The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.26 release!

This release is a bug fix release resolving several issues found in the
prior Squid releases.

The major changes to be aware of:

* Bug 4711: SubjectAlternativeNames is missing in some generated certificates

Previous releases of Squid were not able to generate valid mimic certificates from AltName server certificate field only. This leads to security error [missing_subjectAltName] in modern browsers (both Chrome/Firefox this time), and, net::ERR_CERT_COMMON_NAME_INVALID errors visible to users.

* Bug 4682: ignoring http_access deny when client-first bumping mode is used

This bug appears as Squid failing to identify some HTTP requests which are tunneled inside an already established client-first bumped tunnel, and this is results in ignoring http_access denied for these requests.

* Bug 4589: ssl_crtd: returning zero on failure

This bug has been affecting some init scripts that were depending on the tool return values to detect when it failed to initialize the certificate database. This does not resolve any initialization issues directly, merely allows init scripts to be made aware of them before Squid is started.

* Bug 3102 and 3772: FTP directory listings display issues

These bugs appears as line wrap and path truncation errors in FTP directory listings from some FTP servers.

* OpenSSL support better compliance with license requirements

The OpenSSL license requires that all binaries which are built to utilize the library API (that includes any library derived from OpenSSL) must publicly advertise that OpenSSL or derivative library in all documentation detailing features of that software.

This release of Squid will now include the required OpenSSL advertisement on builds -v output where features are displayed. This is primarily intended as a way to easily identify which library is being used by Squid at run-time when multiple libraries are present on a system.

Please note even with this update Squid is still not directly compatible with the OpenSSL terms of distribution. Distributors of OpenSSL enabled Squid are required to ensure they meet both GPL and OpenSSL licensing requirements.

 All users of Squid-3 with SSL-Bump functionality are encouraged to
upgrade to this release as soon as possible.

 All other users of Squid-3 are encouraged to upgrade to this release as
time permits.

 See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

or the mirrors. For a list of mirror sites see

If you encounter any issues with this release please file a bug report.

Amos Jeffries

squid-announce mailing list

Reply via email to