[squid-announce] Squid 3.4.14 is available

Amos Jeffries squid3 at treenet.co.nz
Thu Aug 6 02:04:39 UTC 2015


The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.4.14 release!


This release is a security fix release resolving a vulnerability and
some bugs found in the prior releases.

    REMINDER: This and older releases are already deprecated by
              Squid-3.5 availability.



The major changes to be aware of:


* SQUID-2015:2 Improper Protection of Alternate Path

  http://www.squid-cache.org/Advisories/SQUID-2015_2.txt

Squid when passing a CONNECT request to a cache_peer blindly passes the
response back to the client. This can result in further requests on the
connection bypassing all access controls or routing configuration in the
gateway proxy that would otherwise have been applied.

The default settings of Squid protect most sites against this. However
certain known network topologies require the configuration which is
vulnerable.



 All users of older Squid are urged to upgrade as soon as possible.


 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v3/3.4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/3.4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries



More information about the squid-announce mailing list