[squid-users] [squid-announce] Squid 4.0.3 beta is available
squid3 at treenet.co.nz
Sun Nov 29 06:24:42 UTC 2015
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.3 release!
This release is a beta release resolving issues found in the prior Squid
The major changes to be aware of:
* Several regression bugs
- Bug 4372: missing template files
- Bug 4371: no such file or directory: DiskIO/*/*DiskIOModule.o
- Fix various DiskIO bugs
- Fix compile erorr on clang undefined reference to '__atomic_load_8'
- ext_kerberos_ldap_group_acl missing workarounds for Heimdal Kerberos
- Quieten ALE missing messages
There are also several new compile errors which have been uncovered:
- when Clang is installed alongside GCC 5 it cannot link libstdc++
- libecap uses TR1 shared_ptr which are incompatible with C++11
std::shared_ptr definitions assumed by Squid-4. A patch is required.
* Bug 4368: A simpler and more robust HTTP request line parser
As noted in the previous release the new parser was rejecting URI/URL
containing characters which are not permitted for use in URI due to
their dangers with shell-injection or similar types of attacks. Several
major web services are using such characters anyway.
This release now accepts those characters in the request-line parser.
Although they may still be rejected later in the request processing if
they result in an unprocessable URL or invalid DNS lookup.
* ext_ldap_group_acl: Allow unlimited LDAP search filter
Previously this helper restricted the length of search filters, both in
parameter length and constructed fitler length. Those restrictions are
now lifted and any length of filter may be used.
Please note that large filters do have a peformance impact from extra
string manipulation and LDAP parsing. So use of short filters is
* ext_unix_group_acl: Support to strip @REALM from usernames
This helper now supports group lookups for Kerbers authenticated users.
The -r command line option can be used to enable stripping Kerberos
format Realm details from the user credentials. This compliments the
existing option to strip NTLM domain details. Both may be used together
All users of Squid are encouraged to test this release out and plan for
upgrades where possible.
See the ChangeLog for the full list of changes in this and earlier
Please refer to the release notes at
when you are ready to make the switch to Squid-4
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
or the mirrors. For a list of mirror sites see
If you encounter any issues with this release please file a bug report.
squid-announce mailing list
squid-announce at lists.squid-cache.org
More information about the squid-users