[squid-users] [ANNOUNCEMENT] serious miss_access bug found

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 30 Aug 2011 14:30:00 +1200

 We have uncovered the presence of a serious bug in squid-3.1
 miss_access directive recently.


 The result of this bug is that configuration file settings for
 miss_access are ignored by all Squid-3.1 releases up to and including

 The fix has been applied to 3.1 and once our mirrors pick it up the
 patch can be found at:

 If you need to use this directive for anything you will need to apply
 the patch or obtain an updated version of Squid.

 This only affects users who have been accepted past the http_access
 security controls. So is not currently believed to be serious enough for
 a full advisory. If you know of any situation which would change our
 mind on that please inform.

Received on Tue Aug 30 2011 - 02:30:08 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 12:00:02 MDT