The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.2.0.7 beta release!
This release brings fixes for several major regressions uncovered in the
previous releases. Yes 3.2.0.6 was left unannounced due to these.
New Changes bundled as 3.2.0.7:
Regression from 3.2.0.6 a major assertion crash on startup for all
builds with the HTCP component removed (--disable-htcp) is now fixed.
Regression from 3.2.0.6 a critical assertion crash handling HTTPS
CONNECT tunnels is now fixed.
Regressions from 3.2.0.3 now fixed are two identical assertion crashes
when using either NTLM or Negotiate authentication.
Those users holding back from testing 3.2 due to NTLM and Negotiate
requirements are advised that these were the last of the known major
issues with those components.
This release adds negotiate_wrapper_auth version 1.0.1. This helper
supports both Negotiate/NTLM and Negotitate/Kerberos flavours of
Negotiate protocol responses. It splits Negotiate authentication
protocol responses for validation by an appropriate NTLM or Kerberos
sub-helper.
Older Changes bundled as 3.2.0.6:
A new set of icons based on the well-known Silk Icons from famfamfam.org
have been added for use in generated FTP and Gopher directory listings.
Sadly there was an incorrect location for the icons/ directory. Users
of 3.2.0.6 and a small range of 3.2 daily snapshot bundles will need to
manually adjust their icons/ directory location back to /usr/share/squid
when upgrading to this release. Other users are not affected.
The icons are default for all new installs. Upgraded Squid will
continue to use the old Anthony GIF set by default to prevent erasing
any local settings in the /etc/squid/mime.conf configuration file.
Manual editing is required to make use of the new mime.conf file
(installed as mime.conf.default). Usually this means just moving the new
file over the old one.
Regression from 3.2.0.5 a major segmentation fault crash when accessing
an SSL certificate with errors was fixed.
Regression in the logging modules was fixed. This appeared as a
segmentation fault crash reconfiguring squid or rotating the log files
when "stdio:" module was correctly configured.
Regression from 3.2.0.4 in SMP support preventing shutdown properly if a
worker process crashes on exit is now fixed.
Regression from 3.2.0.5 (Bug 3159) ICAP and --disable-auth compile
problems was partially fixed. There are some outstanding compile issues
when authentication capabilities are elided from the Squid binary.
Support parameterized Cache Manager queries. This enables cachemgr.cgi
and other tools to request per-worker reports. The default management
reporting is to aggregate and report information from all workers in a
multi-process (SMP) Squid.
Support for libecap v0.2.0 is added. This resolves a large number of
limitations eCAP modules were previously faced with. See the libecap
documentation for more details.
As usual this release contains all the fixes passed on to 3.1 series
alongside its own changes. There are several important changes which
need to be noticed:
In 3.1.12 and 3.2.0.6 the handling of CONNECT tunnel requests has been
altered to prevent relaying them to peers marked as origin servers. The
tunnel will now either skip the peer or where possible be opened to the
peer in its origin role. This resolves problems with proxies acting as
both a LAN gateway and reverse-proxy to an internal HTTPS service.
3.1.12.1 and 3.2.0.7 fix one URL processing error which enables trusted
clients to crash the Squid service with specially crafted requests. Most
client agents contain protection against external sources use of these
URLs which greatly limits its security impact. However there is some
vulnerability to specially crafted requests from internal malicious
software.
See the ChangeLog for the long list of other minor changes in this
release and 3.2.0.6.
Any Users of the 3.2.0.6 bundles are advised to upgrade immediately.
Paying attention to the icons location during the move.
Users of earlier 3.2 beta releases are encouraged to upgrade as soon as
possible.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
when you are ready to make the switch to Squid-3.2
Upgrade tip:
"squid -k parse" is starting to display even more useful hints about
squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.2/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.2/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries