The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.2.2 release!
This release is a security update and bug fix release resolving several
issues found in the prior releases.
Some changes to note:
* Regression: Make login=PASS send no credentials when none available
Since the addition of login=PASSTHRU the login=PASS option has been to
always send credentials with a best-effort made to locate some. However
it should not have been sending empty username and password in the
events where none were available. This is now corrected.
* Regression: Handle dstdomain duplicates and overlapping names better
Updated domain matching in 3.2 inadvertently made Squid start rejecting
exact duplicates on dstdomain ACL lists. Several popular domain
blacklists contain duplicates and would kill 3.2.1 on startup. With this
release exact duplicates are silently dropped, an overlapping wildcards
and sub-domains are also handled much better (quieter).
* Several crashes and segmentation faults.
- Bug 3661: Segmentation fault when using more than 1 worker
- Bug 3660: ACLFilledChecklist::fd set with wrong fd for
sslproxy_cert_error
- Bug 3647: parsing hier_code acl fails
- Bug 3616: retrieve client connection for ACL checks from the
related HttpRequest object
There are still several open bugs when operating with multiple SMP
workers and with ssl_crtd. So care and testing is still needed.
* A few issues causing ERR_ZERO_SIZED_OBJECT pages to be displayed to
users have finally been resolved. Hopefully for good.
- Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful
retry
- Do not reuse persistent connections for PUTs to avoid
ERR_ZERO_SIZE_OBJECT
- Fix chunked encoding on responses carrying a Content-Range header.
* Squid now detects forwarding loops in all traffic types (bug 3626)
Loops became a larger problem on intercepted traffic when ORIGINAL_DST
was added for failed Host header validation handling. Squid will now
detect them in both intercepted and reverse-proxy traffic and abort the
client quickly with minimal resource consumption.
* Some small but annoying memory leaks uncovered in 3.2.1 have been fixed.
- Bug 3605: memory leak in Negotiate authentication
- Fix small memory leak in src ACL parse
Please remember to run "squid -k parse" when testing upgrade to a new
version of Squid. It will audit your configuration files and report any
identifiable issues the new release will have in your installation
before you "press go". We are still removing the infamous "Bungled
Config" halting points and adding checks, so if something is not
identified please report it.
See the ChangeLog for the full list of changes in this and earlier
releases.
All users of Squid-3.2 are encouraged to upgrade to this release as
time permits.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
when you are ready to make the switch to Squid-3.2
Upgrade tip:
"squid -k parse" is starting to display even more useful hints about
squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.2/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.2/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
