Squid 4.0.21 beta RPM's are out.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid 4.0.21 beta RPM's are out.

Eliezer Croitoru
Squid 4.0.21 beta RPM's are out for:
CentOS 7, Oracle Enterprise Linux 7, SLES 12SP1

http://ngtech.co.il/repo/centos/7/beta/
http://ngtech.co.il/repo/oracle/7/beta/
http://ngtech.co.il/repo/sles/12sp1/beta/

With hope that it will help to move faster from beta to stable.

All The Bests,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]



-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
Sent: Friday, July 7, 2017 15:36
To: [hidden email]
Subject: [squid-users] [squid-announce] Squid 4.0.21 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.21 release!


This release is a bug fix release resolving several issues found in the prior Squid releases.


The major changes to be aware of:

* Regression Bug 4492: Chunk extension parser is too pedantic

With this fix Squid is back to ignoring some unusual message whitespace padding that senders should not have been doing, but which are generally harmless to the protocol. It is a regression specific to the Squid-4 release series, not affecting any other installations.


* Bug 1961 partial: Redesign urlParse API

The core changes for redesign work is largely finished now. As a result this release should have much lower memory use on url_rewrite API lookups which choose not to rewrite the URL.


* Collapse security_file_certgen requests

This helper API now collapses identical parallel lookups into a single helper message to reduce load, latency and as a result reduce pressure on the system crypto services. It still has some issues, but should now cope a lot better with sudden load peaks as seen from Browsers starting up.


* SSL-Bump: tproxy does not spoof spliced connections

This release now performs TPROXY spoofing properly when SSL-Bump logic selects splice action. Prior SSL-Bump would behave as if NAT intercept was being used, by replacing the sender IP as Squid one.


* Add a basic apparmour profile

This release bundles a basic apparmour profile contributed by Ubuntu developers. As with init system scripts this profile is not installed by default, packagers wishing to use it should pull the file from the sources during packaging.


Several major bug fixes shared with the future Squid-3.5.27 release are also worth mentioning:

* Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions.

In Squid-3 this bug appeared as "fd_table[conn->fd].halfClosedReader != NULL" assertions.

Admin who have used the various config workarounds or patches to suppress those assertions will need to re-asses those temporary measures after upgrading to this release.


* Bug 2833: collapsed forwarding doesn't work with NOT MODIFIED response

The security fix for CVE-2016-10003 had a negative effect on collapsed forwarding. All "private" entries were considered automatically non-shareable among collapsed clients. However this is not true: there are many situations when collapsed forwarding should work despite of "private" (non-cacheable) entry status: 304/5xx responses are good examples of that.

This release adds a mechanism to mark some non-cached responses as being able to share with collapsed forwarding.

These changes also involved fixing incorrect delivery of 304 responses to a client when Squid was the agent performing revalidation instead of the client.


* Bug 4112: ssl_engine does not accept cryptodev

This directive has been broken for quite a long time, failing to recognize any of the default OpenSSL engines. This release restores support for the OpenSSL engines feature.


* Fix SMP query handoff to Coordinator.

Several issues related to SMP messages to the coordinator process have been fixed. Some of these are likely to have been resulting in hung connections for SNMP and mgr transactions. Others were resulting in garbage messages arriving at the coordinator.



  All users of Squid-4.x are encouraged to upgrade to this release as soon as possible.

  All users of Squid-3 are encouraged to test this release out and plan for upgrades where possible.


  See the ChangeLog for the full list of changes in this and earlier
  releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries
_______________________________________________
squid-announce mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-announce
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid 4.0.21 beta RPM's are out.

Eliezer Croitoru
I have added a dedicated line for the repo at:
http://faster.ngtech.co.il/repo/

It has between 3-10 Mbps upload speed Please try to use it since it's for you:
http://faster.ngtech.co.il/repo/centos/7/beta/
http://faster.ngtech.co.il/repo/oracle/7/beta/
http://faster.ngtech.co.il/repo/sles/12sp1/beta/

All The Bests,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]



-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Eliezer Croitoru
Sent: Sunday, July 9, 2017 20:28
To: 'Amos Jeffries' <[hidden email]>; [hidden email]
Subject: [squid-users] Squid 4.0.21 beta RPM's are out.

Squid 4.0.21 beta RPM's are out for:
CentOS 7, Oracle Enterprise Linux 7, SLES 12SP1

http://ngtech.co.il/repo/centos/7/beta/
http://ngtech.co.il/repo/oracle/7/beta/
http://ngtech.co.il/repo/sles/12sp1/beta/

With hope that it will help to move faster from beta to stable.

All The Bests,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]



-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
Sent: Friday, July 7, 2017 15:36
To: [hidden email]
Subject: [squid-users] [squid-announce] Squid 4.0.21 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.21 release!


This release is a bug fix release resolving several issues found in the prior Squid releases.


The major changes to be aware of:

* Regression Bug 4492: Chunk extension parser is too pedantic

With this fix Squid is back to ignoring some unusual message whitespace padding that senders should not have been doing, but which are generally harmless to the protocol. It is a regression specific to the Squid-4 release series, not affecting any other installations.


* Bug 1961 partial: Redesign urlParse API

The core changes for redesign work is largely finished now. As a result this release should have much lower memory use on url_rewrite API lookups which choose not to rewrite the URL.


* Collapse security_file_certgen requests

This helper API now collapses identical parallel lookups into a single helper message to reduce load, latency and as a result reduce pressure on the system crypto services. It still has some issues, but should now cope a lot better with sudden load peaks as seen from Browsers starting up.


* SSL-Bump: tproxy does not spoof spliced connections

This release now performs TPROXY spoofing properly when SSL-Bump logic selects splice action. Prior SSL-Bump would behave as if NAT intercept was being used, by replacing the sender IP as Squid one.


* Add a basic apparmour profile

This release bundles a basic apparmour profile contributed by Ubuntu developers. As with init system scripts this profile is not installed by default, packagers wishing to use it should pull the file from the sources during packaging.


Several major bug fixes shared with the future Squid-3.5.27 release are also worth mentioning:

* Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions.

In Squid-3 this bug appeared as "fd_table[conn->fd].halfClosedReader != NULL" assertions.

Admin who have used the various config workarounds or patches to suppress those assertions will need to re-asses those temporary measures after upgrading to this release.


* Bug 2833: collapsed forwarding doesn't work with NOT MODIFIED response

The security fix for CVE-2016-10003 had a negative effect on collapsed forwarding. All "private" entries were considered automatically non-shareable among collapsed clients. However this is not true: there are many situations when collapsed forwarding should work despite of "private" (non-cacheable) entry status: 304/5xx responses are good examples of that.

This release adds a mechanism to mark some non-cached responses as being able to share with collapsed forwarding.

These changes also involved fixing incorrect delivery of 304 responses to a client when Squid was the agent performing revalidation instead of the client.


* Bug 4112: ssl_engine does not accept cryptodev

This directive has been broken for quite a long time, failing to recognize any of the default OpenSSL engines. This release restores support for the OpenSSL engines feature.


* Fix SMP query handoff to Coordinator.

Several issues related to SMP messages to the coordinator process have been fixed. Some of these are likely to have been resulting in hung connections for SNMP and mgr transactions. Others were resulting in garbage messages arriving at the coordinator.



  All users of Squid-4.x are encouraged to upgrade to this release as soon as possible.

  All users of Squid-3 are encouraged to test this release out and plan for upgrades where possible.


  See the ChangeLog for the full list of changes in this and earlier
  releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries
_______________________________________________
squid-announce mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-announce
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...