[squid-users] Squid 3.2.1 is available

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 15 Aug 2012 23:29:07 +1200

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.2.1 release!

This release is we believe, stable enough for general production use.

Support for Squid-3.1 bug fixes has now officially ceased. Bugs in 3.1
will continue to be fixed, however the fixes will be added to the 3.2
series. All users of Squid-3.1 are encouraged to plan for upgrades.

Support for Squid-2.7 has now officially ceased. Bugs in 2.7 will
continue to be fixed, however the fixes will be added to the 3.2 series.
All users of Squid-2.7 are encouraged to plan for upgrades.

A short list of the major new features is:

  * CVE-2009-0801 : NAT interception vulnerability to malicious clients.
  * NCSA helper DES algorithm password limits
  * SMP scalability
  * Helper Multiplexer and On-Demand
  * Helper Name Changes
  * Multi-Lingual manuals
  * Solaris 10 pthreads Support
  * Surrogate/1.0 protocol extensions to HTTP
  * Logging Infrastructure Updated
  * Client Bandwidth Limits
  * Better eCAP support
  * Cache Manager access changes

A number of security enhancements in this series are known to be
surprising if you are not aware of the change. Particularly notice the
CVE-2009-0801, NCSA, and Helper Name Changes sections of the release
notes, and where applicable the "regressions since squid-2" release
notes section. Those changes MAY affect your traffic behaviour in a
significant way. Please be sure to read the release notes for the 3.2
series before upgrading from older versions of Squid.

Further details can be found in the release notes or the wiki.

Please remember to run "squid -k parse" when testing upgrade to a new
version of Squid. It will audit your configuration files and report any
identifiable issues the new release will have in your installation
before you "press go". We are still removing the infamous "Bungled
Config" halting points and adding checks, so if something is not
identified please report it.

All feature additions are considered *experimental* until they have
survived at least one series of releases in general production use.
Please be aware of that when rolling out features like SMP support which
are new in this series. Not all use-cases have been well tested yet and
some may not even have been implemented. Assistance is still needed
despite the releases general stability level.

3.2.1 still has some issues.

Some may still be resolved by a future 3.2 release:
  * Windows support is still largely missing.
  * FreeBSD 9, OpenBSD 5, MacOS are known to encounter build issues.
  * Build status for the 3.2 series is still largely unknown for Unix
based OS and other less popular systems.
  * Negotiate/NTLM authentication has issues when performed via the
negotiate_wrapper helper.

Some are not able to be fixed in the 3.2 series:
  * TCP logging of access.log does not recover from broken connections well.
  * SSL-Bump not re-wrapping decrypted traffic in CONNECT for peers.
  * Cache Manager reports in txt/plain format even when requested
directly via browser.

  See the ChangeLog for the full list of changes in this and earlier

  All users of Squid-3.1 beta releases are urged to upgrade to this
release as soon as possible.

Plans for the next series of releases is already well underway. Our
future release plans and upcoming features can be found at:

Please refer to the release notes at
when you are ready to make the switch to Squid-3.2

Upgrade tip:
   "squid -k parse" is starting to display even more useful hints about
squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers


or the mirrors. For a list of mirror sites see


If you encounter any issues with this release please file a bug report.

Amos Jeffries
Received on Wed Aug 15 2012 - 11:29:19 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 24 2012 - 12:00:04 MDT