[squid-users] Squid 3.5.24 is available - Article and new Binaries

Eliezer Croitoru eliezer at ngtech.co.il
Mon Feb 27 12:02:27 UTC 2017

The Internet as a Talisman - SQUID 3.5.24 + 4.0.18 Released

Some have more and others have less meaning for things in their lives and specifically for objects and a objectives.
Most of the kids I have seen in my life have something embedded into them but not every eye can see the same things.
Depends on the background and nature of the person he or she can see beyond the flesh and blood.
There is some part of it in the form of genetic material but I and many others believe it’s not the only thing.
Every kid has it’s own embedded and unreplaceable soul.
We have the option to show some reflection of a fraction from our soul to others either by plain text or by some Talisman, there is meaning in things.
Even the most notorious researchers cannot deny that we all have some “meta” things embedded into us which the genome cannot touch.
In a similar way to programming languages we can operate on the lower or the higher levels of this “meta” world.

“What will I choose to show for all in my piece of heaven?”

Take a look at the page and read the full article: http://www1.ngtech.co.il/wpe/?p=402

I have released the RPM's for:
- CentOS 6+7
- Oracle Enterprise Linux 6+7
- OpenSuse Leap
- RedHat Enterprise Linux
- SLES 12

And also tarred binaries for Debian and Ubuntu.


* Squid-Cache CentOS repository details [http://wiki.squid-cache.org/KnowledgeBase/CentOS#Squid-3.5]
* Squid-Cache Binaries packages repo [http://ngtech.co.il/repo/]

Eliezer Croitoru

Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Monday, January 30, 2017 9:09 AM
To: squid-announce at lists.squid-cache.org
Subject: [squid-users] [squid-announce] Squid 3.5.24 is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.24 release!

This release is a bug fix release resolving several issues found in the prior Squid releases.

The major changes to be aware of:

* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation.

Recent alterations to the SSL-Bump feature logic were found to be breaking the measure put in place to disable TLS renegotiation.
Since some TLSv1.2+ mechanisms actively require it and the upcoming OpenSSL v1.1+ make it quite hard to disable, we have decided to mitigate the vulnerability by implementing a rate limit on renegotiation instead of an outright disable.

* SSLv2 records force SslBump bumping despite a matching step2 peek rule.

This bug shows up as SSLv2 connections being bumped to deliver an error when they should have been spliced as configured. Squid will now splice all connections it has been configured to regardless of whether the obsolete SSLv2 syntax is being used.
 When bumping or receiving the connection itself Squid will still reject SSLv2. Only spliced traffic is affected by this.

* Update External ACL helpers error handling and caching

The Squid helper protocol has undergone several important changes but the external ACL logic and bundled helpers have not kept up. The ACL logics handling helper replies also had some bugs in the event of helper failures.

This release fixes those various bugs and updates all the bundled helpers to make use of the BH (BrokenHelper) status to signal internal errors differently to ACL denial.

* Bug #3940 pt2: Make 'cache deny' do what is documented

There was a small regression in 3.5.23 release fix for bug 3940. The 'cache deny' rules were not being obeyed. Surprisingly this has had no complaints.

Perhapse that is a sign that anyone using 'cache deny' rules should reasses whether those rules are still useful in these latest Squid releases.

 All users of Squid-3 are encouraged to upgrade to this release as soon as possible.

 See the ChangeLog for the full list of changes in this and earlier  releases.

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers


or the mirrors. For a list of mirror sites see


If you encounter any issues with this release please file a bug report.

Amos Jeffries

squid-announce mailing list
squid-announce at lists.squid-cache.org
squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list