The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.3.8 release! This release is a security bug fix release resolving a security vulnerability issue found in the prior Squid 3.3 releases. The major change to be aware of is vulnerability SQUID-2013:3. This vulnerability affects all prior Squid-3.3 releases and allows any client to send specially crafted HTTP requests which halt the Squid service. There are no workarounds. See the ChangeLog for the full list of changes in this and earlier releases. All users are urged to upgrade to this release as soon as possible. Please remember to run "squid -k parse" when testing upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". We are still removing the infamous "Bungled Config" halting points and adding checks, so if something is not identified please report it. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html when you are ready to make the switch to Squid-3.3 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.3/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.3/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries
