The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.10 release!

This release is a bug fix release resolving issues found in the prior
Squid releases.

The major changes to be aware of:

* Regression Bug 4326: base64 binary encoder rejects data beginning
  with nil byte

This regression since 3.3 introduced by hardening of the base-64 encoder
causes unnecessary CPU consumtion during Digest authenticatio on
big-endian systems. Thanks to Pavel Šimerda for identifying the problem
and providing the fix.

* Bug 4323: Netfilter broken cross-includes with Linux 4.2

Due to a problem with Netfilter (libc) header includes Squid and other
software using Netfilter will not build on Linux 4.2. The kernel
developers have provided a hack to allow software to build, but it
requires some changes on our part to make use of it. Those changes are
included in this Squid release.

* Bug 4303: "!callback" assertion.

This problem occurs when slow-group ACLs are used in ssl_bump and no
bumping action is selected (the default action is being performed).
Squid now makes smarter choice of default ssl_bump action to perform
when no explicit ACL match is provided.

Note: The bug number recorded in bzr, changelog and patch header is
wrong. The correct number is 4303.

* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char

Recent changes to this OpenSSL and LibreSSL library API behaviour mean
that Squids particular use of it could result in crashes, or incorrect
rejection of TLS/SSL connections.

* Memory management optimizations

This release includes removal of a custom allocator pool size for
StoreEntry objects. Knowledge of the actual benefits from that supposed
optimization have been lost in time, and it's not possible to accurately
measure its actual impact in all load scenarios; this change is
therefore considered a potential performance regression in some load

Initial testing of this change show an overall reduction in Squid memory
needs for general usage. So we belive this is a worthwhile change until
proven otherwise.

* Copyright Updates

As part of the Squid Software Foundation project to cleanup the Squid
copyright situation it was found that the basic_sspi_auth,
ntlm_smb_lm_auth, and ntlm_fake_auth helpers were GPL 2.0-only licensed.
This is not fully compatible with the GPLv2+ terms Squid bundles are
officially being distributed under, which is intended to allow
downstream GPLv3 or later relicensing.

The main authors and copyright holders of those helpers have graciously
agreed to relicense them as GPLv2+ for compatibility with the Squid
collective license.

The libltdl tools bundled with Squid has also undergone a relicense to
LGLv2.1+ in the version we import.

 All users of Squid are encouraged to upgrade to this release as soon as

 See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

or the mirrors. For a list of mirror sites see

If you encounter any issues with this release please file a bug report.

Amos Jeffries
squid-announce mailing list

Reply via email to