The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.3.11 release! This release is a bug fix release resolving several major issues found in the prior Squid releases. The major changes to be aware of: * Bug #3906: Filedescriptor leaks in SNMP This bug shows up when running Squid in SMP mode with SNMP monitoring queries. It displays as a periodic crash of Squid as the available filedescriptors are exhausted. * Bug #3936: error-details.txt parse error This bug shows up in SSL-enabled Squid-3.3.9 built against or running with OpenSSL library versions older than 1.0.1. * Bug #3782: Digest authentication not obeying nonce_max_count This authentication option helps protect against replay attacks. Digest implementation in Squid was found to be accepting nonce replays beyond the configured limit. * Replace blocking sleep(3) and close UDS socket on failures In the worst case Squid could previously lock up completely in the event that SMP shared memory systems are encountering errors. This allows other operations by Squid to continue while the UDS failure recovery happens. * Re-compute Range response content offset after an FTP response was adapted. Due to incorrect calculation of Range offsets several nasty side effects can occur on requests for ftp:// URLs which get adapted by ICAP or eCAP. * Bug #3960: DEAD cache_peer are not revived This bug shows up as DEAD cache_peer staying down even after the peer has become available again. It occurs when the tcp_outgoing_address feature is used with ACL depending on details of remote peer. * Bug #3970: max_filedescriptors disabled due to missing setrlimit The system API setrlimit() function was not being detected properly when building Squid. This resulted in many installations having max_filedescriptors not working. The fix here only resolves the false WARNING. Systems which genuinely do not provide a working setrlimit() can still expect to see it. Several other bugs involving segmentation faults and crashes under rare circumstances have also been resolved. See the ChangeLog for the full list of changes in this and earlier releases. All users are urged to upgrade to this release as soon as possible. Please remember to run "squid -k parse" when testing upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". We are still removing the infamous "Bungled Config" halting points and adding checks, so if something is not identified please report it. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html when you are ready to make the switch to Squid-3.3 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.3/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.3/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries
