How did Red Hat and Debian know about
https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78
before the squid-announce mailing list? It's not even listed at
https://github.com/apptainer/apptainer/security
even though there is another one from the same day.
Dave
On Wed, Sep 21, 2022 at 11:43:41PM +1200, Amos Jeffries wrote:
> Subject: Re: Missing squid 5.6 & 5.7 announcements
> On 21/09/22 10:33, Dave Dykstra wrote:
> > I tried sending this directly to Amos twice over the last week or so but
> > it bounced each time.
> >
> > I noticed that 5.7 is on the website since 5 September, but I have not
> > see a release announcement for that or for 5.6 from June.
>
>
> Mea culpa sorry. I am a bit behind on security paperwork needed for those.
>
>
> > I would like
> > to know if it is considered to be in a stable enough state that all
> > squid 4 users are encouraged to upgrade, or not. The release notes
> > don't tell me that.
>
> Basically yes we are back at "encourage to upgrade".
>
> To be specific:
> * The initial big troubles were resolved in 5.5.
> * We have two reports of Delay Pools having weird behaviours, but that is
> shared with v4.
>
> * WCCP regression (YMMV) in latest security patches has not fully been
> resolved in the official code. Experimental patches are available if
> necessary.
>
>
> HTH
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
