The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.1.7 release!
This release fixes a number of bugs in the earlier Squid releases.
One regression introduced with 3.1.6 when contacting IPv4-only DNS
resolvers opens a small but exploitable DoS vulnerability. All users of
Squid-3.1.6 are urged to upgrade to this release as soon as possible.
Several HTTP/1.1 compliance bugs have been resolved. The most noticeable
of these is that Squid is now more correctly operating connection
keep-alive to clients.
The fix for keep-alive has resolved several apparent bugs in NTLM and
Negotiate authentication and brought to light a compatibility issue with
the major modern browsers. The issue appears to end-users as multiple
browser popups if for any reason they need to supply new NTLM/Negotiate
credentials for a connection. The default if unset for NTLM and
Negotiate auth_param keep_alive has become OFF to avoid this.
The visible_hostname directive has been updated with several fixes to
avoid killing Squid when the machine hostname is mis-configured or
unavailable at startup. To retain consistency with existing
distributions practice the value of "localhost" is used in the event of
a lookup failure.
All users of Squid-3.1.6 are urged to upgrade to this release as soon as
possible.
Users of other Squid-3.1 and 3.0 are encouraged to upgrade at their
earliest convenience.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
if and when you are ready to make the switch to Squid-3.1
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.1/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.1/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
