OK I'm fine
All Squid-4.x up to and including 4.16 built without
--disable-wccpv2 and configured with wccp2_router in squid.conf
are vulnerable.
--disable-wccpv2 and configured with wccp2_router in squid.conf
are vulnerable.
Thanks Amos for this link
On Fri, 11 Feb 2022, 10:09 robert k Wild, <robertkwild@xxxxxxxxx> wrote:
ok so build my squid 4.17 with this option--disable-wccpv2as i have no lines in my squid.conf referencing wccpis that what i should do, tbh i dont even know if i do or dont need wccpOn Fri, 11 Feb 2022 at 02:27, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:On 11/02/22 07:55, robert k Wild wrote:
> Hi all,
>
> Is there any security vulnerabilities with squid 4.15, should I update
> to 4.17 or is it OK to still use as my squid proxy server
>
> Sorry for silly question
>
Not silly.
There is this one for WCCP:
<https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82>
However, be aware that the patch has been found to prevent all traffic
from some routers. We are working on the fix for that.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--Regards,
Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
