The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.25 release!

This release is a bug fix release resolving several issues found in the
prior Squid releases.

The major changes to be aware of:

* Bug 4508: Host forgery stalls intercepted being-spliced connections.

This bug shows up as SSL-Bumped connections being stuck in various TCP
open or half-open states and not closing until the TCP timeouts are reached.

Note, there are still other issues leading to the same behaviour and not
necessarily SSL-Bump related. This release works around the most common
issues affecting recent Squid-3 releases, but some remain and a better
long-term solution will be implemented later.

* Native FTP relay: NAT and TPROXY interception fixes

FTP Native relay is now able to cope with active-mode FTP DATA
connections when intercepting FTP traffic. Previously Squid would use
incorrect IP:port details which would not work with many clients.

* Bump SSL client on [more] errors encountered before ssl_bump evaluation

This bug shows up as error responses for issues encountered early in the
TLS/SSL handling being sent to clients unencrypted when Squid should
have bumped and delivered them encrypted.

 All users of Squid-3 with SSL-Bump functionallity are encouraged to
upgrade to this release as soon as possible.

 All other users of Squid-3 are encouraged to upgrade to this release as
time permits.

 See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

or the mirrors. For a list of mirror sites see

If you encounter any issues with this release please file a bug report.

Amos Jeffries

squid-announce mailing list

Reply via email to