This problem allows a remote attacker to consume all memory
available to the Squid process, causing it to crash.
In environments where per-process memory restrictions are not
enforced strictly, or configured to large values this may also
affect other processes operating on the same machine. Leading to
a much worse denial of service situation.
This problem is limited to Squid built with SNMP support and
receiving SNMP traffic.
* Bug 4893: Malformed %>ru URIs for CONNECT requests
This bug showed up as "://host:port" URLs being logged for some CONNECT
transactions in Squid-4.2 and 4.3. This release reverts Squid to the
previous log output.
* Fix %USER_CA_CERT_xx and %USER_CERT_xx
Previous Squid-4 would crash when these macros where used to pass values
to external ACL helpers. This issue is now fully resolved.
* Support compilation with minimal OpenSSL
Squid would not build successfully against an OpenSSL library
which had itself been built to omit deprecated features and API.
This Squid release should build in these minimized environments.
All users of Squid-4 are urged to upgrade as soon as possible.
All users of Squid-3 are encouraged to upgrade where possible.
See the ChangeLog for the full list of changes in this and earlier