[squid-users] [squid-announce] Squid 3.5.10 is available
squid3 at treenet.co.nz
Fri Oct 2 08:27:35 UTC 2015
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.10 release!
This release is a bug fix release resolving issues found in the prior
The major changes to be aware of:
* Regression Bug 4326: base64 binary encoder rejects data beginning
with nil byte
This regression since 3.3 introduced by hardening of the base-64 encoder
causes unnecessary CPU consumtion during Digest authenticatio on
big-endian systems. Thanks to Pavel Šimerda for identifying the problem
and providing the fix.
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
Due to a problem with Netfilter (libc) header includes Squid and other
software using Netfilter will not build on Linux 4.2. The kernel
developers have provided a hack to allow software to build, but it
requires some changes on our part to make use of it. Those changes are
included in this Squid release.
* Bug 4303: PeerConnector.cc:743 "!callback" assertion.
This problem occurs when slow-group ACLs are used in ssl_bump and no
bumping action is selected (the default action is being performed).
Squid now makes smarter choice of default ssl_bump action to perform
when no explicit ACL match is provided.
Note: The bug number recorded in bzr, changelog and patch header is
wrong. The correct number is 4303.
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char
Recent changes to this OpenSSL and LibreSSL library API behaviour mean
that Squids particular use of it could result in crashes, or incorrect
rejection of TLS/SSL connections.
* Memory management optimizations
This release includes removal of a custom allocator pool size for
StoreEntry objects. Knowledge of the actual benefits from that supposed
optimization have been lost in time, and it's not possible to accurately
measure its actual impact in all load scenarios; this change is
therefore considered a potential performance regression in some load
Initial testing of this change show an overall reduction in Squid memory
needs for general usage. So we belive this is a worthwhile change until
* Copyright Updates
As part of the Squid Software Foundation project to cleanup the Squid
copyright situation it was found that the basic_sspi_auth,
ntlm_smb_lm_auth, and ntlm_fake_auth helpers were GPL 2.0-only licensed.
This is not fully compatible with the GPLv2+ terms Squid bundles are
officially being distributed under, which is intended to allow
downstream GPLv3 or later relicensing.
The main authors and copyright holders of those helpers have graciously
agreed to relicense them as GPLv2+ for compatibility with the Squid
The libltdl tools bundled with Squid has also undergone a relicense to
LGLv2.1+ in the version we import.
All users of Squid are encouraged to upgrade to this release as soon as
See the ChangeLog for the full list of changes in this and earlier
Please refer to the release notes at
when you are ready to make the switch to Squid-3.5
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
or the mirrors. For a list of mirror sites see
If you encounter any issues with this release please file a bug report.
squid-announce mailing list
squid-announce at lists.squid-cache.org
More information about the squid-users