[Apologies if this is a duplicate. The original announcement appears
not to have made it to several of the mailing lists.]
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.3.9 release!
This release is a bug fix release resolving several major issues
found in the prior Squid releases.
The major changes to be aware of:
* Bug #3849 <http://bugs.squid-cache.org/show_bug.cgi?id=3849>:
Duplicate certificate sent when using https_port
This bug is causing the SSL negotiation to fail for some clients.
In particular those using recent versions of GnuTLS.
* Bug #3879 <http://bugs.squid-cache.org/show_bug.cgi?id=3879>:
assertion failed ConnStateData::validatePinnedConnection
This bug can occur when transiting NTLM or Kerberos authenticated
messages even when the proxy is performing authentication.
* Regression Bug: off-by-one error in Digest header decoding
The earlier fix for bug 3077 had a small but critical typo when ported
to 3.2 series which broke Digest authentication in 3.2 and older 3.3
releases.
* OpenSSL infinite loop on validating certificate
This release includes a workaround for OpenSSL bug #3090 (their
bug number). This bug was visible as an infinite loop consuming
all or many CPU cycles when validating a certificate. Squid is
now able to quickly detect and halt such loops. Treating
certificates which trigger it as containing an error.
Also the supported OpenSSL error codes have been updated to include
those available in the most recent OpenSSL release.
* Bug #3863 <http://bugs.squid-cache.org/show_bug.cgi?id=3863>:
myportname acl causes segmentation fault
This bug is visible when adaptation (ICAP or eCAP) is being performed
and a myportname ACL is used to test an adapted request.
Other notable changes include:
* Bug #2112 <http://bugs.squid-cache.org/show_bug.cgi?id=2112>: Reload
into If-None-Match
This bug fix allows Squid to participate in HTTP revalidation of
cached objects using ETag values.
* Improved compatibility with Clang, ICC and GCC 4.8
Recent release of these compilers are getting ever more strict.
This release fixes several small issues which have been detected
by these ongoing compiler improvements and may break the build.
* Windows support improvements
Thanks to a new sponsor iCelero providing development resources.
There are still many issues to be resolved but a patch will become
available soon for building a limited Squid-3.3 proxy with the MinGW
compiler environment. Those interested should contact the squid-dev
mailing list.
See the ChangeLog for the full list of changes in this and earlier
releases.
All users are urged to upgrade to this release as soon as possible.
Please remember to run "squid -k parse" when testing upgrade to a new
version of Squid. It will audit your configuration files and report
any identifiable issues the new release will have in your installation
before you "press go". We are still removing the infamous "Bungled
Config" halting points and adding checks, so if something is not
identified please report it.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
when you are ready to make the switch to Squid-3.3
Upgrade tip:
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.3/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.3/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
Received on Sat Sep 28 2013 - 14:53:02 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 30 2013 - 12:00:04 MDT