The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-5.4 release!

This release is a bug fix release resolving several issues
found in the prior Squid-5 releases.

The major changes to be aware of:

 * Bug 5190: Preserve configured order of intermediate CA
   certificate chain

 Previous Squid-5 releases inverted the CA certificate chain order
 when delivering the server handshake. Breaking clients which are
 unable to reorder the chain. This release once again conforms with
 TLS specification requirements.

 * Bug 5187: Properly track (and mark) truncated store entries

 Squid used an error-prone approach to identifying truncated responses:
 The response is treated as whole unless somebody remembers to mark
 it as truncated. This dangerous default naturally resulted in bugs
 where truncated responses are treated as complete under various

 This change reverses that approach: Responses not explicitly marked as
 whole are treated as truncated. This change affects all Squid-server
 FwdState-dispatched communications: HTTP, FTP, Gopher, and WHOIS. It
 also affects responses received from the adaptation services.

 Transactions that failed due to origin server or peer timeout (a common
 source of truncation) are now logged with a _TIMEOUT %Ss suffix and
 ERR_READ_TIMEOUT/WITH_SRV %err_code/%err_detail.

 Transactions prematurely canceled by Squid during client-Squid
 communication (usually due to various timeouts) now have WITH_CLT
 default %err_detail. This detail helps distinguish otherwise
 similarly-logged problems that may happen when talking to the client or
 to the origin server/peer.

 * Bug 5134: assertion failed: "old == e"

 This bug appears when caching is enabled and a worker dies and
 is automatically restarted. The SMP cache management was missing
 some necessary cross-checks on hash collision before updating
 stored objects. The worker recovery logic detected the hash collision
 better and would abort with the given error.

 * Bug 5132: Close the tunnel if to-server conn closes after client

 This bug has been present since 5.0.4 and shows up as a growing number
 of open (aka "hung") TCP connections used by Squid regardless of client
 traffic levels.

 It can be expected to affect on all HTTPS traffic, and proxy using
 SSL-Bump features. With the problem being worse the more CONNECT
 tunnels are handled.

 * Bug 5188: Fix reconfiguration leaking tls-cert=... memory

 This bug was found investigating other issues. Installations which
 are reconfiguring often may have been seeing sub-optimal memory
 usage. It has otherwise a minimal impact.

  All users of Squid-5 are encouraged to upgrade as soon as

See the ChangeLog for the full list of changes in this and
earlier releases.

Please refer to the release notes at
when you are ready to make the switch to Squid-5

This new release can be downloaded from our HTTP or FTP servers

or the mirrors. For a list of mirror sites see

If you encounter any issues with this release please file a bug

Amos Jeffries
squid-announce mailing list

Reply via email to