[squid-announce] Squid 3.5.26 is available

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

[squid-announce] Squid 3.5.26 is available

Amos Jeffries
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.26 release!

This release is a bug fix release resolving several issues found in the
prior Squid releases.

The major changes to be aware of:

* Bug 4711: SubjectAlternativeNames is missing in some generated

Previous releases of Squid were not able to generate valid mimic
certificates from AltName server certificate field only. This leads to
security error [missing_subjectAltName] in modern browsers (both
Chrome/Firefox this time), and, net::ERR_CERT_COMMON_NAME_INVALID errors
visible to users.

* Bug 4682: ignoring http_access deny when client-first bumping mode is used

This bug appears as Squid failing to identify some HTTP requests which
are tunneled inside an already established client-first bumped tunnel,
and this is results in ignoring http_access denied for these requests.

* Bug 4589: ssl_crtd: returning zero on failure

This bug has been affecting some init scripts that were depending on the
tool return values to detect when it failed to initialize the
certificate database. This does not resolve any initialization issues
directly,  merely allows init scripts to be made aware of them before
Squid is started.

* Bug 3102 and 3772: FTP directory listings display issues

These bugs appears as line wrap and path truncation errors in FTP
directory listings from some FTP servers.

* OpenSSL support better compliance with license requirements

The OpenSSL license requires that all binaries which are built to
utilize the library API (that includes any library derived from OpenSSL)
must publicly advertise that OpenSSL or derivative library in all
documentation detailing features of that software.

This release of Squid will now include the required OpenSSL
advertisement on builds -v output where features are displayed. This is
primarily intended as a way to easily identify which library is being
used by Squid at run-time when multiple libraries are present on a system.

Please note even with this update Squid is still not directly compatible
with the OpenSSL terms of distribution. Distributors of OpenSSL enabled
Squid are required to ensure they meet both GPL and OpenSSL licensing

  All users of Squid-3 with SSL-Bump functionality are encouraged to
upgrade to this release as soon as possible.

  All other users of Squid-3 are encouraged to upgrade to this release as
time permits.

  See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
   "squid -k parse" is starting to display even more
    useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers


or the mirrors. For a list of mirror sites see


If you encounter any issues with this release please file a bug report.

Amos Jeffries

squid-announce mailing list
[hidden email]