OK I'm fine All Squid-4.x up to and including 4.16 built without --disable-wccpv2 and configured with wccp2_router in squid.conf are vulnerable.
Thanks Amos for this link On Fri, 11 Feb 2022, 10:09 robert k Wild, <robertkw...@gmail.com> wrote: > ok so build my squid 4.17 with this option > > --disable-wccpv2 > > as i have no lines in my squid.conf referencing wccp > > is that what i should do, tbh i dont even know if i do or dont need wccp > > On Fri, 11 Feb 2022 at 02:27, Amos Jeffries <squ...@treenet.co.nz> wrote: > >> On 11/02/22 07:55, robert k Wild wrote: >> > Hi all, >> > >> > Is there any security vulnerabilities with squid 4.15, should I update >> > to 4.17 or is it OK to still use as my squid proxy server >> > >> > Sorry for silly question >> > >> >> Not silly. >> >> There is this one for WCCP: >> < >> https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 >> > >> >> However, be aware that the patch has been found to prevent all traffic >> from some routers. We are working on the fix for that. >> >> >> Amos >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > > > -- > Regards, > > Robert K Wild. >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users