Search squid archive

Squid 3.1.15 is available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.1.15 release!


This release brings many bug fixes, several regressions on earlier releases and some further portability improvements into 3.1.

In order of most-to-least visible effects from the change these bugs are:


 Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes

  http://www.squid-cache.org/Advisories/SQUID-2011_2.txt

This is an old known problem with the DES hash algorithm and libraries. Due to being part of the weak Basic authentication scheme security impact is low. Despite this low impact we have decided to close this security hole in the Squid-3.2 series.

However there is a potentially large impact on end-users who have been encouraged in recent years to use long passwords. If the background security system has not also been updated to use MD5 hash for long password support they will be completely unable to login.

This release of Squid has an updated helper which will detect the DES algorithm being used with long passwords and log a SECURITY ALERT while allowing the end-user login to proceed. Allowing you a short transition period in which to migrate your security systems away from the DES hash algorithm.


 Bug 3295: broken escaping in rfc1738_do_escape

This bug affected all helper communications and logging. Particularly of NTLM and UTF-8 non-English user credentials. If you have an unresolved bug concerning authentication in Squid-3.1 please re-test using this release and update the bug report.


 Bug 2051: 'default' cache_peer option does not match documentation

This bug was affecting all installations with cache_peer configured for both load balancing and using a "default" peer. Previously the default peer would receive an unfairly large proportion of the traffic. Effectively breaking the load balancing.

When upgrading to this release expect to see a large difference in your traffic distribution across peers. It may be necessary to re-tune some load balancing controls after upgrade.


 Bug 3213: https sites (CONNECT) not open when using NTLM

We finally have keep-alive support working on CONNECT requests up until the point of successful tunnel opening. So all forms of http_access denial, adaptation or redirection can be expected to work in this release.

As a result NTLM handshakes can now be performed for CONNECT when the users software supports it.


 Bug 2662: cf_gen failure when cross compiling.

The cf_gen tool used to create installed config files has been fully rewritten in C++ to avoid dependency on code and compatibility wrappers built for the target host system.

./configure has also been updated to support an additional environment variable, HOSTCXX, which receives the compiler command and flags for cf_gen and other tools run on the build host.

There are several minor cross-compile bugs remaining to be fixed in Kerberos and SASL auth helpers. However this release is expected to cross-compile easily when avoiding those helpers.


 HTTP/1.1 caching support

RFC compliance fixes have been added in the caching of responses with very old Date: or invalid Expires: headers.



See the ChangeLog for the list of other minor changes in this release.


All users of Squid-3 are urged to upgrade as soon as possible.


Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
when you are ready to make the switch to Squid-3.1

This new release can be downloaded from our HTTP or FTP servers

      http://www.squid-cache.org/Versions/v3/3.1/
      ftp://ftp.squid-cache.org/pub/squid/
      ftp://ftp.squid-cache.org/pub/archive/3.1/

or the mirrors. For a list of mirror sites see

      http://www.squid-cache.org/Download/http-mirrors.html
      http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
      http://bugs.squid-cache.org/


Amos Jeffries


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux