The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.3 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Regression Bug #4206: connection close on Expect:100-continue It was found that large POST and PUT requests using Expect:100-continue to a Squid-3.5.1 or 3.5.2 would reset the TCP connection instead of allowing the upload to proceed. The working Squid-3.4 behaviour has now been restored. * Regression Bug #4213: negotiate_kerberos_auth segmentation faults After Squid-3.5.2 updates to the Kerberos support it was found that this helper was frequently, but not always, encountering a segmentation fault. That is now fully resolved. Also fixed in this release is support for the latest Heimdal libraries and some unused Kerberos related code is no longer built. * Bug #2907: high CPU usage on CONNECT when using Delay Pools When Delay Pools was enabled Squid CONNECT handling tunnel code could quickly empty the available pool bandwidth and would then also not wait for it to be replenished, but repeatedly attempt to keep sending. While this is not quite an "infinite loop" problem it is very similar in effect, with CPU consumption reaching 100% and service through the proxy slowing down dramatically. While this is very old bug, it is starting to make itself felt more as the quantity of HTTPS CONNECT requests increases. * Bug #3805: support shared memory on MacOS X This bug completely prevented using SMP support on MacOS X. As of this release it should now be possible to use workers, shared memory cache and rock storage on MacOS X. * Bug #4204: ./configure abort when required helpers cannot be built Previously the Squid ./configure script would treat a user-supplied list of helpers as an optional list to attempt building, ignoring helpers that were available but not listed. Being an optional list it would also only warn if some of the list entries could not be built. It is now treated as a list of required helpers - with a hard failure if any cannot be built. This prevents automated build systems going through a long build process only to find missing binaries at the install phase. * basic_nis_auth and basic_getpwnam_auth updated Other software has recently been awarded CVE allocation for bad handling of crypt() system call failures resulting in Denial of Service. These two Squid helpers were performing very similar operations and might encounter the same failures. Fortunately these Squid helpers are fairly isolated and Basic auth in Squid contains mechanisms that make it very difficult to affect more than one client. This is a proactive security update to prevent any future issues that could appear as a result. All users of Squid-3.5 with SMP features are urged to upgrade to this release as soon as possible. All users of Delay Pools are urged to upgrade to this release as soon as possible. All users of basic_nis_auth or basic_getpwnam_auth are urged to upgrade to this release as soon as possible. All users of Squid are urged to upgrade to this release as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html when you are ready to make the switch to Squid-3.5 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-announce