/squid-3/STABLE/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.dyn http://www.squid-cache.org/Download/mirrors.dyn If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries