The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.3.3 release! This release is a security bug fix release resolving a security vulnerability found in the prior releases along with some other bugs. Please note that with 3.3 series becoming STABLE the 3.2 series is now officially deprecated. Squid-3.3 represents the first Squid series fully formed within our rapid release cycle. As such the difference between 3.3 and 3.2 series is very small and this release of 3.3 constitutes a drop-in replacement for Squid-3.2.9 with the additional benefit of several SSL-bump enhancement features only affecting installations using the SSL-bump features. The major changes to be aware of: * CVE-2013-1839 / SQUID-2013:1 has been resolved This vulnerability affects all Squid installations making use of HTTP language negotiation features on error pages. It permits specially crafted requests from any source to cause Squid to stop responding to all clients. * Several build isues on Solaris and OpenIndiana resolved Some more fixes complimenting the updates made in earlier 3.2 releases have been added to allow compilation on Solaris and OpenIndiana. * cache.log "Failed to select source" messages After source selection algorithm changes introduced in 3.2 these have been appearing on common DNS failures as well as the more important peer outages. Which can cause large cache.log to be created by the Squid service on busy servers or under DoS conditions. These have now been reduced down to level 2 debug. See the ChangeLog for the full list of changes in this and earlier releases. Users of Squid-3.3 with error page language negotiation are urged to upgrade to this release as soon as possible. All users of older Squid are encouraged to upgrade to this release as soon as convenient. Please remember to run "squid -k parse" when testing upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". We are still removing the infamous "Bungled Config" halting points and adding checks, so if something is not identified please report it. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html when you are ready to make the switch to Squid-3.3 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.3/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.3/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries
