[squid-users] Squid 3.4.7 is available

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 28 Aug 2014 04:43:35 +1200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.4.7 release!

This release is a security and bug fix release resolving a major
vulnerability and several other issues found in the prior Squid releases.

The major changes to be aware of:

* CVE-2014-3609 : SQUID-2014:2 Denial of service in request processing

  http://www.squid-cache.org/Advisories/SQUID-2014_2.txt

This vulnerability allows any client who is allowed to use the proxy to
perform a denial of service attack on Squid. This issue is particularly
impacting reverse-proxy installations.

  A simple squid.conf workaround is available for quick use and those
  unable to upgrade. See the Advisory notice for details.

* Various SSL-bump certificate mimic errors

These bugs show up most notably for users of Firefox complaining about
a sec_error_inadequate_key_usage error. They are caused by Squid
generating a fake certificate with the wrong X.509 version details for
the TLS extensions being mimiced in that certificate.

* Bug #4080: worker hangs when client identd is not responding

This bug shows up as the Squid worker process hanging. It occurs only
when IDENT protocol is enabled and the client identd fails to respond.
IDENT protocol use may be enabled either for access control or logging
purposes.

* Portability improvements

As always we seek to support as many popular operating systems as
possible. This release contains several updates to fix build issues and
increase the supported operating systems and CPU architectures.

 All users of Squid are urged to upgrade to this release as soon as
possible.

 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v3/3.4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/3.4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/

Amos Jeffries

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJT/gq3AAoJELJo5wb/XPRjUIUH/AgC2Z2H4ziAxLnwWP9Z2Br5
Y1gAbN1I+wYwuGDGoFrvuHX49rVKWt0N6+i8bw0dwJgR+lBqqCS87EUdcDiALvDh
RqspxZBxh4AZE1SSJJx/EDLlT5q653okxQJ2b16/YNreEMp3W0LEpQMgEjoNZ+mn
4FZz79XuMOdl+oridn419jRb6c5p4mPlEAoPe4AVyMylvEg3PTGnlkckY9oAtxqT
VWwsAy6ZIvM3hp0QECqJVOcEqfmnQ6tVvvebPgQjXOlAYCS4sGnDtUPMu3yFEDYa
vDKy77LTvI1DF4zXFsAUxPonY4HBO66ekkWa9K0MENrrXxUOZnl+6E5JtziFL7g=
=xKq5
-----END PGP SIGNATURE-----
Received on Wed Aug 27 2014 - 16:43:47 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 31 2014 - 12:00:06 MDT