The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.2.0.5 beta release!
This release brings in a lot of polish and completes two more of the
structural bugs/features before release 3.2 can be made.
Several regressions in the earlier 3.2 beta have been resolved:
* profiler should not have been built by default
* Bug 3081: assertion failed: AsyncCallQueue
* Bug 2948: Requests for FTP active downloads cause failed assertion
* Bug 3089: FTP command output overrides directory listing
Other bugs and problems resolved:
- Bug 2870: Make Squid obey --disable-auth and --disable for the
individual authentication modules.
This is a big change with effects feature availability and behaviour
in several unusual places.
If you wish to use this please read the change commit message or
http://squidproxy.wordpress.com/2011/02/10/disabling-authentication/ for
a long description of the changes and effects.
- HTTP/1.1: Support configurable status codes for deny_info
3xx and 4xx and 5xx codes may now be configured.
see the config documentation for details.
- Bug 2586: multiple memory leaks during reconfigure
- Bug 2581: FTP directory listing sometimes fails
- Port from 2.7: maximum staleness limits
- Support upcoming "fresh message creation" eCAP API
- Aggregate SNMP responses when using SMP with multiple workers
- Several more Solaris, Windows and ICC support fixes. This is ongoing.
As usual this beta contains all the fixes passed on to 3.1 series
alongside its own changes. There are several important changes shared
with the 3.1.11 release which need to be noticed:
Bug 3144: URL re-write/redirect programs are potentially vulnerable to
hanging while receiving very long URLs. Due to buffer overflow
protections truncating long URLs. This enables trusted clients to
perform a DoS on the Squid server, possibly via loading web links in a
malicious website.
Popular scripting helpers appear not to be vulnerable to this DoS
effect, but will produce errors or truncated URL output instead.
Helpers which depend on and wait for receiving the API documented
newline terminator are all vulnerable.
Squid will now catch these and produce a 414 status code error instead.
Bug 2959: We have removed the use of environment variable SAMBAPREFIX
during build. Instead the helpers which previously used it to locate the
Samba tools require those tools (nmblookup, smbclient, wbinfo) to be
available in the system $PATH. This allows several helpers to be build
on systems without Samba as long as it is present when they are run.
* Build scripts should be forward-compatible since the Squid build
simply ignores the variable now.
* Run-time scripts may need a check and update to ensure the above
mentioned Samba tools are in the system $PATH now.
Pipelining is one of the standard HTTP features which clashes and
breaks badly when NTLM or Negotiate/Kerberos TCP connection
authentication are performed. Squid will now produce a warning message
and disable pipelining cleanly if those authentication methods are
configured in Squid.
The default setting for pipelining is OFF. Configurations receiving
that waring should remove the pipeline_prefetch directive from their
squid.conf.
WARNING: the current Squid will not produce this notice if NTLM or
Negotiate/Kerberos are simply passed through Squid to an origin server.
If you are aware of such traffic needing to pass through your Squid it
is up to you to ensure pipelining remains OFF.
Users of earlier 3.2 beta releases are encouraged to test this beta out
and upgrade as soon as possible.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
when you are ready to make the switch to Squid-3.2
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.2/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.2/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
