Re: [squid-users] Squid 3.2.0.7 beta is available

has anything related to ACL evaluation or scaling changed from 3.2.0.6?
(i.e. should I bother testing this version or is it expected to be the
same for the problems I am having?)

David Lang

  On Tue, 19 Apr 2011, Amos Jeffries
wrote:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.2.0.7 beta release!
>
>
> This release brings fixes for several major regressions uncovered in the
> previous releases. Yes 3.2.0.6 was left unannounced due to these.
>
>
> New Changes bundled as 3.2.0.7:
>
> Regression from 3.2.0.6 a major assertion crash on startup for all builds
> with the HTCP component removed (--disable-htcp) is now fixed.
>
>
> Regression from 3.2.0.6 a critical assertion crash handling HTTPS CONNECT
> tunnels is now fixed.
>
>
> Regressions from 3.2.0.3 now fixed are two identical assertion crashes when
> using either NTLM or Negotiate authentication.
> Those users holding back from testing 3.2 due to NTLM and Negotiate
> requirements are advised that these were the last of the known major issues
> with those components.
>
>
> This release adds negotiate_wrapper_auth version 1.0.1. This helper supports
> both Negotiate/NTLM and Negotitate/Kerberos flavours of Negotiate protocol
> responses. It splits Negotiate authentication protocol responses for
> validation by an appropriate NTLM or Kerberos sub-helper.
>
>
> Older Changes bundled as 3.2.0.6:
>
> A new set of icons based on the well-known Silk Icons from famfamfam.org have
> been added for use in generated FTP and Gopher directory listings.
> Sadly there was an incorrect location for the icons/ directory. Users of
> 3.2.0.6 and a small range of 3.2 daily snapshot bundles will need to manually
> adjust their icons/ directory location back to /usr/share/squid when
> upgrading to this release. Other users are not affected.
> The icons are default for all new installs. Upgraded Squid will continue to
> use the old Anthony GIF set by default to prevent erasing any local settings
> in the /etc/squid/mime.conf configuration file. Manual editing is required to
> make use of the new mime.conf file (installed as mime.conf.default). Usually
> this means just moving the new file over the old one.
>
>
> Regression from 3.2.0.5 a major segmentation fault crash when accessing an
> SSL certificate with errors was fixed.
>
>
> Regression in the logging modules was fixed. This appeared as a segmentation
> fault crash reconfiguring squid or rotating the log files when "stdio:"
> module was correctly configured.
>
>
> Regression from 3.2.0.4 in SMP support preventing shutdown properly if a
> worker process crashes on exit is now fixed.
>
>
> Regression from 3.2.0.5 (Bug 3159) ICAP and --disable-auth compile problems
> was partially fixed. There are some outstanding compile issues when
> authentication capabilities are elided from the Squid binary.
>
>
> Support parameterized Cache Manager queries. This enables cachemgr.cgi and
> other tools to request per-worker reports. The default management reporting
> is to aggregate and report information from all workers in a multi-process
> (SMP) Squid.
>
>
> Support for libecap v0.2.0 is added. This resolves a large number of
> limitations eCAP modules were previously faced with. See the libecap
> documentation for more details.
>
>
>
> As usual this release contains all the fixes passed on to 3.1 series
> alongside its own changes. There are several important changes which need to
> be noticed:
>
>
> In 3.1.12 and 3.2.0.6 the handling of CONNECT tunnel requests has been
> altered to prevent relaying them to peers marked as origin servers. The
> tunnel will now either skip the peer or where possible be opened to the peer
> in its origin role. This resolves problems with proxies acting as both a LAN
> gateway and reverse-proxy to an internal HTTPS service.
>
>
> 3.1.12.1 and 3.2.0.7 fix one URL processing error which enables trusted
> clients to crash the Squid service with specially crafted requests. Most
> client agents contain protection against external sources use of these URLs
> which greatly limits its security impact. However there is some vulnerability
> to specially crafted requests from internal malicious software.
>
>
> See the ChangeLog for the long list of other minor changes in this release
> and 3.2.0.6.
>
>
> Any Users of the 3.2.0.6 bundles are advised to upgrade immediately. Paying
> attention to the icons location during the move.
>
> Users of earlier 3.2 beta releases are encouraged to upgrade as soon as
> possible.
>
>
> Please refer to the release notes at
> http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
> when you are ready to make the switch to Squid-3.2
>
> Upgrade tip:
> "squid -k parse" is starting to display even more useful hints about
> squid.conf changes.
>
> This new release can be downloaded from our HTTP or FTP servers
>
> http://www.squid-cache.org/Versions/v3/3.2/
> ftp://ftp.squid-cache.org/pub/squid/
> ftp://ftp.squid-cache.org/pub/archive/3.2/
>
> or the mirrors. For a list of mirror sites see
>
> http://www.squid-cache.org/Download/http-mirrors.dyn
> http://www.squid-cache.org/Download/mirrors.dyn
>
> If you encounter any issues with this release please file a bug report.
> http://bugs.squid-cache.org/
>
>
> Amos Jeffries
>
Received on Wed Apr 20 2011 - 02:26:46 MDT