has anything related to ACL evaluation or scaling changed from 3.2.0.6?
(i.e. should I bother testing this version or is it expected to be the
same for the problems I am having?)
David Lang
On Tue, 19 Apr 2011, Amos Jeffries
wrote:
The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.2.0.7 beta release!
This release brings fixes for several major regressions uncovered in the
previous releases. Yes 3.2.0.6 was left unannounced due to these.
New Changes bundled as 3.2.0.7:
Regression from 3.2.0.6 a major assertion crash on startup for all builds
with the HTCP component removed (--disable-htcp) is now fixed.
Regression from 3.2.0.6 a critical assertion crash handling HTTPS CONNECT
tunnels is now fixed.
Regressions from 3.2.0.3 now fixed are two identical assertion crashes when
using either NTLM or Negotiate authentication.
Those users holding back from testing 3.2 due to NTLM and Negotiate
requirements are advised that these were the last of the known major issues
with those components.
This release adds negotiate_wrapper_auth version 1.0.1. This helper supports
both Negotiate/NTLM and Negotitate/Kerberos flavours of Negotiate protocol
responses. It splits Negotiate authentication protocol responses for
validation by an appropriate NTLM or Kerberos sub-helper.
Older Changes bundled as 3.2.0.6:
A new set of icons based on the well-known Silk Icons from famfamfam.org have
been added for use in generated FTP and Gopher directory listings.
Sadly there was an incorrect location for the icons/ directory. Users of
3.2.0.6 and a small range of 3.2 daily snapshot bundles will need to manually
adjust their icons/ directory location back to /usr/share/squid when
upgrading to this release. Other users are not affected.
The icons are default for all new installs. Upgraded Squid will continue to
use the old Anthony GIF set by default to prevent erasing any local settings
in the /etc/squid/mime.conf configuration file. Manual editing is required to
make use of the new mime.conf file (installed as mime.conf.default). Usually
this means just moving the new file over the old one.
Regression from 3.2.0.5 a major segmentation fault crash when accessing an
SSL certificate with errors was fixed.
Regression in the logging modules was fixed. This appeared as a segmentation
fault crash reconfiguring squid or rotating the log files when "stdio:"
module was correctly configured.
Regression from 3.2.0.4 in SMP support preventing shutdown properly if a
worker process crashes on exit is now fixed.
Regression from 3.2.0.5 (Bug 3159) ICAP and --disable-auth compile problems
was partially fixed. There are some outstanding compile issues when
authentication capabilities are elided from the Squid binary.
Support parameterized Cache Manager queries. This enables cachemgr.cgi and
other tools to request per-worker reports. The default management reporting
is to aggregate and report information from all workers in a multi-process
(SMP) Squid.
Support for libecap v0.2.0 is added. This resolves a large number of
limitations eCAP modules were previously faced with. See the libecap
documentation for more details.
As usual this release contains all the fixes passed on to 3.1 series
alongside its own changes. There are several important changes which need to
be noticed:
In 3.1.12 and 3.2.0.6 the handling of CONNECT tunnel requests has been
altered to prevent relaying them to peers marked as origin servers. The
tunnel will now either skip the peer or where possible be opened to the peer
in its origin role. This resolves problems with proxies acting as both a LAN
gateway and reverse-proxy to an internal HTTPS service.
3.1.12.1 and 3.2.0.7 fix one URL processing error which enables trusted
clients to crash the Squid service with specially crafted requests. Most
client agents contain protection against external sources use of these URLs
which greatly limits its security impact. However there is some vulnerability
to specially crafted requests from internal malicious software.
See the ChangeLog for the long list of other minor changes in this release
and 3.2.0.6.
Any Users of the 3.2.0.6 bundles are advised to upgrade immediately. Paying
attention to the icons location during the move.
Users of earlier 3.2 beta releases are encouraged to upgrade as soon as
possible.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
when you are ready to make the switch to Squid-3.2
Upgrade tip:
"squid -k parse" is starting to display even more useful hints about
squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.2/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.2/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
