The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.2.0.2 beta release!
This release brings in major security enhancements, additional tools and
several bug fixes over the previous release.
On the security front we have three major additions also shared with the
3.1 series, and one unique for 3.2:
* Fixes for the request processing vulnerability tagged SQUID-2010:3.
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
* A hardening of the DNS client against packet queueing approaches
used to enable attacks. This completes the protection against attacks
published by Yamaguchi late in 2009.
* An HTTP request-line parser hardened against several categories of
request attack. This greatly increasing the speed of detection and
reducing resources used to detect these categories of attack.
* New with this release the general HTTP request smuggling attack
detection has been improved and fine tuned. This series of Squid will be
more tolerant of badly broken HTTP requests.
HTTP/1.1 support has had several minor fixes and one large booster.
Squid will now perform chunked encoding back to HTTP/1.1 compliant
clients. This seems to resolve issues some clients have with persistent
connections closing early due to HTTP/1.0 server behaviour.
Kerberos authentication support has been added to the squidclient tool.
Which can now send either Basic or Negotiate protocol credentials to
proxies and web servers.
A helper for matching Kerberos groups via LDAP has now been fixed and
builds by default.
The cachemgr interface has been extended to permit manual triggering of
the log rotate action. This completes the selection of current "squid
-k" management actions which are now all available to a remote admin.
The strangely named "purge" tool known to some has now been adopted into
the squid packages and given a few updates to build on as many systems
as possible. This tool permits many management operations on raw caches
using the Squid UFS/AUFS/DiskD storage format. Testing is encouraged,
particularly if you are already familiar and can identify any problems.
One of our background cleaning projects to bring simplicity and
consistency to ./configure has now been completed and merged. As with
all success stories in the background most testers have not even noticed
the change. The ./configure options are now operating faster, some are
smarter, with additional validity checks and we think better error
messages when mistakes happen.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
if and when you are ready to make the switch to Squid-3.2
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.2/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.2/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
