The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.10 release! This release is a bug fix release resolving issues found in the prior Squid releases. The major changes to be aware of: * Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte This regression since 3.3 introduced by hardening of the base-64 encoder causes unnecessary CPU consumtion during Digest authenticatio on big-endian systems. Thanks to Pavel Šimerda for identifying the problem and providing the fix. * Bug 4323: Netfilter broken cross-includes with Linux 4.2 Due to a problem with Netfilter (libc) header includes Squid and other software using Netfilter will not build on Linux 4.2. The kernel developers have provided a hack to allow software to build, but it requires some changes on our part to make use of it. Those changes are included in this Squid release. * Bug 4303: PeerConnector.cc:743 "!callback" assertion. This problem occurs when slow-group ACLs are used in ssl_bump and no bumping action is selected (the default action is being performed). Squid now makes smarter choice of default ssl_bump action to perform when no explicit ACL match is provided. Note: The bug number recorded in bzr, changelog and patch header is wrong. The correct number is 4303. * Bug 4330: Do not use SSL_METHOD::put_cipher_by_char Recent changes to this OpenSSL and LibreSSL library API behaviour mean that Squids particular use of it could result in crashes, or incorrect rejection of TLS/SSL connections. * Memory management optimizations This release includes removal of a custom allocator pool size for StoreEntry objects. Knowledge of the actual benefits from that supposed optimization have been lost in time, and it's not possible to accurately measure its actual impact in all load scenarios; this change is therefore considered a potential performance regression in some load scenarios. Initial testing of this change show an overall reduction in Squid memory needs for general usage. So we belive this is a worthwhile change until proven otherwise. * Copyright Updates As part of the Squid Software Foundation project to cleanup the Squid copyright situation it was found that the basic_sspi_auth, ntlm_smb_lm_auth, and ntlm_fake_auth helpers were GPL 2.0-only licensed. This is not fully compatible with the GPLv2+ terms Squid bundles are officially being distributed under, which is intended to allow downstream GPLv3 or later relicensing. The main authors and copyright holders of those helpers have graciously agreed to relicense them as GPLv2+ for compatibility with the Squid collective license. The libltdl tools bundled with Squid has also undergone a relicense to LGLv2.1+ in the version we import. All users of Squid are encouraged to upgrade to this release as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html when you are ready to make the switch to Squid-3.5 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-announce
