[squid-users] [squid-announce] Squid 4.0.3 beta is available

Amos Jeffries squid3 at treenet.co.nz
Sun Nov 29 06:24:42 UTC 2015


The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.3 release!


This release is a beta release resolving issues found in the prior Squid
releases.


The major changes to be aware of:


* Several regression bugs

 - Bug 4372: missing template files
 - Bug 4371: no such file or directory: DiskIO/*/*DiskIOModule.o
 - Fix various DiskIO bugs
 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
 - ext_kerberos_ldap_group_acl missing workarounds for Heimdal Kerberos
 - Quieten ALE missing messages

There are also several new compile errors which have been uncovered:

 - when Clang is installed alongside GCC 5 it cannot link libstdc++
 - libecap uses TR1 shared_ptr which are incompatible with C++11
   std::shared_ptr definitions assumed by Squid-4. A patch is required.


* Bug 4368: A simpler and more robust HTTP request line parser

As noted in the previous release the new parser was rejecting URI/URL
containing characters which are not permitted for use in URI due to
their dangers with shell-injection or similar types of attacks. Several
major web services are using such characters anyway.

This release now accepts those characters in the request-line parser.
Although they may still be rejected later in the request processing if
they result in an unprocessable URL or invalid DNS lookup.


* ext_ldap_group_acl: Allow unlimited LDAP search filter

Previously this helper restricted the length of search filters, both in
parameter length and constructed fitler length. Those restrictions are
now lifted and any length of filter may be used.

Please note that large filters do have a peformance impact from extra
string manipulation and LDAP parsing. So use of short filters is
recommended.


* ext_unix_group_acl: Support to strip @REALM from usernames

This helper now supports group lookups for Kerbers authenticated users.
The -r command line option can be used to enable stripping Kerberos
format Realm details from the user credentials. This compliments the
existing option to strip NTLM domain details. Both may be used together
if needed.



 All users of Squid are encouraged to test this release out and plan for
upgrades where possible.


 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries

_______________________________________________
squid-announce mailing list
squid-announce at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-announce


More information about the squid-users mailing list