[squid-announce] Squid 4.6 is available

Amos Jeffries squid3 at treenet.co.nz
Mon Feb 25 04:22:57 UTC 2019 

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.6 release!


This release is a security and bug fix release resolving several issues
found in the prior Squid releases.


The major changes to be aware of:


 * Fix several cases of rock cache corruption

Several bugs have been found in Squids use of shared memory by the rock
cache functionality. These may have been causing performance issues
under high loads and possible corrupting the cache objects stored in
rock format. Existing cache validation on HITs should have been catching
many of these objects and preventing use. However dues to the nature of
corruption in general we cannot be completely certain of that.

All users of rock cache type are urged to upgrade as soon as possible.

If your cache is known to contain sensitive data please also consider
wiping the existing rock cache contents to guarantee a clean state.


 * Fix BodyPipe/Sink memory leaks associated with auto-consumption

This bug shows up as a small memory leak when eCAP service blocks a
transaction, or presents a complete replacement response payload. It may
also occur in other situations that use Squids auto-consume feature to
clear unwanted HTTP message data from a connection.


 * Bug 4915: Detect IPv6 loopback binding errors

This bug shows up as helpers being started but communication not working
on machines where IPv6 has been disabled by sysctl preventing IPv6
address assignment.

This release will now detect these machine configurations and trigger
IPv4-only functionality on startup if necessary.


 * Bug 4914: Do not call setsid() in --foreground mode

Squid executed in --foreground is always a process group leader. Thus,
setsid(2) is unnecessary and always fails (with EPERM) for such Squids.


 * Bug 4856: Exit when GoIntoBackground() fork() call fails

Not exiting can leave the proxy running with inconsistent access
permissions to system resources. Squid has historically dropped
privileges anyway so this is not a security breach. But the behaviour
can confuse some third-party daemon managers.

This release will now strictly abort with an error if fork() is not
successful when starting Squid.


 * Fix OpenSSL builds that define OPENSSL_NO_ENGINE

Squid builds have been failing with compile against OpenSSL when custom
engine support is disabled. This release fixes the feature detection to
allow such builds to complete.



  All users of Squid-4 are urged to upgrade as soon as possible.

  All users of Squid-3 are encouraged to upgrade where possible.


See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
  http://bugs.squid-cache.org/


Amos Jeffries

More information about the squid-announce mailing list