-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.4.7 release! This release is a security and bug fix release resolving a major vulnerability and several other issues found in the prior Squid releases. The major changes to be aware of: * CVE-2014-3609 : SQUID-2014:2 Denial of service in request processing http://www.squid-cache.org/Advisories/SQUID-2014_2.txt This vulnerability allows any client who is allowed to use the proxy to perform a denial of service attack on Squid. This issue is particularly impacting reverse-proxy installations. A simple squid.conf workaround is available for quick use and those unable to upgrade. See the Advisory notice for details. * Various SSL-bump certificate mimic errors These bugs show up most notably for users of Firefox complaining about a sec_error_inadequate_key_usage error. They are caused by Squid generating a fake certificate with the wrong X.509 version details for the TLS extensions being mimiced in that certificate. * Bug #4080: worker hangs when client identd is not responding This bug shows up as the Squid worker process hanging. It occurs only when IDENT protocol is enabled and the client identd fails to respond. IDENT protocol use may be enabled either for access control or logging purposes. * Portability improvements As always we seek to support as many popular operating systems as possible. This release contains several updates to fix build issues and increase the supported operating systems and CPU architectures. All users of Squid are urged to upgrade to this release as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html when you are ready to make the switch to Squid-3.4 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.4/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.4/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJT/gq3AAoJELJo5wb/XPRjUIUH/AgC2Z2H4ziAxLnwWP9Z2Br5 Y1gAbN1I+wYwuGDGoFrvuHX49rVKWt0N6+i8bw0dwJgR+lBqqCS87EUdcDiALvDh RqspxZBxh4AZE1SSJJx/EDLlT5q653okxQJ2b16/YNreEMp3W0LEpQMgEjoNZ+mn 4FZz79XuMOdl+oridn419jRb6c5p4mPlEAoPe4AVyMylvEg3PTGnlkckY9oAtxqT VWwsAy6ZIvM3hp0QECqJVOcEqfmnQ6tVvvebPgQjXOlAYCS4sGnDtUPMu3yFEDYa vDKy77LTvI1DF4zXFsAUxPonY4HBO66ekkWa9K0MENrrXxUOZnl+6E5JtziFL7g= =xKq5 -----END PGP SIGNATURE-----
