The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-5.4 release! This release is a bug fix release resolving several issues found in the prior Squid-5 releases. The major changes to be aware of: * Bug 5190: Preserve configured order of intermediate CA certificate chain Previous Squid-5 releases inverted the CA certificate chain order when delivering the server handshake. Breaking clients which are unable to reorder the chain. This release once again conforms with TLS specification requirements. * Bug 5187: Properly track (and mark) truncated store entries Squid used an error-prone approach to identifying truncated responses: The response is treated as whole unless somebody remembers to mark it as truncated. This dangerous default naturally resulted in bugs where truncated responses are treated as complete under various conditions. This change reverses that approach: Responses not explicitly marked as whole are treated as truncated. This change affects all Squid-server FwdState-dispatched communications: HTTP, FTP, Gopher, and WHOIS. It also affects responses received from the adaptation services. Transactions that failed due to origin server or peer timeout (a common source of truncation) are now logged with a _TIMEOUT %Ss suffix and ERR_READ_TIMEOUT/WITH_SRV %err_code/%err_detail. Transactions prematurely canceled by Squid during client-Squid communication (usually due to various timeouts) now have WITH_CLT default %err_detail. This detail helps distinguish otherwise similarly-logged problems that may happen when talking to the client or to the origin server/peer. * Bug 5134: assertion failed: Transients.cc:221: "old == e" This bug appears when caching is enabled and a worker dies and is automatically restarted. The SMP cache management was missing some necessary cross-checks on hash collision before updating stored objects. The worker recovery logic detected the hash collision better and would abort with the given error. * Bug 5132: Close the tunnel if to-server conn closes after client This bug has been present since 5.0.4 and shows up as a growing number of open (aka "hung") TCP connections used by Squid regardless of client traffic levels. It can be expected to affect on all HTTPS traffic, and proxy using SSL-Bump features. With the problem being worse the more CONNECT tunnels are handled. * Bug 5188: Fix reconfiguration leaking tls-cert=... memory This bug was found investigating other issues. Installations which are reconfiguring often may have been seeing sub-optimal memory usage. It has otherwise a minimal impact. All users of Squid-5 are encouraged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v5/RELEASENOTES.html when you are ready to make the switch to Squid-5 This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-announce
