Hello,
I am installing Squid in Docker (Debian Buster) using Aptitude, the current latest version that is being installed is Squid 4.6-1+deb10u6, today I was contacted by a client that noticed we are using the Squid version 4.6, which is an old version, and he mentioned that there are a few known vulnerabilities with this old version, mainly he was bothered by these:
CVE-2019-13345CVE-2019-12529CVE-2019-12527CVE-2019-12525CVE-2020-8450CVE-2020-8449CVE-2019-12528CVE-2020-8517CVE-2020-11945CVE-2019-12519CVE-2019-12521
I have checked the available Debian packages, and it seems I am indeed running the latest available version that is provided by Aptitude, which is Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian Bookworm.
Is the version of Squid that I am using backported with security patches that cover the vulnerabilities above or do I have to install Squid 5.6 / 5.5 to get the latest security?
Thanks,
Roee
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users